1. 1

Trimmed abstract: “This dissertation presents a novel approach to protecting sensitive data even when application code is buggy or malicious. The key ideas… are to separate the security and privacy concerns of an application from its functionality, and to use language-level information flow control (IFC) to enforce policies throughout the application codebase. The main challenge… is at once to design practical systems that can be easily adopted by average developers, and simultaneously to leverage formal semantics that rule out large classes of design error. To address this challenge, this dissertation presents two systems—Hails and COWL—which respectively address the security issues web applications face on the server and in the browser.

Hails is a server-side web framework that separates the security and privacy concerns of an application from it functionality by following a new paradigm called model–policy–view–controller (MPVC). In the MPVC model, developers specify security policies in a single place, using a declarative policy specification language. Hails then enforces these policies across all application components using language-level IFC. This alleviates the need for application logic code to be intertwined with security checks and ensures that policies are enforced in a mandatory fashion, even across third-party code. Hails has been used by developers with a wide-range of expertise, from a novice high school student to expert web developers to build secure web sites with very small trusted computing bases. Some of these web applications were deployed production.

COWL is a JavaScript confinement system that extends the browser security model with IFC, while retaining backwards compatibility with the existing Web. Much like Hails, COWL allows developers to associate policy with sensitive data, such as passwords. Within the confines of the browser, COWL then enforces these policies with IFC, prohibiting code from arbitrarily leaking data. This system has been implemented in both Firefox and Chromium, and is currently being standardized at the W3C as a new web specification.

…using information flow control required new developments in language-level security foundations. This dissertation describes some of the main results which were key to Hails and COWL, including: DC Labels, a simple yet expressive label model based on propositional logic; LIO, a dynamic, language-level IFC system implemented in Haskell; and, IFC-Inside, a generalization of LIO system to arbitrary languages…”