iflowsigs.js Inlining Information Flow Control into JavaScript Code

Introduction Inlining Compiler Case Study

Introduction

iflowsigs.js is a JavaScript library designed to inline an information flow monitor into JavaScript code.

Techical details can be found in the paper An Information Flow Monitor Inlining Compiler For Securing a Core of JavaScript.

Contact information

If you have questions, comments or find a bug, please contact José Fragoso Santos.

Please find the source code here.

Inlining Compiler

Load example:   Category:   File:  
Load IFlow Signature:   File:  
Processing Options

 

Input script/Information Flow Signature:
Compiled Program:
Running Options


Contact Manager

Here we present the code for a simple Contact Manager application.

Value 3
Variable - 1 var x, y; upg_var(x, '3'); upg_var(y, '2'); x = y;
Variable - 2 var x, y; y = 3; upg_var(y, '2'); if (y) { x = 2; }
Property Assignment - 1 var x, y, z; y = 3; upg_var(y, '2'); z = {}; z.p = null; upg_prop_val(z, 'p', '2'); if (y) { z.p = 2; }
Property Assignment - 2 var x, y, z; y = 3; upg_var(y, '2'); z = {}; z.p = null; if (y) { z.p = 2; }
Property Assignment - 3 var o, h; o = {}; h = 3; upg_var(h, '2'); if(h) { o.p = 2; }
Property Assignment - 4 var o, h; o = {}; h = 3; upg_var(h, '2'); upg_struct(o, '2'); if(h) { o.p = 2; }
hasOwnProperty - 1 var o, f, h; o = {}; upg_struct(o, '2'); f = function () { return false; }; o.hasOwnProperty = f; h = 1; upg_var(h, '2'); if (h) { o.p = 1; }
hasOwnProperty - 2 var o, f, h; o = {}; f = function () { return false; }; o.hasOwnProperty = f; h = 1; upg_var(h, '2'); if (h) { o.p = 1; }
Function - 1 var makePerson, p1, low; makePerson = function (id, name, age) { var new_p; new_p = {}; new_p.id = id; new_p.name = name; new_p.age = age; upg_prop_val(new_p, 'id', '2'); return new_p; }; p1 = makePerson(1, 'Rachel', 22); low = p1.id;
Function - 2 var makePerson, p1, high, low, high; makePerson = function (id, name, age) { var new_p; new_p = {}; new_p.id = id; new_p.name = name; new_p.age = age; upg_prop_val(new_p, 'id', '2'); return new_p; }; p1 = makePerson(1, 'Raquel', 22); high = p1.id; if (high) { low = high + 4; }
Function - 3 var makePerson, person_proto, low, high, p1; person_proto = {}; person_proto.secret = 'secret'; upg_prop_val(person_proto, 'secret', '2'); makePerson = function (id, name, age) { var new_p; new_p = {}; new_p.id = id; new_p.name = name; new_p.age = age; new_p.__proto__ = person_proto; upg_prop_val(new_p, 'id', '2'); return new_p; }; p1 = makePerson(1, 'Raquel', 22); high = p1.secret; if (high) { low = high + ' other secret'; }
Function - 4 var makePerson, person_proto, new_person, high; person_proto = {}; person_proto.sayYourId = function () { return this.id; }; makePerson = function (name, id) { var new_p; new_p = {}; new_p.name = name; new_p.id = id; new_p.__proto__ = person_proto; upg_prop_val(new_p, 'id', '2'); return new_p; }; new_person = makePerson('raquel', 1); high = new_person.sayYourId();
Function - 5 var makePerson, person_proto, new_person, high, low; person_proto = {}; person_proto.sayYourId = function () { return this.id; }; makePerson = function (name, id) { var new_p; new_p = {}; new_p.name = name; new_p.id = id; new_p.__proto__ = person_proto; upg_prop_val(new_p, 'id', '2'); return new_p; }; new_person = makePerson('raquel', 1); high = new_person.sayYourId(); if (high) { low = high * 2; }
alert - 1 var n, o; n = 10; o = {}; while(n) { o[n] = n; n = n - 1; alert(n); }
alert - 2 var x, y, h, z1, z2; h = 0; upg_var(h, '2'); x = {}; x.f = 0; y = x; y.f = h; z1 = y.f; alert(z1);
confirm - 1 var h; h = confirm("confirm?"); alert(h);
confirm - 2 var o1, o2, public1, public2, secret, f; o1 = {}; o2 = {}; secret = confirm('Do you have a secret?'); f = function () { return 'p'; }; o1.toString = f; o2.p = secret; public1 = o2[o1.toString()]; alert(public1);
append - 1 var div1, div2, div3, h, l; h = 1; upg_var(h, '2'); div1 = document.createElement('div'); div2 = document.createElement('div'); div3 = document.createElement('div'); div1.appendChild(div2); if (h) { div3.appendChild(div2); } l = div1.childNodes.length;
append - 2 var div1, div2, div3, h, l; h = 1; upg_var(h, '2'); div1 = document.createElement('div'); div2 = document.createElement('div'); div3 = document.createElement('div'); div1.appendChild(div2); div1.dom_upg_struct('2'); div3.dom_upg_struct('2'); div2.dom_upg_pos('2'); if (h) { div3.appendChild(div2); } l = div1.childNodes.length;
append - 3 var div1, div2, div3, h, l; h = 1; upg_var(h, '2'); div1 = document.createElement('div'); div2 = document.createElement('div'); div3 = document.createElement('div'); div1.appendChild(div2); div1.dom_upg_struct('2'); div3.dom_upg_struct('2'); div2.dom_upg_pos('2'); if (h) { div3.appendChild(div2); } l = div1.childNodes.length; alert(l);
append - 4 var div1, div2, div3, h, l; h = 1; upg_var(h, '2'); div1 = document.createElement("div"); div2 = document.createElement("div"); div3 = document.createElement("div"); div3.appendChild(div2); if (h) { div1.appendChild(div2); } div1.appendChild(div3); l = div1.childNodes[0];
remove - 1 var div1, div2, div3, h, l; h = 1; upg_var(h, '2'); div1 = document.createElement("div"); div2 = document.createElement("div"); div1.appendChild(div2); if (h) { div1.removeChild(div2); } l = div1.childNodes[0];
remove - 2 var div1, div2, h, l; h = confirm("Do you want to execute the if-then branch?"); div1 = document.createElement("DIV"); div2 = document.createElement("DIV"); div1.appendChild(div2); if (h) { div1.removeChild(div2); } l = div1.childNodes.length; alert(l);
remove - 3 var div1, div2, h, l; h = confirm('Do you want to execute the if-then branch?'); div1 = document.createElement('DIV'); div2 = document.createElement('DIV'); div1.appendChild(div2); div1.dom_upg_struct('5'); div2.dom_upg_pos('5'); if (h) { div1.removeChild(div2); } l = div1.childNodes.length;
remove - 4 var div1, div2, div3, h, l; h = confirm('Do you want to execute the if-then branch?'); div1 = document.createElement('DIV'); div2 = document.createElement('DIV'); div3 = document.createElement('DIV'); div3.appendChild(div2); div1.dom_upg_struct('5'); div3.dom_upg_struct('5'); div2.dom_upg_pos('5'); if (h) { div1.appendChild(div2); } div1.appendChild(div3); l = div1.childNodes[0];
remove - 5 var div1, div2, div3, h, l; h = confirm('Do you want to execute the if-then branch?'); div1 = document.createElement('DIV'); div2 = document.createElement('DIV'); div3 = document.createElement('DIV'); div3.appendChild(div2); div1.dom_upg_struct('5'); div3.dom_upg_struct('5'); div2.dom_upg_pos('5'); div3.dom_upg_pos('5'); if (h) { div1.appendChild(div2); } div1.appendChild(div3); l = div1.childNodes[0];
live collections - 1 var div1, div2, div3, divs, h, l; h = 1; upg_var(h, '2'); div1 = document.createElement("DIV"); div2 = document.createElement("DIV"); div3 = document.createElement("DIV"); div2.appendChild(div3); document.body.appendChild(div1); document.body.appendChild(div2); divs = document.getElementsByTagName("DIV"); if (h) { div2.appendChild(div1); } l = divs[0];
live collections - 2 var div0, div1, div2, div3, div4, divs, h, l; h = 1; upg_var(h, '2'); div0 = document.createElement("DIV"); div1 = document.createElement("DIV"); div2 = document.createElement("DIV"); div3 = document.createElement("DIV"); div4 = document.createElement("DIV"); div0.appendChild(div1); div0.appendChild(div2); div0.appendChild(div3); divs = div0.getElementsByTagName("DIV"); document.dom_upg_tag('DIV', 2); div1.dom_upg_struct('2'); div4.dom_upg_pos('2'); if (h) { div1.appendChild(div4); } l = divs[2];
live collections - 3 var div0, div1, divs, h, l; h = confirm('Do you want to execute the if-then branch?'); div0 = document.createElement('DIV'); div0.dom_upg_struct('5'); document.dom_upg_tag('DIV', 5); upg_var(div1, '5'); if (h) { div1 = document.createElement('DIV'); div0.appendChild(div1); } divs = div0.getElementsByTagName('DIV'); l = divs.length;
live collections - 4 var div0, div1, divs, h, l; h = confirm('Do you want to execute the if-then branch?'); div0 = document.createElement('DIV'); div0.dom_upg_struct('5'); upg_var(div1, '5'); if (h) { div1 = document.createElement('DIV'); div0.appendChild(div1); } divs = div0.getElementsByTagName('DIV'); l = divs.length;
live collections - 5 var div0, div1, divs, h, l; h = confirm('Do you want to execute the if-then branch?'); div0 = document.createElement('DIV'); div0.dom_upg_struct('5'); document.dom_upg_tag('DIV', 5); upg_var(div1, '5'); if (h) { div1 = document.createElement('DIV'); div0.appendChild(div1); } divs = div0.getElementsByTagName('DIV'); l = divs[0];
live collections - 6 var div0, div1, div2, div3, divs, h, l; h = confirm('Do you want to execute the if-then branch?'); div0 = document.createElement('DIV'); div1 = document.createElement('DIV'); div2 = document.createElement('DIV'); div0.appendChild(div1); div0.appendChild(div2); document.dom_upg_tag('DIV', '5'); div1.dom_upg_struct('5'); upg_var(div3, '5'); div2.dom_upg_pos('5'); if (h) { div3 = document.createElement('DIV'); div1.appendChild(div3); } divs = div0.getElementsByTagName('DIV'); l = divs[1];
Illegal Coercion - 1 var o1, o2, public1, public2, secret, tmp; o1 = {}; o2 = {}; secret = confirm('Do you have a secret?'); tmp = function () { return 'p'; }; o1.toString = tmp; o2.p = secret; public1 = o2[o1]; if (public1) { public2 = 3; }
Explicit Coercion - 1 var o1, o2, public1, public2, secret, f; o1 = {}; o2 = {}; secret = confirm('Do you have a secret?'); f = function () { return 'p'; }; o1.toString = f; o2.p = secret; public1 = o2[o1.toString()]; upg_var(public2, '5'); if (public1) { public2 = 3; }
Native Functions - 1 var o, f, h; o = {}; o.p = 0; upg_struct(o, '2'); f = function () { return false; }; o.hasOwnProperty = f; h = 1; upg_var(h, '2'); if (h) { o.p = 1; }
Native Functions - 2 var o, f, h; o = {}; upg_struct(o, '2'); f = function () { return false; }; o.hasOwnProperty = f; h = 1; upg_var(h, '2'); if (h) { o.p = 1; }
asdf