论文信息 - Systematical Vulnerability Detection in Browser Validation Mechanism

Systematical Vulnerability Detection in Browser Validation Mechanism

At present, the complexity of input and unverified assumptions about other components of the rich web applications is a problem requesting much more attention. Most client-side applications are designed without the full consideration of input validation. These issues can cause a new class of web threats. To deal with the security issues above, we classify and highlight a new class of vulnerabilities which is described as the browser input validation vulnerability. This class of vulnerability arises from unsafe usage of unauthentic data or scripts. These elements can be inserted in the frame and be executed in the scripting language engine of the browsers to make an assault. To systematically discover the vulnerabilities of this class, in this paper, we propose and implement one combination of dynamic analysis and comparison technique. By using several vulnerabilities as testing cases, the techniques are light-weight, efficient, and have low rate of false positive and false negative.

Wang Qingxian | Zeng Chufeng

[1] Dan Boneh,et al. Protecting browser state from web privacy attacks , 2006, WWW '06.

[2] Dawn Xiaodong Song,et al. Towards a Formal Foundation of Web Security , 2010, 2010 23rd IEEE Computer Security Foundations Symposium.

[3] Dawn Xiaodong Song,et al. A Systematic Analysis of XSS Sanitization in Web Application Frameworks , 2011, ESORICS.

[4] Dawn Xiaodong Song,et al. Cross-Origin JavaScript Capability Leaks: Detection, Exploitation, and Defense , 2009, USENIX Security Symposium.

[5] Hao Chen,et al. OMash: enabling secure web mashups via object abstractions , 2008, CCS.

[6] Michael Hicks,et al. Defeating script injection attacks with browser-enforced embedded policies , 2007, WWW '07.

[7] Michael Steiner,et al. SMash: secure component model for cross-domain mashups on unmodified browsers , 2008, WWW.

[8] A. Barth,et al. Attacks on JavaScript Mashup Communication , 2009 .

[9] Michael D. Ernst,et al. HAMPI: a solver for string constraints , 2009, ISSTA.

[10] Ankur Taly,et al. An Operational Semantics for JavaScript , 2008, APLAS.

[11] Harish Patil,et al. Pin: building customized program analysis tools with dynamic instrumentation , 2005, PLDI '05.

[12] Collin Jackson,et al. Regular expressions considered harmful in client-side XSS filters , 2010, WWW '10.