Presentation is loading. Please wait.

Presentation is loading. Please wait.

On the Incoherencies in Web Browser Access Control Policies Authors: Kapil Singh, et al Presented by Yi Yang.

Published byAshlie Woods Modified over 9 years ago

Similar presentations

Presentation on theme: "On the Incoherencies in Web Browser Access Control Policies Authors: Kapil Singh, et al Presented by Yi Yang."— Presentation transcript:

1 On the Incoherencies in Web Browser Access Control Policies Authors: Kapil Singh, et al Presented by Yi Yang

2 Outline Introduction Analysis of browser access control incoherencies WebAnalyzer Measurement Framework Experimental Results Related work & Discussion & Limitations Conclusions

3 Major Access Control Flaws Inconsistent principal labeling Inappropriate handling of principal label changes Disregard of the user principal

4 What is a Principal In the Web environment, principal=domain? Principal and domain are interchangeable. H. Wang, et.al (SOSP’07) Different labeling for resources. for the DOM (memory) resource, a principal is labeled by ; for the cookie resource, a principal is labeled by.

5 document.domain Gets/sets the domain of the current document. Eg. a script in the document at x.a.com/index.html executes document.domain = “a.com”. After that statement executes, the page would pass the origin check with a.com/index.html. However, a.com cannot set document.domain to b.com

6 Review of Access Control Flaws Inconsistent principal labeling Inappropriate handling of principal label changes: Disregard the “effective” principle IDs set by document.domain. Disregard of the user principal eg. clipboard, geolocation, user actions, etc

7 Contributions Principal-driven analysis of access control incoherencies in today’s browsers. User principal concept for the browser setting. Compatibility measurement framework----WebAnalyzer. Measurements on the compatibility cost of coherent access control policies.

8 II. Analysis of Browser Access Control Incoherencies Methodology Browser Resources The Interplay of the Resources Effective Principal ID The User Principal

9 Methodology Each shared browser resource should have a principal definition and have an access control policy. For each non-shared browser resource, the resource should have an owner principal with a specific label or be globally accessible. When two resources interplay, both resources should have the same principal definition. All access control policies must consider the runtime label of the principals, namely, the “effective” principal ID. The user principal’s resources should not be accessible by web applications.

10 Manual Analysis Process

11 Browser Resources

12 Browser Resources (cont.)

13 Interplay of the Resources DOM and Cookies Cookies and XMLHttpRequest DOM and Display

14 eg. DOM and Cookie

15 Effective Principal ID Browsers allow cross-principal sharing for “related” sites by allowing sites to change their principal ID via the document.domain property. Cookie, XMLHttpRequest, postMessage, etc

16 Cookie

17 XMLHttpRequest

18 postMessage

19 The User Principal User actions back(), forward(), history Browser UI moveTo(), resizeTo(), etc User-private State Geolocation is one of the latest browser features. Geolocation dialog is active for only one origin at a time. DOS attack

20 WebAnalyzer Measurement Framework Crawl the web to look for prevalence of unsafe browser features on existing web pages. IE WA, a specially instrumented version of IE, provides dynamic mediation for all browser resources, and detects when a resource invocation matches one of preset policy rules.

21 Measurement Framework

22 heuristics-driven automated crawling It’s hard to fully study all possible website features. Simple heuristics to simulate user interaction. find and click at most 5 random links; produce 5 random navigation events; check search form, fill it and submit it.

23 IV. Experimental Results Experimental Goal: study the prevalence of unsafe browser features on a large set of popular website. Overview 100,000 most popular websites ranked by Alexa, 89,222 websites are available. Cost of removing a feature to be the number of Alexa-ranked, top 100,000 sites that use the feature.

24 Interplay of browser resources summary of display

25 Changing effective Principal ID Summary: while disallowing document.domain completely carries a substantial cost (1.9% of sites), browsers can eliminate its impact on XMLHttpRequest, local storage, and postMessage at a much lower cost.

26 Resources belonging to the user principal Overall, we found that 12 of the 16 user-principal APIs we examined can be removed while collectively affecting only 0.80% of unique sites.

27 Unsafe features & site popularity

28 Compared with user driven analysis

29 V. Discussion & Limitations Benefits of heuristics-driven automated crawling. Limits of automated crawler-based measurements. Picking the right browser. Studying other web segments.

30 VI. Related Work Previous work has looked at weaknesses in cross-frame communication mechanisms, client-side browser state, cookie path protection, display protection, and other issues. DOM access checker is a tool designed to automatically validate numerous aspects of domain security policy enforcement to detect common security attacks or information disclosure vectors. Browserscope is a community-driven project for tracking browser functionality. Its security test suite checks whether new browser security features are implemented by a browser.

31 VII. Conclusions incoherencies in access control policies user principal measured the cost of removing unsafe policies

32 Thanks

Download ppt "On the Incoherencies in Web Browser Access Control Policies Authors: Kapil Singh, et al Presented by Yi Yang."

Similar presentations

Protecting Browser State from Web Privacy Attacks Collin Jackson, Andrew Bortz, Dan Boneh, John Mitchell Stanford University.

Protecting Browser State from Web Privacy Attacks Collin Jackson, Andrew Bortz, Dan Boneh, John Mitchell Stanford University.
Presented by Vaibhav Rastogi. Current browsers try to separate host system from Web Websites evolved into web applications Lot of private data on the.

Presented by Vaibhav Rastogi. Current browsers try to separate host system from Web Websites evolved into web applications Lot of private data on the.
JavaScript FaaDoOEngineers.com FaaDoOEngineers.com.

JavaScript FaaDoOEngineers.com FaaDoOEngineers.com.
Towards Self-Testing in Autonomic Computing Systems Tariq M. King, Djuradj Babich, Jonatan Alava, and Peter J. Clarke Software Testing Research Group Florida.

Towards Self-Testing in Autonomic Computing Systems Tariq M. King, Djuradj Babich, Jonatan Alava, and Peter J. Clarke Software Testing Research Group Florida.
By Philipp Vogt, Florian Nentwich, Nenad Jovanovic, Engin Kirda, Christopher Kruegel, and Giovanni Vigna Network and Distributed System Security(NDSS ‘07)

By Philipp Vogt, Florian Nentwich, Nenad Jovanovic, Engin Kirda, Christopher Kruegel, and Giovanni Vigna Network and Distributed System Security(NDSS ‘07)
Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.

Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.
A Crawler-based Study of Spyware on the Web Author: Alexander Moshchuk, Tanya Bragin, Steven D.Gribble, Henry M.Levy Presented At: NDSS, 2006 Prepared.

A Crawler-based Study of Spyware on the Web Author: Alexander Moshchuk, Tanya Bragin, Steven D.Gribble, Henry M.Levy Presented At: NDSS, 2006 Prepared.
T-FLEX DOCs PLM, Document and Workflow Management.

T-FLEX DOCs PLM, Document and Workflow Management.
The Most Dangerous Code in the Browser Stefan Heule, Devon Rifkin, Alejandro Russo, Deian Stefan Stanford University, Chalmers University of Technology.

The Most Dangerous Code in the Browser Stefan Heule, Devon Rifkin, Alejandro Russo, Deian Stefan Stanford University, Chalmers University of Technology.
Web Servers How do our requests for resources on the Internet get handled? Can they be located anywhere? Global?

Web Servers How do our requests for resources on the Internet get handled? Can they be located anywhere? Global?
Web Page Behavior IS 373—Web Standards Todd Will.

Web Page Behavior IS 373—Web Standards Todd Will.
1 State-Based Testing of Ajax Web Applications A. Marchetto, P. Tonella and F. Ricca CMSC737 Spring 2008 Shashvat A Thakor.

1 State-Based Testing of Ajax Web Applications A. Marchetto, P. Tonella and F. Ricca CMSC737 Spring 2008 Shashvat A Thakor.
XP Tutorial 9 New Perspectives on JavaScript, Comprehensive1 Working with Cookies Managing Data in a Web Site Using JavaScript Cookies.

XP Tutorial 9 New Perspectives on JavaScript, Comprehensive1 Working with Cookies Managing Data in a Web Site Using JavaScript Cookies.
1 Detecting Logic Vulnerabilities in E- Commerce Applications Presenter: Liu Yin Slides Adapted from Fangqi Sun Computer Science Department College of.

1 Detecting Logic Vulnerabilities in E- Commerce Applications Presenter: Liu Yin Slides Adapted from Fangqi Sun Computer Science Department College of.
Computer Security and Penetration Testing

Computer Security and Penetration Testing
Software Distribution in Microsoft System Center Configuration Manager v.Next: Part 1.

Software Distribution in Microsoft System Center Configuration Manager v.Next: Part 1.
Authors: Mona Gandhi, Markus Jakobsson, Jacob Ratkiewicz (Indiana University at Bloomington) Presented By: Lakshmy Mohanan.

Authors: Mona Gandhi, Markus Jakobsson, Jacob Ratkiewicz (Indiana University at Bloomington) Presented By: Lakshmy Mohanan.
From Desktop to Wearable to Testing Belgium Testing Days 2015 Alfonso Nocella, Maveryx.

From Desktop to Wearable to Testing Belgium Testing Days 2015 Alfonso Nocella, Maveryx.
Phu H. Phung Chalmers University of Technology JSTools’ 12 June 13, 2012, Beijing, China Joint work with Lieven Desmet (KU Leuven)

Phu H. Phung Chalmers University of Technology JSTools’ 12 June 13, 2012, Beijing, China Joint work with Lieven Desmet (KU Leuven)
Subspace: Secure Cross-Domain Communication for Web Mashups Collin Jackson Stanford University Helen J. Wang Microsoft Research ACM WWW, May, 2007 Presenter:

Subspace: Secure Cross-Domain Communication for Web Mashups Collin Jackson Stanford University Helen J. Wang Microsoft Research ACM WWW, May, 2007 Presenter:

Similar presentations

Ads by Google