Open Source

Firefox Fork with Dynamic Taint Tracking for JavaScript

Dynamic Taint Tracking is one of the premier techniques used for detecting security and privacy issues. As we, as a group, have a heavy focus on the web, a taint tracking enabled browser is fundamental for a lot of our work.

Martin Johns supervised Project Foxhound's original development while at SAP Security Research, where it is maintained by Thomas Barber in collaboration with us.

GitHub Repository: If you are using Project Foxhound in your research: Cite Us!

Associated Publications:

• Talking About My Generation: Targeted DOM-based XSS Exploit Generation using Dynamic Data Flow Analysis (EuroSec '21) [BIB]
• Hand Sanitizers in the Wild: A Large-scale Study of Custom JavaScript Sanitizer Functions (EuroS&P '22) [BIB]
• Accept All Exploits: Exploring the Security Impact of Cookie Banners (ACSAC '22) [BIB]
• Dancer in the Dark: Synthesizing and Evaluating Polyglots for Blind Cross-Site Scripting (Usenix Security '24) [BIB]
• FP-tracer: Fine-grained Browser Fingerprinting Detection via Taint-tracking and Multi-level Entropy-based Thresholds (PETS '24) [BIB]

As well as several non IAS publications, e.g.:

• The Great Request Robbery: An Empirical Study of Client-side Request Hijacking Vulnerabilities on the Web (S&P '24)

• To Auth or Not To Auth? A Comparative Analysis of the Pre- and Post-Login Security Landscape (S&P '24)

• Information flow control for comparative privacy analyses (International Journal of Information Security '24)

• Load-and-Act: Increasing Page Coverage of Web Applications (ISC '23)

If you are using Foxhound and want your work listed here, please get in touch.

Dynamic Taint Tracking for Java

Preventing security vulnerability and privacy violations is both highly complex and of utmost importance. Dynamic Taint Tracking can transparently detect and prevent both security vulnerabilities, such as cross-site scripting or SQL injection attacks as well as privacy violations, e.g., data usage in violation of the GDPR. To evaluate novel protection ideas for applications built on the JVM, we developed Fontus, a Taint Tracking engine for Java.

Fontus was initially developed by David Klein in collaboration with SAP Security Research, where it is currently maintained by David and Thomas Barber from SAP.

GitHub Repository: If you are using Fontus in your research: Cite us!

Associated Publications:

• General Data Protection Runtime: Enforcing Transparent GDPR Compliance for Existing Applications (CCS '23) [BIB]