Hybrid Information Flow Monitoring against Web Tracking

Author

Besson, Frederic ; Bielova, Nataliia ; Jensen, T.

Author_Institution

Inria, Rennes, France

fYear

2013

fDate

26-28 June 2013

Firstpage

240

Lastpage

254

Abstract

Motivated by the problem of stateless web tracking (fingerprinting), we propose a novel approach to hybrid information flow monitoring by tracking the knowledge about secret variables using logical formulae. This knowledge representation helps to compare and improve precision of hybrid information flow monitors. We define a generic hybrid monitor parametrised by a static analysis and derive sufficient conditions on the static analysis for soundness and relative precision of hybrid monitors. We instantiate the generic monitor with a combined static constant and dependency analysis. Several other hybrid monitors including those based on well-known hybrid techniques for information flow control are formalised as instances of our generic hybrid monitor. These monitors are organised into a hierarchy that establishes their relative precision. The whole framework is accompanied by a formalisation of the theory in the Coq proof assistant.

Keywords

Web sites; knowledge representation; security of data; Coq proof assistant; dependency analysis; fingerprinting; hybrid information flow monitoring; hybrid monitor; information flow control; knowledge representation; logical formulae; secret variables; stateless Web tracking; static constant analysis; Approximation methods; Browsers; Context; Monitoring; Reactive power; Security; Semantics; hybrid information flow monitoring; quantitative information flow; web tracking;

fLanguage

English

Publisher

ieee

Conference_Titel

Computer Security Foundations Symposium (CSF), 2013 IEEE 26th

Conference_Location

New Orleans, LA

Type

conf

DOI

10.1109/CSF.2013.23

Filename

6595832