Protecting sensitive web content from client-side vulnerabilities with CRYPTONS

Web browsers isolate web origins, but do not provide direct abstractions to isolate sensitive data and control computation over it within the same origin. As a result, guaranteeing security of sensitive web content requires trusting all code in the browser and client-side applications to be vulnerability-free. In this paper, we propose a new abstraction, called Crypton, which supports intra-origin control over sensitive data throughout its life cycle. To securely enforce the semantics of Cryptons, we develop a standalone component called Crypton-Kernel, which extensively leverages the functionality of existing web browsers without relying on their large TCB. Our evaluation demonstrates that the Crypton abstraction supported by the Crypton-Kernel is widely applicable to popular real-world applications with millions of users, including webmail, chat, blog applications, and Alexa Top 50 websites, with low performance overhead.

[1]  Jerome H. Saltzer,et al.  The protection of information in computer systems , 1975, Proc. IEEE.

[2]  P. S. Tasker,et al.  DEPARTMENT OF DEFENSE TRUSTED COMPUTER SYSTEM EVALUATION CRITERIA , 1985 .

[3]  John M. Boone,et al.  INTEGRITY-ORIENTED CONTROL OBJECTIVES: PROPOSED REVISIONS TO THE TRUSTED COMPUTER SYSTEM EVALUATION CRITERIA (TCSEC), DoD 5200.28-STD , 1991 .

[4]  Robert Wahbe,et al.  Efficient software-based fault isolation , 1994, SOSP '93.

[5]  Dan Boneh,et al.  Architectural support for copy and tamper resistant software , 2000, SIGP.

[6]  Martin P. Clark Appendix 4: Internet Engineering Task Force (IETF) Request for Comment (RFC) Listing , 2003 .

[7]  Dan Boneh,et al.  Architectural Support For Copy And Tamper-Resistant Software PhD Thesis , 2003 .

[8]  David Brumley,et al.  Privtrans: Automatically Partitioning Programs for Privilege Separation , 2004, USENIX Security Symposium.

[9]  Sean W. Smith,et al.  Trusted paths for browsers , 2002, TSEC.

[10]  David Brumley,et al.  Remote timing attacks are practical , 2003, Comput. Networks.

[11]  Steven D. Gribble,et al.  A safety-oriented platform for Web applications , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[12]  Christopher Krügel,et al.  Cross Site Scripting Prevention with Dynamic Data Tainting and Static Analysis , 2007, NDSS.

[13]  Prateek Saxena Static Binary Analysis and Transformation fo Sandboxing Untrusted Plugins , 2007 .

[14]  Lorrie Faith Cranor,et al.  Cantina: a content-based approach to detecting phishing web sites , 2007, WWW '07.

[15]  Niels Provos,et al.  A framework for detection and measurement of phishing attacks , 2007, WORM '07.

[16]  Cong Nie Dynamic Root of Trust in Trusted Computing , 2007 .

[17]  Desney S. Tan,et al.  An Evaluation of Extended Validation and Picture-in-Picture Phishing Attacks , 2007, Financial Cryptography.

[18]  Mark Handley,et al.  Wedge: Splitting Applications into Reduced-Privilege Compartments , 2008, NSDI.

[19]  Adrian Perrig,et al.  Perspectives: Improving SSH-style Host Authentication with Multi-Path Probing , 2008, USENIX Annual Technical Conference.

[20]  P. Saxena,et al.  A Practical Technique for Containment of Untrusted Plug-ins , 2008 .

[21]  R. Sekar,et al.  Efficient fine-grained binary instrumentationwith applications to taint-tracking , 2008, CGO '08.

[22]  Zhenkai Liang,et al.  BitBlaze: A New Approach to Computer Security via Binary Analysis , 2008, ICISS.

[23]  R. Sekar,et al.  On the Limits of Information Flow Techniques for Malware Analysis and Containment , 2008, DIMVA.

[24]  Hao Chen,et al.  OMash: enabling secure web mashups via object abstractions , 2008, CCS.

[25]  Haining Wang,et al.  Anti-Phishing in Offense and Defense , 2008, 2008 Annual Computer Security Applications Conference (ACSAC).

[26]  Stephen McCamant,et al.  Loop-extended symbolic execution on binary programs , 2009, ISSTA.

[27]  Michael K. Reiter,et al.  Safe Passage for Passwords and Other Sensitive Data , 2009, NDSS.

[28]  Is it too late for PAKE ? , 2009 .

[29]  Adam Barth,et al.  The Security Architecture of the Chromium Browser , 2009 .

[30]  Helen J. Wang,et al.  The Multi-Principal OS Construction of the Gazelle Web Browser , 2009, USENIX Security Symposium.

[31]  Dawn Xiaodong Song,et al.  Document Structure Integrity: A Robust Basis for Cross-site Scripting Defense , 2009, NDSS.

[32]  Markus Dürmuth,et al.  A Provably Secure and Efficient Countermeasure against Timing Attacks , 2009, 2009 22nd IEEE Computer Security Foundations Symposium.

[33]  Kevin Borders,et al.  Protecting Confidential Data on Personal Computers with Storage Capsules , 2009, USENIX Security Symposium.

[34]  P. Saxena,et al.  The Emperor ’ s New APIs : On the ( In ) Secure Usage of New Client-side Primitives , 2010 .

[35]  Steve Hanna,et al.  A Symbolic Execution Framework for JavaScript , 2010, 2010 IEEE Symposium on Security and Privacy.

[36]  Samuel T. King,et al.  Trust and Protection in the Illinois Browser Operating System , 2010, OSDI.

[37]  Steve Hanna,et al.  FLAX: Systematic Discovery of Client-side Validation Vulnerabilities in Rich Web Applications , 2010, NDSS.

[38]  Christopher Krügel,et al.  A solution for the automated detection of clickjacking attacks , 2010, ASIACCS '10.

[39]  Trent Jaeger,et al.  An architecture for enforcing end-to-end access control over web applications , 2010, SACMAT '10.

[40]  Wenliang Du,et al.  ESCUDO: A Fine-Grained Protection Model for Web Browsers , 2010, 2010 IEEE 30th International Conference on Distributed Computing Systems.

[41]  Rui Wang,et al.  Side-Channel Leaks in Web Applications: A Reality Today, a Challenge Tomorrow , 2010, 2010 IEEE Symposium on Security and Privacy.

[42]  Adam Barth,et al.  Protecting Browsers from Extension Vulnerabilities , 2010, NDSS.

[43]  Benjamin Livshits,et al.  ConScript: Specifying and Enforcing Fine-Grained Security Policies for JavaScript in the Browser , 2010, 2010 IEEE Symposium on Security and Privacy.

[44]  V. N. Venkatakrishnan,et al.  AdJail: Practical Enforcement of Confidentiality and Integrity Policies on Web Advertisements , 2010, USENIX Security Symposium.

[45]  Yuchen Zhou,et al.  Protecting Private Web Content from Embedded Scripts , 2011, ESORICS.

[46]  Alan O. Freier,et al.  Internet Engineering Task Force (ietf) the Secure Sockets Layer (ssl) Protocol Version 3.0 , 2022 .

[47]  Zhenkai Liang,et al.  AdSentry: comprehensive and flexible confinement of JavaScript-based advertisements , 2011, ACSAC '11.

[48]  Eric Yawei Chen,et al.  App isolation: get the security of multiple browsers with just one , 2011, CCS '11.

[49]  Samuel T. King,et al.  Designing and Implementing the OP and OP2 Web Browsers , 2011, TWEB.

[50]  Wenliang Du,et al.  Contego: Capability-Based Access Control for Web Browsers - (Short Paper) , 2011, TRUST.

[51]  Dawn Xiaodong Song,et al.  A Systematic Analysis of XSS Sanitization in Web Application Frameworks , 2011, ESORICS.

[52]  Elaine Shi,et al.  Do You Know Where Your Data Are? Secure Data Capsules for Deployable Data Protection , 2011, HotOS.

[53]  Zhenkai Liang,et al.  Towards Fine-Grained Access Control in JavaScript Contexts , 2011, 2011 31st International Conference on Distributed Computing Systems.

[54]  Michael K. Reiter,et al.  Usability Testing a Malware-Resistant Input Mechanism , 2011, NDSS.

[55]  Helen J. Wang,et al.  Clickjacking: Attacks and Defenses , 2012, USENIX Security Symposium.

[56]  Yang Tang,et al.  CleanOS: Limiting Mobile Data Exposure with Idle Eviction , 2012, OSDI.

[57]  Krishna P. Gummadi,et al.  Policy-Sealed Data: A New Abstraction for Building Trusted Cloud Services , 2012, USENIX Security Symposium.

[58]  Dawn Xiaodong Song,et al.  Privilege Separation in HTML5 Applications , 2012, USENIX Security Symposium.

[59]  David A. Wagner,et al.  An Evaluation of the Google Chrome Extension Security Architecture , 2012, USENIX Security Symposium.

[60]  E. Chen,et al.  Self-Exfiltration : The Dangers of Browser-Enforced Information Flow Control , 2012 .

[61]  Frank Stajano,et al.  The Quest to Replace Passwords: A Framework for Comparative Evaluation of Web Authentication Schemes , 2012, 2012 IEEE Symposium on Security and Privacy.

[62]  Xuhua Ding,et al.  Virtualization Based Password Protection against Malware in Untrusted Operating Systems , 2012, TRUST.

[63]  Ruby B. Lee,et al.  A software-hardware architecture for self-protecting data , 2012, CCS.

[64]  Dan Boneh,et al.  Neuroscience Meets Cryptography: Designing Crypto Primitives Secure Against Rubber Hose Attacks , 2012, USENIX Security Symposium.

[65]  Helen J. Wang,et al.  User-Driven Access Control: Rethinking Permission Granting in Modern Operating Systems , 2012, 2012 IEEE Symposium on Security and Privacy.

[66]  James Newsome,et al.  Building Verifiable Trusted Path on Commodity x86 Computers , 2012, 2012 IEEE Symposium on Security and Privacy.

[67]  Zhenkai Liang,et al.  A Quantitative Evaluation of Privilege Separation in Web Browser Designs , 2013, ESORICS.