Presentation is loading. Please wait.

Presentation is loading. Please wait.

Using Replicated Execution for a More Secure and Reliable Browser Authors: Hui Xue, Nathan Dautenhahn, Samuel T. King University of Illinois at Urbana.

Similar presentations


Presentation on theme: "Using Replicated Execution for a More Secure and Reliable Browser Authors: Hui Xue, Nathan Dautenhahn, Samuel T. King University of Illinois at Urbana."— Presentation transcript:

1 Using Replicated Execution for a More Secure and Reliable Browser Authors: Hui Xue, Nathan Dautenhahn, Samuel T. King University of Illinois at Urbana Champaign Source: NDSS '12 Reporter: MinHao WU https://netfiles.uiuc.edu/huixue2/www/cocktail.pptx

2 Outline Example Introduction Design Implementation Evaluation Conclusion 2

3 Browsers Are Not Safe Browsers are plagued with vulnerabilities ◦ Internet Explorer: 59 new vulnerabilities in 2010 ◦ Firefox: 100 new vulnerabilities in 2010 ◦ Safari: 119 new vulnerabilities in 2010 ◦ Chrome: 191 new vulnerabilities in

4 Firefox Browser Exploit Example Firefox 3.0.x malicious popup by CVE

5 Opera: Exploit Fails Opera shows no popup 5

6 Reason: Browser Specific Vulnerabilities Different browsers different code bases The same bug often only in one browser 6

7 Cocktail: Mixing Browsers For Better Security 7

8 How Cocktail Works: Example 8 click HTTP GET Proxy HTTP GET a.com/i mg.png “a.com” server “a.com” server request img.png a.com/i mg.png ✓ ✓

9 How Cocktail Works: Example 9 click HTTP GET a.com/i mg.png “a.com” server “a.com” server request img.png a.com/i mg.png response img.png Qt DISPLAY Proxy ✓ ✓

10 Withstanding False Positive/Attack 10 click Proxy “a.com” server “a.com” server HTTP GET ✓ ✓ a.com/i mg.png HTTP GET a.com/questi on.png request img.png response img.png Qt DISPLAY

11 Observation : Opportunistic N-Version Programming 11 DOM Same specification “roughly” followed Different code base +

12 How to Compare Different Browsers? States to compare: display + network ◦ Display: vision based page layout abstraction Interaction with server Client side non-determinism 12

13 Challenge: Interaction with Server Pages from server can be different 13 “a.com” server “a.com” server A A B B C C

14 Solution Avoid major changes to browser ◦ Browsers self-update is easy ◦ Open source is not required Solution: proxy replication ◦ Replicate incoming network data with proxy  HTTPS handling: Man-in-the-middle 14

15 Solution: Proxy Replication One browser as seen by server 15 a.com server a.com server Page A Proxy Page A

16 Challenge: Client Side Non-determinism Same page content, different execution result 16 … randomId = Math.random(); url = “doubleclick.com?ad=” + randomId; … … randomId = Math.random(); url = “doubleclick.com?ad=” + randomId; …

17 Client Non-determinism Summary Script related randomness Browser specific behaviors ◦ E.g., Opera community 17 Random NumberMath.random() Date and Timenew Date() Browser Specific Valuewindow.opera; navigator.appName Browser Locale“EN” VS “en-US”………. …...

18 Solution Extension modifies script execution ◦ Overwrites Math, Date, window.opera Browser configuration change ◦ Disable Opera community ◦ Adjust browser locale 18 Firefox Cocktail Extension Cocktail Extension Opera Cocktail Extension Cocktail Extension Chrome Cocktail Extension Cocktail Extension

19 False Positive Browsers treat malformed URL differently 19

';
Ads by Google