论文信息 - Cross-Origin JavaScript Capability Leaks: Detection, Exploitation, and Defense

Cross-Origin JavaScript Capability Leaks: Detection, Exploitation, and Defense

We identify a class of Web browser implementation vulnerabilities, cross-origin JavaScript capability leaks, which occur when the browser leaks a JavaScript pointer from one security origin to another. We devise an algorithm for detecting these vulnerabilities by monitoring the "points-to" relation of the JavaScript heap. Our algorithm finds a number of new vulnerabilities in the opensource WebKit browser engine used by Safari. We propose an approach to mitigate this class of vulnerabilities by adding access control checks to browser JavaScript engines. These access control checks are backwardscompatible because they do not alter semantics of the Web platform. Through an application of the inline cache, we implement these checks with an overhead of 1-2% on industry-standard benchmarks.

Dawn Xiaodong Song | Adam Barth | Joel Weinberger

[1] Norman Hardy,et al. KeyKOS architecture , 1985, OPSR.

[2] Yi-Min Wang,et al. An analysis of browser domain-isolation bugs and a light-weight transparent defense mechanism , 2007, CCS '07.

[3] Ankur Taly,et al. An Operational Semantics for JavaScript , 2008, APLAS.

[4] Jonathan M. Smith,et al. EROS: a fast capability system , 1999, SOSP.

[5] Collin Jackson,et al. Securing frame communication in browsers , 2008, CACM.

[6] Helen J. Wang,et al. Subspace: secure cross-domain communication for web mashups , 2007, WWW '07.

[7] Norman Hardy,et al. The Confused Deputy: (or why capabilities might have been invented) , 1988, OPSR.

[8] Robbert van Renesse,et al. Amoeba A Distributed Operating System for the 1990 s Sape , 1990 .

[9] Samuel T. King,et al. Secure Web Browsing with the OP Web Browser , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).