论文信息 - Preventing Capability Leaks in Secure JavaScript Subsets

Preventing Capability Leaks in Secure JavaScript Subsets

Publishers wish to sandbox third-party advertisements to protect themselves from malicious advertisements. One promising approach, used by ADsafe, Dojo Secure, and Jacaranda, sandboxes advertisements by statically verifying that their JavaScript conforms to a safe subset of the language. These systems blacklist known dangerous properties that would let advertisements escape the sandbox. Unfortunately, this approach does not prevent advertisements from accessing new methods added to the built-in prototype objects by the hosting page. In this paper, we show that onethird of the Alexa US Top 100 web sites would be exploitable by an ADsafe-verified advertisement. We propose an improved statically verified JavaScript subset that whitelists known-safe properties using namespaces. Our approach maintains the expressiveness and performance of static verification while improving security.

Adam Barth | Joel Weinberger | Matthew Finifter

[1] A. Barth,et al. Attacks on JavaScript Mashup Communication , 2009 .

[2] Yi-Min Wang,et al. An analysis of browser domain-isolation bugs and a light-weight transparent defense mechanism , 2007, CCS '07.

[3] Benjamin Livshits,et al. GATEKEEPER: Mostly Static Enforcement of Security and Reliability Policies for JavaScript Code , 2009, USENIX Security Symposium.

[4] Dawn Xiaodong Song,et al. Cross-Origin JavaScript Capability Leaks: Detection, Exploitation, and Defense , 2009, USENIX Security Symposium.

[5] Helen J. Wang,et al. Subspace: secure cross-domain communication for web mashups , 2007, WWW '07.

[6] Hao Chen,et al. OMash: enabling secure web mashups via object abstractions , 2008, CCS.

[7] Ankur Taly,et al. An Operational Semantics for JavaScript , 2008, APLAS.

[8] Helen J. Wang,et al. MashupOS: Operating System Abstractions for Client Mashups , 2007, HotOS.

[9] Michael Steiner,et al. SMash: secure component model for cross-domain mashups on unmodified browsers , 2008, WWW.

[10] Haining Wang,et al. Characterizing insecure javascript practices on the web , 2009, WWW '09.

[11] Ankur Taly,et al. Language-Based Isolation of Untrusted JavaScript , 2009, 2009 22nd IEEE Computer Security Foundations Symposium.

[12] Westley Weimer,et al. Talking to strangers without taking their candy: isolating proxied content , 2008, SocialNets '08.

[13] S. Maffeis. Run-Time Enforcement of Secure JavaScript Subsets , 2009 .