Secure behavior of Web browsers to prevent information leakages

Abstract

Recently Web browsers are widely used as client-side application platforms beyond the traditional use of Web browsers. One of main reasons for such evolution of the browsers is the client-side JavaScript language that can execute programs embedded in a document. However, Web applications with client-side JavaScript programs have problems of leaking private information (such as cookie information) due to interactions between the browser and scripts embedded in the document. We propose a new calculus representing browser behavior that prevents information from leakage by means of language-based information flow. The proposed calculus can deal with script rewriting and higher-order functions. In addition, our calculus has a noninterference property depending on a security policy statically given by the user. © 2007 IEEE.