Monitoring Reactive Systems with Dynamic Channels

Abstract

Given the increasingly sensitive data that web applications deal with, a lot of attention has been put into their security. Dynamic methods for ensuring confidentiality of secret data, such as monitors, are usually preferred due to their permissiveness and ability to adapt to dynamic features of web languages. One dynamic approach to confidentiality is through secure multi-execution, a technique which transforms programs into secure ones. A recent refinement of this technique led to a monitor for reactive systems such as web applications which is precise, in the sense that it raises an alarm exactly when a security condition is violated, and transparent, in the sense that the semantics of secure programs is preserved. A limitation of this and other approaches based on secure multi-execution is that there is a fixed set of channels with a fixed security level. However, most web applications create channels dynamically, even by doing something as trivial as adding a button to a page. Moreover, the security level of such new channel would be chosen dynamically. In this work, we overcome the limitation of assuming a fixed set of channels and introduce a model of reactive systems with dynamic channels and present a precise and transparent monitor for it.