论文信息 - Code-Injection Attacks in Browsers Supporting Policies

Code-Injection Attacks in Browsers Supporting Policies

Code-injection attacks can take place in a large variety of layers, from native code to databases and web applications. The latter case involves mainly client-side code injection in the browser environment, also known as Cross-Site Scripting (XSS). There are numerous ways to defeat XSS attacks, from static and taint analysis to policy enforcement in the web browser. In this paper, we enlist new forms of XSS attacks that seek to bypass browser enforced policies. The attacks outlined in this paper resemble the classic return-tolibc attack in native code. We propose a new form of code isolation, based on browser actions, in order to mitigate the problem.

E. Markatos | E. Athanasopoulos | Vasilis Pappas

[1] A. One,et al. Smashing The Stack For Fun And Profit , 1996 .

[2] Chris Anley,et al. Advanced SQL Injection In SQL Server Applications , 2002 .

[3] Jesse James Garrett. Ajax: A New Approach to Web Applications , 2007 .

[4] Michael Hicks,et al. Defeating script injection attacks with browser-enforced embedded policies , 2007, WWW '07.

[5] Hovav Shacham,et al. The geometry of innocent flesh on the bone: return-into-libc without function calls (on the x86) , 2007, CCS '07.

[6] M. Louw,et al. Analysis of Hypertext Isolation Techniques for XSS Prevention , 2008 .

[7] Hao Chen,et al. Noncespaces: Using Randomization to Enforce Information Flow Tracking and Thwart Cross-Site Scripting Attacks , 2009, NDSS.

[8] Dawn Xiaodong Song,et al. Secure Content Sniffing for Web Browsers, or How to Stop Papers from Reviewing Themselves , 2009, 2009 30th IEEE Symposium on Security and Privacy.

[9] Dawn Xiaodong Song,et al. Document Structure Integrity: A Robust Basis for Cross-site Scripting Defense , 2009, NDSS.