Author:

Abstract:

Modern web browsers handle content from a variety of origins, and not all these origins can be equally trusted. Such content can be a mix of both markup and executable scripts. These scripts can heavily interact with their environment by for example communicating with remote servers or by accessing application and privacy-sensitive user information. An important consequence of such a powerful browser environment is the fact that users' privacy is at stake. We will give a demo of FlowFox, a fully functional web browser that implements a precise and general information flow control mechanism for web scripts. We will show how FlowFox can protect against privacy-violating information leaks in real-life malicious JavaScript programs by controlling the flow of sensitive information within web scripts.