Yip, X. Wang, N. Zeldovich, M. F. Kaashoek MIT CSAIL Reading Group by Theo 06 Oct 2009.

Slides:



Advertisements
Similar presentations
JavaScript FaaDoOEngineers.com FaaDoOEngineers.com.
Advertisements

By Philipp Vogt, Florian Nentwich, Nenad Jovanovic, Engin Kirda, Christopher Kruegel, and Giovanni Vigna Network and Distributed System Security(NDSS ‘07)
Microsoft VB 2005: Reloaded, Advanced Chapter 5 Input Validation, Error Handling, and Exception Handling.
Introduction The concept of “SQL Injection”
Configuring Windows Vista Security Chapter 3. IE7 Pop-up Blocker Pop-up Blocker prevents annoying and sometimes unsafe pop-ups from web sites Can block.
1 RAKSHA: A FLEXIBLE ARCHITECTURE FOR SOFTWARE SECURITY Computer Systems Laboratory Stanford University Hari Kannan, Michael Dalton, Christos Kozyrakis.
Computer Science 101 Web Access to Databases Overview of Web Access to Databases.
Creating Web Page Forms
Lecture 16 Page 1 CS 236 Online Cross-Site Scripting XSS Many sites allow users to upload information –Blogs, photo sharing, Facebook, etc. –Which gets.
Handling Security Threats in Kentico CMS Karol Jarkovsky Sr. Solution Architect Kentico Software
Form Handling, Validation and Functions. Form Handling Forms are a graphical user interfaces (GUIs) that enables the interaction between users and servers.
Chapter 9 Collecting Data with Forms. A form on a web page consists of form objects such as text boxes or radio buttons into which users type information.
Chapter Seven Advanced Shell Programming. 2 Lesson A Developing a Fully Featured Program.
CSCI 6962: Server-side Design and Programming Course Introduction and Overview.
Session 5: Working with MySQL iNET Academy Open Source Web Development.
Chapter 5 Java Script And Forms JavaScript, Third Edition.
Server-side Scripting Powering the webs favourite services.
CSCI 6962: Server-side Design and Programming Secure Web Programming.
Web Application Access to Databases. Logistics Test 2: May 1 st (24 hours) Extra office hours: Friday 2:30 – 4:00 pm Tuesday May 5 th – you can review.
1 PHP and MySQL. 2 Topics  Querying Data with PHP  User-Driven Querying  Writing Data with PHP and MySQL PHP and MySQL.
Lecture 16 Page 1 CS 236 Online SQL Injection Attacks Many web servers have backing databases –Much of their information stored in a database Web pages.
Preventing Web Application Injections with Complementary Character Coding Raymond Mui Phyllis Frankl Polytechnic Institute of NYU Presented at ESORICS.
Chapter 8 Cookies And Security JavaScript, Third Edition.
INTRODUCTION TO JAVASCRIPT AND DOM Internet Engineering Spring 2012.
CSC-682 Cryptography & Computer Security Sound and Precise Analysis of Web Applications for Injection Vulnerabilities Pompi Rotaru Based on an article.
Web Scripting [PHP] CIS166AE Wednesdays 6:00pm – 9:50pm Rob Loy.
Security Scanners Mark Shtern. Popular attack targets Web – Web platform – Web application Windows OS Mac OS Linux OS Smartphone.
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 1 RubyJax Brent Morris/
Chapter 8 Collecting Data with Forms. Chapter 8 Lessons Introduction 1.Plan and create a form 2.Edit and format a form 3.Work with form objects 4.Test.
Website Development with PHP and MySQL Saving Data.
7 1 Chapter 7 Introduction to Structured Query Language (SQL) Database Systems: Design, Implementation, and Management, Seventh Edition, Rob and Coronel.
Attacking Data Stores Brad Stancel CSCE 813 Presentation 11/12/2012.
1 © Netskills Quality Internet Training, University of Newcastle HTML Forms © Netskills, Quality Internet Training, University of Newcastle Netskills is.
Analysis of SQL injection prevention using a filtering proxy server By: David Rowe Supervisor: Barry Irwin.
SQL Injection Jason Dunn. SQL Overview Structured Query Language For use with Databases Purpose is to retrieve information Main Statements Select Insert.
Security Attacks CS 795. Buffer Overflow Problem Buffer overflows can be triggered by inputs that are designed to execute code, or alter the way the program.
By Sean Rose and Erik Hazzard.  SQL Injection is a technique that exploits security weaknesses of the database layer of an application in order to gain.
Legion - A Grid OS. Object Model Everything is object Core objects - processing resource– host object - stable storage - vault object - definition of.
Chapter 3 Syntax, Errors, and Debugging Fundamentals of Java.
 Registry itself is easy and straightforward in implementation  The objects of registry are actually complicated to store and manage  Objects of Registry.
Web Security Lesson Summary ●Overview of Web and security vulnerabilities ●Cross Site Scripting ●Cross Site Request Forgery ●SQL Injection.
PHP Error Handling Section :I Source: 1.
Michael Dalton, Christos Kozyrakis, and Nickolai Zeldovich MIT, Stanford University USENIX 09’ Nemesis: Preventing Authentication & Access Control Vulnerabilities.
 Previous lessons have focused on client-side scripts  Programs embedded in the page’s HTML code  Can also execute scripts on the server  Server-side.
©SoftMooreSlide 1 Introduction to HTML: Forms ©SoftMooreSlide 2 Forms Forms provide a simple mechanism for collecting user data and submitting it to.
8 Chapter Eight Server-side Scripts. 8 Chapter Objectives Create dynamic Web pages that retrieve and display database data using Active Server Pages Process.
Form Processing Week Four. Form Processing Concepts The principal tool used to process Web forms stored on UNIX servers is a CGI (Common Gateway Interface)
Trevor Jim Nikhil Swamy Michael Hicks Defeating Script Injection Attacks with Browser-Enforced Embedded Policies Jason FroehlichSeptember 24, 2008.
Exceptions Lecture 11 COMP 401, Fall /25/2014.
SQL Injection Attacks An overview by Sameer Siddiqui.
And other languages…. must remember to check return value OR, must pass label/exception handler to every function Caller Function return status Caller.
Session 11: Cookies, Sessions ans Security iNET Academy Open Source Web Development.
CS 440 Database Management Systems Stored procedures & OR mapping 1.
IST 210: PHP Basics IST 210: Organization of Data IST2101.
Carrie Estes Collin Donaldson.  Zero day attacks  “zero day”  Web application attacks  Signing up for a class  Hardening the web server  Enhancing.
FILES AND EXCEPTIONS Topics Introduction to File Input and Output Using Loops to Process Files Processing Records Exceptions.
Java Exceptions a quick review….
Project Management: Messages
Web Application Vulnerabilities, Detection Mechanisms, and Defenses
SQL Injection Attacks Many web servers have backing databases
Database Driven Websites
Defense in Depth Web Server Custom HTTP Handler Input Validation
Topics Introduction to File Input and Output
Design and Programming
Software Security Lesson Introduction
Chapter 13 Security Methods Part 3.
Lecture 2 - SQL Injection
PHP Forms and Databases.
Topics Introduction to File Input and Output
Presentation transcript:

Yip, X. Wang, N. Zeldovich, M. F. Kaashoek MIT CSAIL Reading Group by Theo 06 Oct 2009

 High level vulnerabilities quite common  Simple solution: insert necessary checks everywhere they’re needed  Not as easy as it seems: very hard for programmer to correctly identify where each check needs to be

 HotCRP password leakage ◦ Password reminder option ◦ Simple rule: password must be sent to owner only ◦ But, you have preview mode  Cross-site scripting ◦ Server should never send unsanitized user-supplied input as response; input must not contain valid JavaScript ◦ Simple logic: sanitize all user input  You did remember to check the whois response, right? ◦ PHPMyAdmin must check input in 1,409 locations

 Data are automatically assigned policy objects (metadata) ◦ E.g., trusted, user-supplied, private  Policy objects are automatically propagated according to specified rules (propagation handlers)  Prior to leaving the system, policy objects must pass through filter objects (syscall handlers) ◦ E.g., going to SQL, user, disk ◦ Exception thrown on disallowed actions

 Motivation  Resin ◦ Policy Objects ◦ Filter Objects ◦ Persistent Policies  Evaluation ◦ Vulnerabilities Detected ◦ Microkernel Overheads

 DIFT tool running inside high-level interpreted languages ◦ PHP, Python e.t.c. ◦ The interpreter, server, O/S are trusted  Resin cannot protect against attacks targeting O/S etc.  Consider Resin an object-oriented lifeguard platform ◦ Metadata are classes that carry methods on how to be propagated and checked ◦ Resin defines the interface and default actions

Senmail pipe to user u HTTP conn. to user w Context Type: Context Type: HTTP http: user w Language Runtime Bounds Password Policy SecretPass Your password is: Password Policy SecretPass From SQL Associated with password characters only

 Policy Objects ◦ Marks data as private, secure, user-input etc  Filter Objects ◦ Associated with runtime border objects  Pipes, connections, etc ◦ Can have at function borders ◦ Automatically associated with context  What kind of connection  To whom Password Policy Context Type:

 Associated with primitive data ◦ int, char, …, but not String, int [], … ◦ A datum may be associated with multiple Policies  Implement export_check (context) ◦ Called automatically by filter object which provides context ◦ Usually do nothing (approve) or throw exception (block) Password Policy

class PasswordPolicy extends Policy { private $ ; function __construct($ ) { $this-> = $ ; } function export_check($context) { if ($context[’type’] == ’ ’ && $context[’ ’] == $this-> ) return; throw new Exception(’unauthorized disclosure’); } policy_add($password, new

 What happens if at least one input of binop has a policy object?  Default action union  Policy that wants to change it must implement merge(policySet) ◦ Automatically called, if implemented, for each assoc. policy of each source operand ◦ Input: all the policies of the other source operand ◦ Returns the desired new policy set or throws exception ◦ Final set = union of all returns from all merges  Example: trusted iff all inputs trusted (intersection)

 Automatically at runtime boundaries ◦ Pipes to SQL or Sendmail, HTTP to users  Manually at specific functions ◦ E.g. before signer to remove Secret policy from signature  Default behavior: call every export_check it sees ◦ Pass this filter’s context ◦ If no export_check, approve data flow  Default behavior override ◦ Block flow of data not associated with TrustedByRootPolicy  Prevents server-side scripting Context Type:

class DefaultFilter(Filter): def __init__(self): self.context = {} def filter_write(self, buf): for p in policy_get(buf): if hasattr(p, ’export_check’): p.export_check(self.context) return buf

 Persistent I/O rewritten on-the-fly by filter objects ◦ Disk, SQL ◦ Disk I/O automatically reads/writes policies in file’s extended attributes ◦ SQL queries rewritten to query/update policies  Modified: create table, select, update, etc  Resin only stores names of policies and private data, not binary implementation ◦ Implementation can change easily

 Motivation  Resin ◦ Policy Objects ◦ Filter Objects ◦ Persistent Policies  Evaluation ◦ Vulnerabilities Detected ◦ Microkernel Overheads

 PHP prototype: ~6000 lines of code ◦ 2600 for SQL stuff ◦ 1100 core structures ◦ 2200 propagation and merge int  Added Resin to real-life apps to catch known and unknown bugs  Run microkernels to get overhead  Performance numbers for HotCRP (conference management app) ◦ 33% overhead (but runs in PHP interpreter, not directly C) ◦ 88ms to display a page instead of 66ms

Byte Level Policy Merging Policies Overhead due to (de)serializing policy objects Rewriting SQL queries to add/get policies Delete just drops the line

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.