Can we block script, background image?"> Can we block script, background image?">

Presentation is loading. Please wait.

Presentation is loading. Please wait.

Protecting Browser State from Web Privacy Attacks Collin Jackson, Andrew Bortz, Dan Boneh, John Mitchell Stanford University.

Published byRebecca Douglas Modified over 10 years ago

Similar presentations

Presentation on theme: "Protecting Browser State from Web Privacy Attacks Collin Jackson, Andrew Bortz, Dan Boneh, John Mitchell Stanford University."— Presentation transcript:

1 Protecting Browser State from Web Privacy Attacks Collin Jackson, Andrew Bortz, Dan Boneh, John Mitchell Stanford University

2 Context-aware Phishing Bank of America customers see: Wells Fargo customers see: Works in all major browsers Design issue, not a just bug

3 Example Attacks Query visited links: a#visited { background: url(track.php?example.com); } Hi Time browser cache: start = new Date(); <img src="http://example.com/logo.gif" onload="end = new Date(); if (end.getTime() – start.getTime() < 5) { // image was in cache }"> Can we block script, background image?

4 Chameleon Pages No JavaScript required No server involvement Even works in Outlook 2002

5 Perspectives Phisher: Where do you bank? China: Have you been to subversive sites? Amazon: Can I show contexual ads? Phished site: Can I check history against phishing blacklist? PayPal: Can I use history as 2 nd factor? Sensitive website: Can I protect visitors? Browser vendor: Can I protect users at every site?

6 Only the site that stores some information in the browser may later read or modify that information. Site: protocol + port + host Too restrictive to use in practice Web relies on site interconnections Same Origin Principle (strict)

7 Same Origin Policy (relaxed) Only the site that stores some information in the browser may later read or modify that information, unless it is shared. What is sharing? No strict definition Relies on expectations of developer/user

8 Sharing Browser State Pass information in query parameters Modify document.domain User permission (IEs trusted zones, Mozillas UniversalBrowserRead) Stylesheets Scripts Image size JSONRequest (not XMLHttpRequest) <!-- google_ad_client = "pub-2966125433144242"; google_ad_width = 110; google_ad_height = 32; google_ad_format = "110x32_as_rimg"; google_cpa_choice = "CAAQ_-KZzgEaCHfyBUS9wT0_KOP143Q"; //--> <script type="text/javascript" src= "http://pagead2.googlesyndication.com/pagead/show_ads.js">

9 Inappropriate State Sharing Common developer/user expectation: browser history is secret Options? –Change expectations –Change browser Visited links 93 94 95 96 97 Cookies JavaScript Cache CSS

10 SafeCache Browser extension for Firefox Intercept requests to browser cache If no referrer, allow request If URL has referrer: –Store referrer host with cache entry –Cache hit only on referrer host match

11 SafeHistory Intercept requests to browser history database For each history entry, record referrers Color visited link if: –Its a same-site link, or –Cross-site link was visited from this site

12 Site of embedded image can build history of visitors activities where image appears. IP address is no longer sufficient for tracking Solution: Block access to sites own cookies if the domain of the embedding page does not match Site accesses own state – not same origin issue Third Party Cookies

13 A site may only store or read some persistent information in the browser if it is the same site as the top level page. Alternate definition: referrer is same site Top level page is the primary interaction Storing or reading allows tracker to build full record of users history. Third Party Blocking Policy

14 If setting is allowed: –Tracker site sets different cookie at every participating site –When user visits tracker site in first party context, entire history is visible If reading is allowed: –Tracker site sets unique user identifier cookie when user visits tracker in first party context –When user visits any participating site, tracker updates history database entry on server Block on set or read?

15 Broken Cookie Blocking Ideal Read 3 rd -party cookies AllowBlockAllowBlock Set 3 rd -party cookies BlockAllowBlockAllowBlock

16 Offsite script included with Script generated dynamically and cached Unique identifier now appended to all links Third Party Cache: Example

17 General Third Party Blocking SafeCache: Disallow cache for offsite content SafeHistory: Show links as unvisited in cross-site frames

18 Protects sites from each other Many covert channels if sites cooperate –JavaScript redirection –Meta refresh –Popup windows –Cross-site hyperlinks Certain techniques are implicit cooperation –Frames, scripts, CSS can have active content Defense: Disable or clear persistent state Bypassing Third Party Blocking

19 Same origin policy: critical for security –Restricts cross-site state access Third party blocking: additional privacy –Restricts sites access to its own state –Incorrectly implemented in all major browsers –Most effective for images Neither technique stops cooperative sharing safecache.com safehistory.com Summary

20

Download ppt "Protecting Browser State from Web Privacy Attacks Collin Jackson, Andrew Bortz, Dan Boneh, John Mitchell Stanford University."

Similar presentations

Nick Feamster CS 6262 Spring 2009

Nick Feamster CS 6262 Spring 2009
Monitoring a web sites health. Web Analytics - Definition Measurement of the behavior of visitors to a website Which aspects of the website work towards.

Monitoring a web sites health. Web Analytics - Definition Measurement of the behavior of visitors to a website Which aspects of the website work towards.
ForceHTTPS: Protecting High-Security Web Sites from Network Attacks Collin Jackson and Adam Barth.

ForceHTTPS: Protecting High-Security Web Sites from Network Attacks Collin Jackson and Adam Barth.
The OWASP Foundation Web Application Security Host Apps Firewall Host Apps Database Host Web serverApp serverDB server Securing the.

The OWASP Foundation Web Application Security Host Apps Firewall Host Apps Database Host Web serverApp serverDB server Securing the.
By Philipp Vogt, Florian Nentwich, Nenad Jovanovic, Engin Kirda, Christopher Kruegel, and Giovanni Vigna Network and Distributed System Security(NDSS ‘07)

By Philipp Vogt, Florian Nentwich, Nenad Jovanovic, Engin Kirda, Christopher Kruegel, and Giovanni Vigna Network and Distributed System Security(NDSS ‘07)
A Third Party Service for Providing Trust on the Internet Work done in 2001 at HP Labs by Michael VanHilst and Ski Ilnicki.

A Third Party Service for Providing Trust on the Internet Work done in 2001 at HP Labs by Michael VanHilst and Ski Ilnicki.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Privacy and Security on the Web Part 1. Agenda Questions? Stories? Questions? Stories? IRB: I will review and hopefully send tomorrow. IRB: I will review.

Privacy and Security on the Web Part 1. Agenda Questions? Stories? Questions? Stories? IRB: I will review and hopefully send tomorrow. IRB: I will review.
Context-Aware Phishing Attacks and Client-Side Defenses Collin Jackson Stanford University.

Context-Aware Phishing Attacks and Client-Side Defenses Collin Jackson Stanford University.
Beware of Finer-Grained Origins

Beware of Finer-Grained Origins
Web Same-Origin-Policy Lab Zutao Zhu 11/06/2009. Outline Background Setting SOP.

Web Same-Origin-Policy Lab Zutao Zhu 11/06/2009. Outline Background Setting SOP.
XP Tutorial 9 New Perspectives on JavaScript, Comprehensive1 Working with Cookies Managing Data in a Web Site Using JavaScript Cookies.

XP Tutorial 9 New Perspectives on JavaScript, Comprehensive1 Working with Cookies Managing Data in a Web Site Using JavaScript Cookies.
Client State Management & Application Security  Client State Management  Concept  ASP Examples  Application Security  Database Based Approach 

Client State Management & Application Security  Client State Management  Concept  ASP Examples  Application Security  Database Based Approach 
ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.

ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.
Chapter 9 Introduction to the Document Object Model (DOM) JavaScript, Third Edition.

Chapter 9 Introduction to the Document Object Model (DOM) JavaScript, Third Edition.
1 Subspace: Secure Cross Domain Communication for Web Mashups Collin Jackson and Helen J. Wang Mamadou H. Diallo.

1 Subspace: Secure Cross Domain Communication for Web Mashups Collin Jackson and Helen J. Wang Mamadou H. Diallo.
Subspace: Secure Cross-Domain Communication for Web Mashups Collin Jackson Stanford University Helen J. Wang Microsoft Research ACM WWW, May, 2007 Presenter:

Subspace: Secure Cross-Domain Communication for Web Mashups Collin Jackson Stanford University Helen J. Wang Microsoft Research ACM WWW, May, 2007 Presenter:
Introduction to InfoSec – Recitation 10 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)

Introduction to InfoSec – Recitation 10 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)
D ATABASE S ECURITY Proposed by Abdulrahman Aldekhelallah University of Scranton – CS521 Spring2015.

D ATABASE S ECURITY Proposed by Abdulrahman Aldekhelallah University of Scranton – CS521 Spring2015.
Chapter 9 Collecting Data with Forms. A form on a web page consists of form objects such as text boxes or radio buttons into which users type information.

Chapter 9 Collecting Data with Forms. A form on a web page consists of form objects such as text boxes or radio buttons into which users type information.

Similar presentations

Ads by Google