Closed Bug 1067842 Opened 10 years ago Closed 7 years ago

Taint analysis for FirefoxOS

Categories

(Firefox OS Graveyard :: General, defect)

x86
macOS
defect
Not set
normal

Tracking

(Not tracked)

RESOLVED WONTFIX

People

(Reporter: xju-hashimoto, Unassigned)

Details

Attachments

(1 file)

I'd like to propose taint analysis for FirefoxOS (and other spidermonkey based apps). The main use case is app review by market reviewer (or developers themselves) to check whether an app complies with associated privacy policy.
Could you be more specific with your proposal? What exactly should be analyzed and how? Do you have ready-made tools in mind? How do you relate taint analysis and privacy? Perhaps we're not talking about the same thing when we say "taint analysis". I can think of many more uses than tracking the flow of sensitive data within an app. AFAICS, taint analysis is a hard problem that is not well-solved for asynchronous code interacting with a massive, multilingual code base like Gaia and Gecko. Perhaps it will be sufficient to restric to well-understood corner cases? (Which ones?) The next obvious questions relate to potential next steps: Where should this be implemented? WebIDE would normally be my primary choice, but client-side solutions are probably not feasible when you consider that you need to include most of the Gaia and Gecko code base in the analysis. And who would have the background and resources for implementation?
Hi, Thank you for having interest in this topic. In our country for instance, developer is encouraged to publish a privacy policy if app need private information. In the policy, the purpose and the server name to send the information have to be describe. However it's difficult to check whether the description is correct; developer may forgot update the policy. I'd like to track data that is generated by a WebAPI, operated in gaia and sent out by XHR or other method. It well be hard if we try tracking data that enters back to gecko but its our scope currently. I will post our patch and hope it be base of discussion/implementation. That modifies spidermonkey; each jsvalue has taint flags and the flag is propagated by basic operations(plus, minus, etc.) FxOS enables this tacking by inserting a script which replace WebAPI with one that puts taint flag on data generated by original WebAPI.
Attached patch 20140708.patchSplinter Review
チェンジセット: 161778:cd3e9359fd64 タグ: tip 親: 161775:2082d32e58f7 親: 161777:9bfd0ab40e7e ユーザ: Wes Kocher <wkocher@mozilla.com> 日付: Tue Dec 24 15:18:28 2013 -0800 要約: Merge f-team to m-c
Oh, dynamic taint analysis is of course a different story. This looks very interesting and I will get this to the right people. I have heard about work at Mozilla going in a similar direction. Generally I can already say that the Spidermonkey team is extremely sensitive to adding overhead to the engine, so taint analysis may not become a standard feature in the near future. I hope these things will clear up in the course of this discussion. Thanks a lot for the patch!
Firefox OS is not being worked on
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: