On the Incoherencies in Web Browser Access Control Policies Authors: Kapil Singh, et al Presented by Yi Yang.

Slides:

Advertisements

Similar presentations

Protecting Browser State from Web Privacy Attacks Collin Jackson, Andrew Bortz, Dan Boneh, John Mitchell Stanford University.

Advertisements

Presented by Vaibhav Rastogi. Current browsers try to separate host system from Web Websites evolved into web applications Lot of private data on the.

JavaScript FaaDoOEngineers.com FaaDoOEngineers.com.

Towards Self-Testing in Autonomic Computing Systems Tariq M. King, Djuradj Babich, Jonatan Alava, and Peter J. Clarke Software Testing Research Group Florida.

By Philipp Vogt, Florian Nentwich, Nenad Jovanovic, Engin Kirda, Christopher Kruegel, and Giovanni Vigna Network and Distributed System Security(NDSS ‘07)

Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.

A Crawler-based Study of Spyware on the Web Author: Alexander Moshchuk, Tanya Bragin, Steven D.Gribble, Henry M.Levy Presented At: NDSS, 2006 Prepared.

T-FLEX DOCs PLM, Document and Workflow Management.

The Most Dangerous Code in the Browser Stefan Heule, Devon Rifkin, Alejandro Russo, Deian Stefan Stanford University, Chalmers University of Technology.

Web Servers How do our requests for resources on the Internet get handled? Can they be located anywhere? Global?

Web Page Behavior IS 373—Web Standards Todd Will.

1 State-Based Testing of Ajax Web Applications A. Marchetto, P. Tonella and F. Ricca CMSC737 Spring 2008 Shashvat A Thakor.

XP Tutorial 9 New Perspectives on JavaScript, Comprehensive1 Working with Cookies Managing Data in a Web Site Using JavaScript Cookies.

1 Detecting Logic Vulnerabilities in E- Commerce Applications Presenter: Liu Yin Slides Adapted from Fangqi Sun Computer Science Department College of.

Computer Security and Penetration Testing

Software Distribution in Microsoft System Center Configuration Manager v.Next: Part 1.

Authors: Mona Gandhi, Markus Jakobsson, Jacob Ratkiewicz (Indiana University at Bloomington) Presented By: Lakshmy Mohanan.

From Desktop to Wearable to Testing Belgium Testing Days 2015 Alfonso Nocella, Maveryx.

Phu H. Phung Chalmers University of Technology JSTools’ 12 June 13, 2012, Beijing, China Joint work with Lieven Desmet (KU Leuven)

Subspace: Secure Cross-Domain Communication for Web Mashups Collin Jackson Stanford University Helen J. Wang Microsoft Research ACM WWW, May, 2007 Presenter:

Subspace: Secure Cross-Domain Communication for Web Mashups In Proceedings of the 16th International World Wide Web Conference. (WWW), 2007 Collin Jackson,

Sys Prog & Scripting - HW Univ1 Systems Programming & Scripting Lecture 15: PHP Introduction.

Understanding Android Security Yinshu Wu William Enck, Machigar Ongtang, and PatrickMcDaniel Pennsylvania State University.

FLOWFOX A WEB BROWSER WITH FLEXIBLE AND PRECISE INFORMATION CONTROL.

ArcGIS Workflow Manager An Introduction

JavaScript and The Document Object Model MMIS 656 Web Design Technologies Acknowledgements: 1.Notes from David Shrader, NSU GSCIS 2.Some material adapted.

CIS 375—Web App Dev II ASP.NET 2 Introducing Web Forms.

Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Design Extensions to Google+ CS6204 Privacy and Security.

A Framework for Automated Web Application Security Evaluation

I Do Not Know What You Visited Last Summer: Protecting users from stateful third-party web tracking with TrackingFree browser Xiang Pan §, Yinzhi Cao †,

CITS1231 Web Technologies JavaScript and Document Object Model.

OMash: Enabling Secure Web Mashups via Object Abstractions Steven Crites, Francis Hsu, Hao Chen UC Davis.

1 Tradedoubler & Mobile Mobile web & app tracking technical overview.

Cloak and Dagger: Dynamics of Web Search Cloaking David Y. Wang, Stefan Savage, and Geoffrey M. Voelker University of California, San Diego 左昌國 Seminar.

INTRODUCTION TO JAVASCRIPT AND DOM Internet Engineering Spring 2012.

An Introduction to JavaScript Summarized from Chapter 6 of “Web Programming: Building Internet Applications”, 3 rd Edition.

© 2011 Delmar, Cengage Learning Chapter 8 Using Styles and Design Style Sheets for Design.

Detecting Targeted Attacks Using Shadow Honeypots Authors: K.G. Anagnostakis, S. Sidiroglou, P. Akritidis, K. Xinidis, E. Markatos, A.D. Keromytis Published:

Automatically Repairing Broken Workflows for Evolving GUI Applications Sai Zhang University of Washington Joint work with: Hao Lü, Michael D. Ernst.

SMash : Secure Component Model for Cross- Domain Mashups on Unmodified Browsers WWW 2008 Frederik De Keukelaere et al. Presenter : SJ Park.

CE Operating Systems Lecture 21 Operating Systems Protection with examples from Linux & Windows.

Copyright © cs-tutorial.com. Overview Introduction Architecture Implementation Evaluation.

Securing Your Enterprise with Enterprise Manager 10g Amir Najmi Principal Member of Technical Staff System Management Products Oracle Corporation Session.

MEMBERSHIP AND IDENTITY Active server pages (ASP.NET) 1 Chapter-4.

1 Web Servers (Chapter 21 – Pages( ) Outline 21.1 Introduction 21.2 HTTP Request Types 21.3 System Architecture.

GAZELLE THE MULTI-PRINCIPAL OS CONSTRUCTION OF THE GAZELLE WEB BROWSER.

M. Alexander Helen J. Wang Yunxin Liu Microsoft Research 1 Presented by Zhaoliang Duan.

University of Central Florida The Postman Always Rings Twice: Attacking & Defending postMessage in HTML5 Websites Ankur Verma University of Central Florida,

Vaibhav Rastogi and Yi Yang.  SOP is outdated  Netscape introduced this policy when most content on the Internet was static  Differences amongst different.

I Do Not Know What You Visited Last Summer: Protecting users from stateful third-party web tracking with TrackingFree browser Xiang Pan, Northwestern University.

Protecting Browsers from Extension Vulnerabilities Paper by: Adam Barth, Adrienne Porter Felt, Prateek Saxena at University of California, Berkeley and.

1 Isolating Web Programs in Modern Browser Architectures CS6204: Cloud Environment Spring 2011.

Introduction to Programming the WWW I CMSC Summer 2003 Lecture 13.

Identifying “Best Bet” Web Search Results by Mining Past User Behavior Author: Eugene Agichtein, Zijian Zheng (Microsoft Research) Source: KDD2006 Reporter:

Cloud Environment Spring  Microsoft Research Browser (2009)  Multi-Principal Environment with Browser OS  Next Step Towards Secure Browser 

A Framework for Detection and Measurement of Phishing Attacks Reporter: Li, Fong Ruei National Taiwan University of Science and Technology 2/25/2016 Slide.

T EST T OOLS U NIT VI This unit contains the overview of the test tools. Also prerequisites for applying these tools, tools selection and implementation.

Chapter 10 Dynamic HTML (DHTML) JavaScript, Third Edition.

CSE Operating System Principles Protection.

The Postman Always Rings Twice: Attacking and Defending postMessage in HTML5 Websites Paper by Sooel Son and Vitaly Shmatikov, The University of Texas.

Web Security (cont.) 1. Referral issues r HTTP referer (originally referrer) – HTTP header that designates calling resource  Page on which a link is.

PLM, Document and Workflow Management

Static Detection of Cross-Site Scripting Vulnerabilities

Introduction to SharePoint

Analyzing WebView Vulnerabilities in Android Applications

PROJECTS SUMMARY PRESNETED BY HARISH KUMAR JANUARY 10,2018.

Chapter 14: Protection.

Operating System Concepts

Exploring DOM-Based Cross Site Attacks

T-FLEX DOCs PLM, Document and Workflow Management.

Presentation transcript:

On the Incoherencies in Web Browser Access Control Policies Authors: Kapil Singh, et al Presented by Yi Yang

Outline Introduction Analysis of browser access control incoherencies WebAnalyzer Measurement Framework Experimental Results Related work & Discussion & Limitations Conclusions

Major Access Control Flaws Inconsistent principal labeling Inappropriate handling of principal label changes Disregard of the user principal

What is a Principal In the Web environment, principal=domain? Principal and domain are interchangeable. H. Wang, et.al (SOSP’07) Different labeling for resources. for the DOM (memory) resource, a principal is labeled by ; for the cookie resource, a principal is labeled by.

document.domain Gets/sets the domain of the current document. Eg. a script in the document at x.a.com/index.html executes document.domain = “a.com”. After that statement executes, the page would pass the origin check with a.com/index.html. However, a.com cannot set document.domain to b.com

Review of Access Control Flaws Inconsistent principal labeling Inappropriate handling of principal label changes: Disregard the “effective” principle IDs set by document.domain. Disregard of the user principal eg. clipboard, geolocation, user actions, etc

Contributions Principal-driven analysis of access control incoherencies in today’s browsers. User principal concept for the browser setting. Compatibility measurement framework----WebAnalyzer. Measurements on the compatibility cost of coherent access control policies.

II. Analysis of Browser Access Control Incoherencies Methodology Browser Resources The Interplay of the Resources Effective Principal ID The User Principal

Methodology Each shared browser resource should have a principal definition and have an access control policy. For each non-shared browser resource, the resource should have an owner principal with a specific label or be globally accessible. When two resources interplay, both resources should have the same principal definition. All access control policies must consider the runtime label of the principals, namely, the “effective” principal ID. The user principal’s resources should not be accessible by web applications.

Manual Analysis Process

Browser Resources

Browser Resources (cont.)

Interplay of the Resources DOM and Cookies Cookies and XMLHttpRequest DOM and Display

eg. DOM and Cookie

Effective Principal ID Browsers allow cross-principal sharing for “related” sites by allowing sites to change their principal ID via the document.domain property. Cookie, XMLHttpRequest, postMessage, etc

Cookie

XMLHttpRequest

postMessage

The User Principal User actions back(), forward(), history Browser UI moveTo(), resizeTo(), etc User-private State Geolocation is one of the latest browser features. Geolocation dialog is active for only one origin at a time. DOS attack

WebAnalyzer Measurement Framework Crawl the web to look for prevalence of unsafe browser features on existing web pages. IE WA, a specially instrumented version of IE, provides dynamic mediation for all browser resources, and detects when a resource invocation matches one of preset policy rules.

Measurement Framework

heuristics-driven automated crawling It’s hard to fully study all possible website features. Simple heuristics to simulate user interaction. find and click at most 5 random links; produce 5 random navigation events; check search form, fill it and submit it.

IV. Experimental Results Experimental Goal: study the prevalence of unsafe browser features on a large set of popular website. Overview 100,000 most popular websites ranked by Alexa, 89,222 websites are available. Cost of removing a feature to be the number of Alexa-ranked, top 100,000 sites that use the feature.

Interplay of browser resources summary of display

Changing effective Principal ID Summary: while disallowing document.domain completely carries a substantial cost (1.9% of sites), browsers can eliminate its impact on XMLHttpRequest, local storage, and postMessage at a much lower cost.

Resources belonging to the user principal Overall, we found that 12 of the 16 user-principal APIs we examined can be removed while collectively affecting only 0.80% of unique sites.

Unsafe features & site popularity

Compared with user driven analysis

V. Discussion & Limitations Benefits of heuristics-driven automated crawling. Limits of automated crawler-based measurements. Picking the right browser. Studying other web segments.

VI. Related Work Previous work has looked at weaknesses in cross-frame communication mechanisms, client-side browser state, cookie path protection, display protection, and other issues. DOM access checker is a tool designed to automatically validate numerous aspects of domain security policy enforcement to detect common security attacks or information disclosure vectors. Browserscope is a community-driven project for tracking browser functionality. Its security test suite checks whether new browser security features are implemented by a browser.

VII. Conclusions incoherencies in access control policies user principal measured the cost of removing unsafe policies

Thanks