Title: Do Implicit Information Flows Matter? An Empirical Study


Abstract: 
Information flow analysis is widely used to enforce security policies 
that prevent sensitive data from flowing into untrusted sinks. For 
languages that are difficult to analyze statically, such as JavaScript, 
dynamic information flow analysis is popular. Unfortunately, 
dynamically analyzing implicit information flows, in particular those 
caused by not executing a particular branch, is non-trivial. Recent 
research has started to address this problem but requires additional 
work to become practical. This presentation addresses the question how 
common implicit flows are in real-world JavaScript programs, and 
whether analyzing implicit flows is worthwhile. We present an 
empirical study involving 28,614 lines of JavaScript code and over 
20,000 executions with different information flow policies. The study 
shows that implicit information flows, both caused by executing and by 
not executing a particular branch, are common. In particular, we find 
that an analysis that monitors only a subset of all kinds of 
information flows misses various violations of the checked security 
policy. Our results shed light on the nature of information flows in 
real-world software and provides empirical evidence that addressing 
the problem of analyzing implicit flows is a relevant problem.