Virtual browser: a virtualized browser to sandbox third-party JavaScripts with enhanced security

Third party JavaScripts not only offer much richer features to the web and its applications but also introduce new threats. These scripts cannot be completely trusted and executed with the privileges given to host web sites. Due to incomplete virtualization and lack of tracking all the data flows, all existing approaches without native sandbox support can secure only a subset of third party JavaScripts, and they are vulnerable to attacks encoded in non-standard HTML/-JavaScript (browser quirks) as these approaches will parse third party JavaScripts independently at server side without considering client-side non-standard parsing quirks. At the same time, native sandboxes are vulnerable to attacks based on unknown native JavaScript engine bugs. In this paper, we propose Virtual Browser, a full browser-level virtualized environment within existing browsers for executing untrusted third party code. Our approach supports more complete JavaScript language features including those hard-to-secure functions, such as with and eval. Since Virtual Browser does not rely on native browser parsing behavior, there is no possibility of attacks being executed through browser quirks. Moreover, given the third-party Javascripts are running in Virtual Browser instead of native browsers, it is harder for the attackers to exploit unknown vulnerabilities in the native JavaScript engine. In our design, we first completely isolate Virtual Browser from the native browser components and then introduce communication by adding data flows carefully examined for security. The evaluation of the Virtual Browser prototype shows that our execution speed is the same as Microsoft Web Sandbox[5], a state of the art runtime web-level sandbox. In addition, Virtual Browser is more secure and supports more complete JavaScript for third party JavaScript development.

[1]  Haining Wang,et al.  Characterizing insecure javascript practices on the web , 2009, WWW '09.

[2]  S. Maffeis Run-Time Enforcement of Secure JavaScript Subsets , 2009 .

[3]  Dawn Xiaodong Song,et al.  Cross-Origin JavaScript Capability Leaks: Detection, Exploitation, and Defense , 2009, USENIX Security Symposium.

[4]  Hao Chen,et al.  OMash: enabling secure web mashups via object abstractions , 2008, CCS.

[5]  Adam Barth,et al.  Preventing Capability Leaks in Secure JavaScript Subsets , 2010, NDSS.

[6]  Bennet S. Yee,et al.  Native Client: A Sandbox for Portable, Untrusted x86 Native Code , 2009, 2009 30th IEEE Symposium on Security and Privacy.

[7]  Ajay Chander,et al.  JavaScript instrumentation for browser security , 2007, POPL '07.

[8]  Benjamin Livshits,et al.  ConScript: Specifying and Enforcing Fine-Grained Security Policies for JavaScript in the Browser , 2010, 2010 IEEE Symposium on Security and Privacy.

[9]  Benjamin Livshits,et al.  GATEKEEPER: Mostly Static Enforcement of Security and Reliability Policies for JavaScript Code , 2009, USENIX Security Symposium.

[10]  Helen J. Wang,et al.  BrowserShield: vulnerability-driven filtering of dynamic HTML , 2006, OSDI '06.

[11]  Michael Steiner,et al.  SMash: secure component model for cross-domain mashups on unmodified browsers , 2008, WWW.

[12]  Helen J. Wang,et al.  Protection and communication abstractions for web browsers in MashupOS , 2007, SOSP.

[13]  Hiroshi Inamura,et al.  JavaScript Instrumentation in Practice , 2008, APLAS.

[14]  Joe Gibbs Politz,et al.  ADsafety: Type-Based Verification of JavaScript Sandboxing , 2011, USENIX Security Symposium.

[15]  Wouter Joosen,et al.  WebJail: least-privilege integration of third-party components in web mashups , 2011, ACSAC '11.

[16]  Dawn Xiaodong Song,et al.  Document Structure Integrity: A Robust Basis for Cross-site Scripting Defense , 2009, NDSS.

[17]  Leo A. Meyerovich,et al.  Object views: fine-grained sharing in browsers , 2010, WWW '10.

[18]  D. T. Lee,et al.  Securing web application code by static analysis and runtime protection , 2004, WWW '04.

[19]  V. N. Venkatakrishnan,et al.  Blueprint: Robust Prevention of Cross-site Scripting Attacks for Existing Browsers , 2009, 2009 30th IEEE Symposium on Security and Privacy.

[20]  A. Barth,et al.  Attacks on JavaScript Mashup Communication , 2009 .

[21]  Zhenkai Liang,et al.  AdSentry: comprehensive and flexible confinement of JavaScript-based advertisements , 2011, ACSAC '11.

[22]  V. N. Venkatakrishnan,et al.  AdJail: Practical Enforcement of Confidentiality and Integrity Policies on Web Advertisements , 2010, USENIX Security Symposium.

[23]  Collin Jackson,et al.  Securing frame communication in browsers , 2008, CACM.