Presentation is loading. Please wait.

Presentation is loading. Please wait.

OMash: Enabling Secure Web Mashups via Object Abstractions Steven Crites, Francis Hsu, Hao Chen UC Davis.

Published byPierce Edwards Modified over 8 years ago

Similar presentations

Presentation on theme: "OMash: Enabling Secure Web Mashups via Object Abstractions Steven Crites, Francis Hsu, Hao Chen UC Davis."— Presentation transcript:

1 OMash: Enabling Secure Web Mashups via Object Abstractions Steven Crites, Francis Hsu, Hao Chen UC Davis

2 Mashups and the Same Origin Policy Mashups integrate content from multiple websites Content protection relies on Same Origin Policy (SOP) – Currently, contents get complete or no isolation – MashupOS proposes more flexible trust relationship [SOSP 07] Isolated Open Access-Controlled Unauthorized

3 Same Origin Policy a.com b.com Server Browser  

4 Problems with SOP – What Domains are of the Same Origin? web1.acm.orgweb2.acm.org yes cs.ucdavis.edu ece.ucdavis.edu maybe amazon.co.uk bbc.co.uk no Same origin?

5 DNS Insecurity Client vulnerabilities – DNS rebinding (Jackson et al, CCS 07) – Dynamic Pharming (Karlof et al, CCS 07) Server vulnerabilities – DNS cache poisoning (Kaminsky, BlackHat 08)

6 Cross-Site Request Forgery a.com b.com Server Browser

7 OMash: Object Mashup A new browser security model Use Object-Oriented model (e.g. Java object model) Treat each Web page as an object – Encapsulate all scripts and data – Objects declare public interface – Objects communicate only via public interface

8 Object Abstractions Java (analogy) Web page object public class FooObject { public void publicMethod() { } private int privateData; } function getPublicInterface() { function Interface() { this.publicMethod = function () {…} } return new Interface(); } var privateData;

9 Page Objects A page consists of – DOM tree – Scripts – Credentials (HTTP auth, cookies) A page object can be contained in a – Window – Tab – Frame – Iframe

10 Public and Private Members Public interface – Each object declares getPublicInterface() – Returns a closure of all public methods and data Private data – DOM – Scripts – Credentials

11 Usage Example map.html integrator.html function getPublicInterface() { function Interface() { this.setCenter = function (lat,long) { … } return new Interface(); }... var map = win.getPublicInterface();... map.setCenter(lat, long); } map.html integrator.html

12 Trust Relationships Can model trust relationships needed for mashups (as identified by MashupOS) – Isolated – Open – Access-Controlled – Unauthorized

13 No access between provider and integrator Isolated function getPublicInterface() { function Interface() { } return new Interface(); }

14 Open Full access between provider and integrator function getPublicInterface() { function Interface() { this.getDocument = function () { return document; } return new Interface(); }

15 Limited access depending on caller Access-controlled function getPublicInterface() { function Interface() { this.auth = function(user,pass) { return token; } this.do = function (token,...) { check(token); } } return new Interface(); } var api = win.getPublicInterface(); token = api.auth(user, pass); api.do (token,...) ProviderIntegrator

16 Preventing CSRF a.com b.com Server Browser

17 Preventing CSRF a.com b.com Server Browser

18 Preventing CSRF a.com b.com Server Browser No cookie!

19 Browser Sessions under OMash Each cookie – belongs to a window – is shared by subsequent pages from the same domain in that window Each window has an independent session – Desirable side effect: Can log in to multiple accounts in different windows in the same browser

20 Cross-window Sessions How to track a session across windows? Cookie Inheritance – When page P1 loads P2, P2 inherits P1’s cookies – P1 and P2 now belong to the same session

21 Implementation Proof of concept as Firefox add-on – Make an exception to SOP in Mozilla’s Configurable Security Policy – Change Cookie Manager to make each cookie private to a window No changes required on the server

22 Supporting SOP without DNS If application prefers using SOP to allow inter- page communication: To implement this under OMash – Server embeds a shared secret in all pages – Pages authenticate each other using this secret

23 Supporting SOP without DNS secret = “1234”; function getPublicInterface() { function Interface() { this.foo=function (secret, … ) { check(secret); … } } return new Interface(); } secret = “1234” api = win.getPublicInterface() api.foo(secret, …) ProviderIntegrator

24 Related Work MashupOS (Wang et al, SOSP 07) SMash (Keukelaere WWW 07) Google’s Caja

25 Conclusion OMash a new browser security model – Allows flexible trust relation – Simple – Familiar, easy to understand Don’t rely on Same Origin Policy – Prevent CSRF attacks – Allows programmers to define “Same Origin” flexibly based on shared secrets

Download ppt "OMash: Enabling Secure Web Mashups via Object Abstractions Steven Crites, Francis Hsu, Hao Chen UC Davis."

Similar presentations

Presented by Vaibhav Rastogi. Current browsers try to separate host system from Web Websites evolved into web applications Lot of private data on the.

Presented by Vaibhav Rastogi. Current browsers try to separate host system from Web Websites evolved into web applications Lot of private data on the.
By Loukik Purohit & Rohit Ghatol

By Loukik Purohit & Rohit Ghatol
ForceHTTPS: Protecting High-Security Web Sites from Network Attacks Collin Jackson and Adam Barth.

ForceHTTPS: Protecting High-Security Web Sites from Network Attacks Collin Jackson and Adam Barth.
Path Cutter: Severing the Self-Propagation Path of XSS JavaScript Worms in Social Web Networks Yinzhi Cao, Vinod Yegneswaran, Phillip Porras, and Yan Chen.

Path Cutter: Severing the Self-Propagation Path of XSS JavaScript Worms in Social Web Networks Yinzhi Cao, Vinod Yegneswaran, Phillip Porras, and Yan Chen.
1 Yinzhi Cao, Zhichun Li *, Vaibhav Rastogi, Yan Chen, and Xitao Wen Labs of Internet Security and Technology Northwestern University * NEC Labs America.

1 Yinzhi Cao, Zhichun Li *, Vaibhav Rastogi, Yan Chen, and Xitao Wen Labs of Internet Security and Technology Northwestern University * NEC Labs America.
17 th ACM CCS (October, 2010).  Introduction  Threat Model  Cross-Origin CSS Attacks  Example Attacks  Defenses  Experiment  Related Work 2 A Presentation.

17 th ACM CCS (October, 2010).  Introduction  Threat Model  Cross-Origin CSS Attacks  Example Attacks  Defenses  Experiment  Related Work 2 A Presentation.
EECS 354 Network Security Cross Site Scripting (XSS)

EECS 354 Network Security Cross Site Scripting (XSS)
Redefining Web Browser Principals with a Configurable Origin Policy Yinzhi Cao, Vaibhav Rastogi, Zhichun Li†, Yan Chen and Alexander Moshchuk†† Northwestern.

Redefining Web Browser Principals with a Configurable Origin Policy Yinzhi Cao, Vaibhav Rastogi, Zhichun Li†, Yan Chen and Alexander Moshchuk†† Northwestern.
On the Incoherencies in Web Browser Access Control Policies Authors: Kapil Singh, et al Presented by Yi Yang.

On the Incoherencies in Web Browser Access Control Policies Authors: Kapil Singh, et al Presented by Yi Yang.
Dynamic Pharming Attacks and Locked Same-Origin Policies For Web Browsers Chris Karlof, J.D. Tygar, David Wagner, Umesh Shankar.

Dynamic Pharming Attacks and Locked Same-Origin Policies For Web Browsers Chris Karlof, J.D. Tygar, David Wagner, Umesh Shankar.
Privacy-Preserving Browser-Side Scripting With BFlow Alexander Yip, Neha Narula, Maxwell Krohn, Robert Morris Massachusetts Institute of Technology.

Privacy-Preserving Browser-Side Scripting With BFlow Alexander Yip, Neha Narula, Maxwell Krohn, Robert Morris Massachusetts Institute of Technology.
Web Security Model CSE 591 – Security and Vulnerability Analysis Spring 2015 Adam Doupé Arizona State University

Web Security Model CSE 591 – Security and Vulnerability Analysis Spring 2015 Adam Doupé Arizona State University
1 A Privacy-Preserving Defense Mechanism Against Request Forgery Attacks Ben S. Y. Fung and Patrick P. C. Lee The Chinese University of Hong Kong TrustCom’11.

1 A Privacy-Preserving Defense Mechanism Against Request Forgery Attacks Ben S. Y. Fung and Patrick P. C. Lee The Chinese University of Hong Kong TrustCom’11.
Lecture 16 Page 1 CS 236 Online Cross-Site Scripting XSS Many sites allow users to upload information –Blogs, photo sharing, Facebook, etc. –Which gets.

Lecture 16 Page 1 CS 236 Online Cross-Site Scripting XSS Many sites allow users to upload information –Blogs, photo sharing, Facebook, etc. –Which gets.
Best and Worst Practices Building RIA from Adobe and Microsoft.

Best and Worst Practices Building RIA from Adobe and Microsoft.
Designing Security In Web Applications Andrew Tomkowiak 10/8/2013 UW-Platteville Software Engineering Department

Designing Security In Web Applications Andrew Tomkowiak 10/8/2013 UW-Platteville Software Engineering Department
1 Subspace: Secure Cross Domain Communication for Web Mashups Collin Jackson and Helen J. Wang Mamadou H. Diallo.

1 Subspace: Secure Cross Domain Communication for Web Mashups Collin Jackson and Helen J. Wang Mamadou H. Diallo.
Redefining Web Browser Principals with a Configurable Origin Policy Yinzhi Cao, Vaibhav Rastogi, Zhichun Li†, Yan Chen and Alexander Moshchuk†† Northwestern.

Redefining Web Browser Principals with a Configurable Origin Policy Yinzhi Cao, Vaibhav Rastogi, Zhichun Li†, Yan Chen and Alexander Moshchuk†† Northwestern.
Subspace: Secure Cross-Domain Communication for Web Mashups Collin Jackson Stanford University Helen J. Wang Microsoft Research ACM WWW, May, 2007 Presenter:

Subspace: Secure Cross-Domain Communication for Web Mashups Collin Jackson Stanford University Helen J. Wang Microsoft Research ACM WWW, May, 2007 Presenter:
Subspace: Secure Cross-Domain Communication for Web Mashups In Proceedings of the 16th International World Wide Web Conference. (WWW), 2007 Collin Jackson,

Subspace: Secure Cross-Domain Communication for Web Mashups In Proceedings of the 16th International World Wide Web Conference. (WWW), 2007 Collin Jackson,

Similar presentations

Ads by Google