论文信息 - You Can't Be Me: Enabling Trusted Paths and User Sub-origins in Web Browsers

You Can't Be Me: Enabling Trusted Paths and User Sub-origins in Web Browsers

Once a web application authenticates a user, it loosely associates all resources owned by the user to the web session established. Consequently, any scripts injected into the victim web session attain unfettered access to user-owned resources, including scripts that commit malicious activities inside a web application. In this paper, we establish the first explicit notion of user sub-origins to defeat such attempts. Based on this notion, we propose a new solution called UserPath to establish an end-to-end trusted path between web application users and web servers. To evaluate our solution, we implement a prototype in Chromium, and retrofit it to 20 popular web applications. UserPath reduces the size of client-side TCB that has access to user-owned resources by 8x to 264x, with small developer effort.

[1] Thomas D. Wu. The Secure Remote Password Protocol , 1998, NDSS.

[2] Niels Provos,et al. Preventing Privilege Escalation , 2003, USENIX Security Symposium.

[3] David Brumley,et al. Privtrans: Automatically Partitioning Programs for Privilege Separation , 2004, USENIX Security Symposium.

[4] Sean W. Smith,et al. Trusted paths for browsers , 2002, TSEC.

[5] Min Wu,et al. Web wallet: preventing phishing attacks by revealing user intentions , 2006, SOUPS '06.

[6] Desney S. Tan,et al. An Evaluation of Extended Validation and Picture-in-Picture Phishing Attacks , 2007, Financial Cryptography.

[7] Collin Jackson,et al. Robust defenses for cross-site request forgery , 2008, CCS.

[8] Hao Chen,et al. Noncespaces: Using Randomization to Enforce Information Flow Tracking and Thwart Cross-Site Scripting Attacks , 2009, NDSS.

[9] V. N. Venkatakrishnan,et al. Blueprint: Robust Prevention of Cross-site Scripting Attacks for Existing Browsers , 2009, 2009 30th IEEE Symposium on Security and Privacy.

[10] Hajime Watanabe,et al. PAKE-based mutual HTTP authentication for preventing phishing attacks , 2009, WWW '09.

[11] Adrian Perrig,et al. CLAMP: Practical Prevention of Large-Scale Data Leaks , 2009, 2009 30th IEEE Symposium on Security and Privacy.

[12] Michael K. Reiter,et al. Safe Passage for Passwords and Other Sensitive Data , 2009, NDSS.

[13] Is it too late for PAKE ? , 2009 .

[14] Adam Barth,et al. The Security Architecture of the Chromium Browser , 2009 .

[15] Helen J. Wang,et al. The Multi-Principal OS Construction of the Gazelle Web Browser , 2009, USENIX Security Symposium.

[16] Dawn Xiaodong Song,et al. Document Structure Integrity: A Robust Basis for Cross-site Scripting Defense , 2009, NDSS.

[17] Collin Jackson,et al. Rootkits for JavaScript Environments , 2009, WOOT.

[18] Dawn Xiaodong Song,et al. Towards a Formal Foundation of Web Security , 2010, 2010 23rd IEEE Computer Security Foundations Symposium.

[19] Adam Barth,et al. Protecting Browsers from Extension Vulnerabilities , 2010, NDSS.

[20] Ankur Taly,et al. Object Capabilities and Isolation of Untrusted Web Applications , 2010, 2010 IEEE Symposium on Security and Privacy.

[21] V. N. Venkatakrishnan,et al. NoTamper: automatic blackbox detection of parameter tampering opportunities in web applications , 2010, CCS '10.

[22] Yuchen Zhou,et al. Protecting Private Web Content from Embedded Scripts , 2011, ESORICS.

[23] Zhenkai Liang,et al. AdSentry: comprehensive and flexible confinement of JavaScript-based advertisements , 2011, ACSAC '11.

[24] David A. Wagner,et al. Diesel: applying privilege separation to database access , 2011, ASIACCS '11.

[25] Samuel T. King,et al. Designing and Implementing the OP and OP2 Web Browsers , 2011, TWEB.

[26] Michael K. Reiter,et al. Usability Testing a Malware-Resistant Input Mechanism , 2011, NDSS.

[27] Helen J. Wang,et al. Clickjacking: Attacks and Defenses , 2012, USENIX Security Symposium.

[28] Dawn Xiaodong Song,et al. Privilege Separation in HTML5 Applications , 2012, USENIX Security Symposium.

[29] Vinod Yegneswaran,et al. PathCutter: Severing the Self-Propagation Path of XSS JavaScript Worms in Social Web Networks , 2012, NDSS.

[30] E. Chen,et al. Self-Exfiltration : The Dangers of Browser-Enforced Information Flow Control , 2012 .

[31] Dan S. Wallach,et al. Origin-Bound Certificates: A Fresh Approach to Strong Client Authentication for the Web , 2012, USENIX Security Symposium.

[32] Tadayoshi Kohno,et al. User interface toolkit mechanisms for securing interface elements , 2012, UIST.

[33] Peter R. Pietzuch,et al. CloudFilter: practical control of sensitive data propagation to the cloud , 2012, CCSW '12.

[34] Helen J. Wang,et al. User-Driven Access Control: Rethinking Permission Granting in Modern Operating Systems , 2012, 2012 IEEE Symposium on Security and Privacy.

[35] Lei Liu,et al. Chrome Extensions: Threat Analysis and Countermeasures , 2012, NDSS.

[36] James Newsome,et al. Building Verifiable Trusted Path on Commodity x86 Computers , 2012, 2012 IEEE Symposium on Security and Privacy.

[37] Zhenkai Liang,et al. Protecting sensitive web content from client-side vulnerabilities with CRYPTONS , 2013, CCS.

[38] Ping Chen,et al. A Dangerous Mix: Large-Scale Analysis of Mixed-Content Websites , 2013, ISC.

[39] Zhenkai Liang,et al. A Comprehensive Client-Side Behavior Model for Diagnosing Attacks in Ajax Applications , 2013, 2013 18th International Conference on Engineering of Complex Computer Systems.

[40] Dawn Xiaodong Song,et al. Data-Confined HTML5 Applications , 2013, ESORICS.

[41] Karthikeyan Bhargavan,et al. Language-based Defenses Against Untrusted Browser Origins , 2013, USENIX Security Symposium.

[42] Zhenkai Liang,et al. A Quantitative Evaluation of Privilege Separation in Web Browser Designs , 2013, ESORICS.

[43] Sushil Jajodia,et al. Computer Security – ESORICS 2013 , 2013, Lecture Notes in Computer Science.

[44] Martin Johns,et al. PreparedJS: Secure Script-Templates for JavaScript , 2013, DIMVA.

[45] Tianhao Tong. GuarDroid : A Trusted Path for Password Entry , 2013 .