JSFlow

JSFlow is a security-enhanced JavaScript interpreter for fine-grained tracking of information flow. JSFLow

You can download the source of JSFlow and run it using node.js. In addition, we invite you to try the console, or tackle the challenge.

Download JSFlow v1.1

Publications

JSFlow rests on a solid theroetical foundation of dynamic information flow for JavaScript.

Value Sensitivity and Observable Abstract Values for Information Flow Control.
Luciano Bello, Daniel Hedin, and Andrei Sabelfeld
In Proceedings of the International Conferences on Logic for Programming, Artificial Intelligence and Reasoning (LPAR) Suva, Fiji, November 2015.

Value-sensitive Hybrid Information Flow Control for a JavaScript-like Language.
Daniel Hedin, Luciano Bello, and Andrei Sabelfeld
In Proceedings of the IEEE Computer Security Foundations Symposium (CSF) Verona, Italy, July 2015.

JSFlow: Tracking Information Flow in JavaScript and its APIs.
Daniel Hedin, Arnar Birgisson, Luciano Bello, and Andrei Sabelfeld
In Proceedings of the ACM Symposium on Applied Computing (SAC), Gyeongju, Korea, March 2014

Architectures for Inlining Security Monitors in Web Application.
Jonas Magazinius, Daniel Hedin, and Andrei Sabelfeld
In Proceedings of the International Symposium on Engineering Secure Software and Systems (ESSoS), Munich, Germany, February 2014.

Information-flow security for a core of JavaScript.
Daniel Hedin, and Andrei Sabelfeld
In Proceedings of the IEEE Computer Security Foundations Symposium, Harvard University, Cambridge MA, June 25-27, 2012. IEEE Computer Society Press.

Boosting the Permissiveness of Dynamic Information-Flow Tracking by Testing.
Arnar Birgisson, Daniel Hedin, and Andrei Sabelfeld
In Proceedings of the European Symposium on Research in Computer Security (ESORICS), Pisa, Italy, September 2012, LNCS, Springer-Verlag.


Contributors

JSFlow is developed by Andrei Sabelfeld's research group at the Department of Computer Science and Engineering, Chalmers University of Technology, Gothenburg, Sweden and Daniel Hedin, Mälardalen University, Västerås, Sweden.

Past contributors

Acknowledgments

This work was funded by the European Community under the ProSecuToR and WebSand projects and the Swedish research agencies SSF and VR.