Presentation is loading. Please wait.

Presentation is loading. Please wait.

The Most Dangerous Code in the Browser Stefan Heule, Devon Rifkin, Alejandro Russo, Deian Stefan Stanford University, Chalmers University of Technology.

Published byCamilla Willis Modified over 9 years ago

Similar presentations

Presentation on theme: "The Most Dangerous Code in the Browser Stefan Heule, Devon Rifkin, Alejandro Russo, Deian Stefan Stanford University, Chalmers University of Technology."— Presentation transcript:

1 The Most Dangerous Code in the Browser Stefan Heule, Devon Rifkin, Alejandro Russo, Deian Stefan Stanford University, Chalmers University of Technology

2 Web Browsers Today One of the most popular application platforms – Easy to deploy and access – Almost anything available as a web app – Including very sensitive content (e.g., banking, email, passwords, health care) Security built in – E.g., website cannot steal locally stored photos – Achieved through, e.g., same-origin policy (SOP) – User does not need to worry about this

3 Browser Extensions Users want more functionality – Customize websites: content, behavior and display – New functionality for websites – Change browser Browsers provide extension systems

4 Extension Security Extensions are meant to interact with websites – Challenging for user privacy and security Firefox – Extensions are powerful Can change almost any aspect (and run native code) – Can be installed from anywhere – Web store: static analysis and human review

5 Chrome Extension Security Split into extensions and plugins Plugins: native code – Flash, Java, PDF, Silverlight – Require manual review Extensions: JavaScript based – Vast majority are in this category – Extension can only be installed from Chrome Web Store

6 Chrome Extension Architecture Content Script Extension Core History Tabs DOM Process Boundary Isolated worlds

7 Chrome Threat Model Extensions are benign-but-buggy – Protect extensions from websites Principle of least privilege – Extensions ask for permissions – Typically asked for at install time

8 Permissions of Top 500 Extensions 71.6% can “Read and modify all your data on all websites you visit”

9 Permissions are Meaningless

10 Problems Permissions are broad and vague; without context Users desensitized to permission requests Incentives for developers to asks for too many permissions – Adding permissions later requires user action Attacker model assumes extensions to be benign

11 Attacks in the Wild Google recently removed ~200 malicious extensions [Oakland’15] – 5% of unique IPs accessing Google had at least one malicious extension – Some injected ads, others steal personal information Popular extension developers get contacted to sell extension – And then update with malicious code

12 New Extension System: Goals 1.Handle mutually distrusting code – Extensions are protected from websites – Sensitive (website) user data is protected from extensions Attacker executes arbitrary extension to leak user data 2.Provide a meaningful permission system – Safe behavior should not require permission – Permissions should be fine-grained and content- specific 3.Incentivize safety – Many extensions should not require permissions

13 Preliminary Design Reading sensitive data is safe – if not disseminated arbitrarily Mandatory access control (MAC) confinement – Track sensitivity of information through application Proposal: use coarse-grained confinement system like COWL [OSDI’14]

14 Example: Google Mail Checker Extension reads unread count from gmail – Gets tainted with mail.google.com – No further communication with evil.com allowed Not all extensions are this simple – Need richer extension APIs

15 Explicit Sharing Some users want to leak information – Save snippet to Evernote – Share webpage to Pintrest Forbidden according to MAC – Corresponds to information declassification Leverage user intent with a sharing API – Trusted UI, e.g. “Share with …” context menu

16 Encrypted Sharing System allows labeled values – Can freely be passed, only tainted when inspected Encryption API takes labeled value, returns unlabeled encrypted value – Can now be freely shared, e.g. sync to other device Secure LastPass-style password manager – Cloud only sees encrypted values, user controls master key – When decrypted, passwords cannot leave browser due to MAC

17 More APIs Declarative CSS API – Change the display of a website Networking API – E.g., to block undesired requests (AdBlock) DOM access – Isolate extension from website using shadow DOM

18 Safe by Default When a large class of extensions can be written safely without permissions, warnings can become meaningful again

19 Conclusion Extensions most dangerous to user privacy – This need not be! Strong guarantees of MAC-based confinement system allow many extensions to be safe Meaningful permissions/warnings otherwise – Fine-grained and content specific, at runtime

20 Questions? Thank you :-)

Download ppt "The Most Dangerous Code in the Browser Stefan Heule, Devon Rifkin, Alejandro Russo, Deian Stefan Stanford University, Chalmers University of Technology."

Similar presentations

Protecting Browser State from Web Privacy Attacks Collin Jackson, Andrew Bortz, Dan Boneh, John Mitchell Stanford University.

Protecting Browser State from Web Privacy Attacks Collin Jackson, Andrew Bortz, Dan Boneh, John Mitchell Stanford University.
Presented by Vaibhav Rastogi. Current browsers try to separate host system from Web Websites evolved into web applications Lot of private data on the.

Presented by Vaibhav Rastogi. Current browsers try to separate host system from Web Websites evolved into web applications Lot of private data on the.
ForceHTTPS: Protecting High-Security Web Sites from Network Attacks Collin Jackson and Adam Barth.

ForceHTTPS: Protecting High-Security Web Sites from Network Attacks Collin Jackson and Adam Barth.
Chrome Extentions Vulnerabilities. Introduction Google Chrome Browser Chrome OS Platform Chrome Web Store Applications Open Source Platform.

Chrome Extentions Vulnerabilities. Introduction Google Chrome Browser Chrome OS Platform Chrome Web Store Applications Open Source Platform.
Browser Comparisons Internet Explorer 8 & 9, Chrome 11 and Firefox 4 Security, Privacy, Add-ons & Convenience.

Browser Comparisons Internet Explorer 8 & 9, Chrome 11 and Firefox 4 Security, Privacy, Add-ons & Convenience.
Hulk: Eliciting Malicious Behavior in Browser Extensions

Hulk: Eliciting Malicious Behavior in Browser Extensions
張逸文 P ROTECTING B ROWSERS FROM E XTENSION V ULNERABILITIES NDSS 2010 Adam Barth, University of California, Berkeley Adrienne Porter Felt, University of.

張逸文 P ROTECTING B ROWSERS FROM E XTENSION V ULNERABILITIES NDSS 2010 Adam Barth, University of California, Berkeley Adrienne Porter Felt, University of.
Georgios Kontaxis, Michalis Polychronakis Angelos D. Keromytis, Evangelos P. Markatos Siddhant Ujjain (2009cs10219) Deepak Sharma (2009cs10185)

Georgios Kontaxis, Michalis Polychronakis Angelos D. Keromytis, Evangelos P. Markatos Siddhant Ujjain (2009cs10219) Deepak Sharma (2009cs10185)
Android Security. N-Degree of Separation Applications can be thought as composed by Main Functionality Several Non-functional Concerns Security is a non-functional.

Android Security. N-Degree of Separation Applications can be thought as composed by Main Functionality Several Non-functional Concerns Security is a non-functional.
An Evaluation of the Google Chrome Extension Security Architecture

An Evaluation of the Google Chrome Extension Security Architecture
Securing Interaction for Sites, Apps and Extensions in the Browser Brad Miller J. D. Tygar.

Securing Interaction for Sites, Apps and Extensions in the Browser Brad Miller J. D. Tygar.
Building and Deploying Safe and Secure Android Apps for Enterprise Presented by Technology Consulting Group at Endeavour Software Technologies.

Building and Deploying Safe and Secure Android Apps for Enterprise Presented by Technology Consulting Group at Endeavour Software Technologies.
My First Building Block Presented By Tracy Engwirda 28 September, 2005.

My First Building Block Presented By Tracy Engwirda 28 September, 2005.
IFC Inside: Retrofitting Languages with Dynamic Information Flow Control Stefan Heule, Deian Stefan, Edward Z. Yang, John C. Mitchell, Alejandro Russo.

IFC Inside: Retrofitting Languages with Dynamic Information Flow Control Stefan Heule, Deian Stefan, Edward Z. Yang, John C. Mitchell, Alejandro Russo.
Privacy-Preserving Browser-Side Scripting With BFlow Alexander Yip, Neha Narula, Maxwell Krohn, Robert Morris Massachusetts Institute of Technology.

Privacy-Preserving Browser-Side Scripting With BFlow Alexander Yip, Neha Narula, Maxwell Krohn, Robert Morris Massachusetts Institute of Technology.
The OWASP Foundation Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under.

The OWASP Foundation Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under.
Part or all of this lesson was adapted from the University of Washington’s “Web Design & Development I” Course materials.

Part or all of this lesson was adapted from the University of Washington’s “Web Design & Development I” Course materials.
Phu H. Phung Chalmers University of Technology JSTools’ 12 June 13, 2012, Beijing, China Joint work with Lieven Desmet (KU Leuven)

Phu H. Phung Chalmers University of Technology JSTools’ 12 June 13, 2012, Beijing, China Joint work with Lieven Desmet (KU Leuven)
Android Security Enforcement and Refinement. Android Applications --- Example Example of location-sensitive social networking application for mobile phones.

Android Security Enforcement and Refinement. Android Applications --- Example Example of location-sensitive social networking application for mobile phones.
1 Subspace: Secure Cross Domain Communication for Web Mashups Collin Jackson and Helen J. Wang Mamadou H. Diallo.

1 Subspace: Secure Cross Domain Communication for Web Mashups Collin Jackson and Helen J. Wang Mamadou H. Diallo.

Similar presentations

Ads by Google