Angel Luis Scull Pupo, Jens Nicolay, Kyriakos Efthymiadis, Ann Nowe, Coen De Roover, Elisa Gonzalez Boix
Developing JavaScript and web applications with confidentiality and integrity guarantees is challenging. Information flow control enables the enforcement of such guarantees. However, the integration of this technique into software tools used by developers in their workflow is missing. In this paper we present GuardiaML, a machine learning-assisted dynamic information flow control tool for JavaScript web applications. GuardiaML enables developers to detect unwanted information flow from sensitive sources to public sinks. It can handle the DOM and interaction with internal and external libraries and services. Because the specification of sources and sinks can be tedious, GuardiaML assists in this process by suggesting the tagging of sources and sinks via a machine learning component.
Scull Pupo, AL, Nicolay, J, Efthymiadis, K, Nowe, A, De Roover, C & Gonzalez Boix, E 2019, GuardiaML: Machine Learning-Assisted Dynamic Information Flow Control. in E Shihab, D Lo & X Wang (eds), Proceedings of the 26th International Conference on Software Analysis, Evolution, and Reengineering (SANER 2019)., 8667979, SANER 2019 - Proceedings of the 2019 IEEE 26th International Conference on Software Analysis, Evolution, and Reengineering, IEEE, pp. 624-628, 26th IEEE International Conference on Software Analysis, Evolution, and Reengineering (SANER 2019), Hangzhou, China, 24/02/19. https://doi.org/10.1109/SANER.2019.8667979
Scull Pupo, A. L., Nicolay, J., Efthymiadis, K., Nowe, A., De Roover, C., & Gonzalez Boix, E. (2019). GuardiaML: Machine Learning-Assisted Dynamic Information Flow Control. In E. Shihab, D. Lo, & X. Wang (Eds.), Proceedings of the 26th International Conference on Software Analysis, Evolution, and Reengineering (SANER 2019) (pp. 624-628). Article 8667979 (SANER 2019 - Proceedings of the 2019 IEEE 26th International Conference on Software Analysis, Evolution, and Reengineering). IEEE. https://doi.org/10.1109/SANER.2019.8667979
@inproceedings{631a22d0d42d41eb8afbba0e59334c82,
title = "GuardiaML: Machine Learning-Assisted Dynamic Information Flow Control",
abstract = "Developing JavaScript and web applications with confidentiality and integrity guarantees is challenging. Information flow control enables the enforcement of such guarantees. However, the integration of this technique into software tools used by developers in their workflow is missing. In this paper we present GuardiaML, a machine learning-assisted dynamic information flow control tool for JavaScript web applications. GuardiaML enables developers to detect unwanted information flow from sensitive sources to public sinks. It can handle the DOM and interaction with internal and external libraries and services. Because the specification of sources and sinks can be tedious, GuardiaML assists in this process by suggesting the tagging of sources and sinks via a machine learning component. ",
keywords = "Information Flow Control, JavaScript Security, Machine Learning, Programming Languages",
author = "{Scull Pupo}, {Angel Luis} and Jens Nicolay and Kyriakos Efthymiadis and Ann Nowe and {De Roover}, Coen and {Gonzalez Boix}, Elisa",
year = "2019",
month = mar,
day = "15",
doi = "10.1109/SANER.2019.8667979",
language = "English",
isbn = "978-1-7281-0591-8",
series = "SANER 2019 - Proceedings of the 2019 IEEE 26th International Conference on Software Analysis, Evolution, and Reengineering",
publisher = "IEEE",
pages = "624--628",
editor = "Emad Shihab and David Lo and Xinyu Wang",
booktitle = "Proceedings of the 26th International Conference on Software Analysis, Evolution, and Reengineering (SANER 2019)",
note = "26th IEEE International Conference on Software Analysis, Evolution, and Reengineering (SANER 2019), SANER ; Conference date: 24-02-2019 Through 27-02-2019",
url = "https://saner2019.github.io",
}