BrowserShield: Vulnerability- Driven Filtering of Dynamic HTML  CHARLES REIS University of Washington  JOHN DUNAGAN, HELEN J. WANG, and OPHER DUBROVSKY.

Slides:

Advertisements

Similar presentations

Presented by Vaibhav Rastogi. Current browsers try to separate host system from Web Websites evolved into web applications Lot of private data on the.

Advertisements

JavaScript FaaDoOEngineers.com FaaDoOEngineers.com.

Java Script Session1 INTRODUCTION.

An Evaluation of the Google Chrome Extension Security Architecture

Languages for Dynamic Web Documents

1 Chapter 12 Working With Access 2000 on the Internet.

28/1/2001 Seminar in Databases in the Internet Environment Introduction to J ava S erver P ages technology by Naomi Chen.

Computer Security and Penetration Testing

1 Java Server Pages Can web pages be created specially for each user? What part does Java play?

BUILDING A SECURE STANDARD LIBRARY Information Assurance Project I MN Tajuddin hj. Tappe Supervisor Mdm. Rasimah Che Mohd Yusoff ASP.NET TECHNOLOGY.

1 CS428 Web Engineering Lecture 18 Introduction (PHP - I)

1 Subspace: Secure Cross Domain Communication for Web Mashups Collin Jackson and Helen J. Wang Mamadou H. Diallo.

Overview of JSP Technology. The need of JSP With servlets, it is easy to – Read form data – Read HTTP request headers – Set HTTP status codes and response.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 13 Slide 1 Application architectures.

DHTML. What is DHTML?  DHTML is the combination of several built-in browser features in fourth generation browsers that enable a web page to be more.

M. Taimoor Khan * Java Server Pages (JSP) is a server-side programming technology that enables the creation of dynamic,

4.1 JavaScript Introduction

FALL 2005CSI 4118 – UNIVERSITY OF OTTAWA1 Part 4 Web technologies: HTTP, CGI, PHP,Java applets)

JavaScript and The Document Object Model MMIS 656 Web Design Technologies Acknowledgements: 1.Notes from David Shrader, NSU GSCIS 2.Some material adapted.

CSCI 6962: Server-side Design and Programming Course Introduction and Overview.

Architecture Of ASP.NET. What is ASP?  Server-side scripting technology.  Files containing HTML and scripting code.  Access via HTTP requests.  Scripting.

CIS 375—Web App Dev II ASP.NET 2 Introducing Web Forms.

Copyright © cs-tutorial.com. Introduction to Web Development In 1990 and 1991,Tim Berners-Lee created the World Wide Web at the European Laboratory for.

Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Design Extensions to Google+ CS6204 Privacy and Security.

BLUEPRINT: Robust Prevention of Cross-site Scripting Attacks for Existing Browsers Mike Ter Louw, V.N. Venkatakrishnan University of Illinois at Chicago.

A really fairly simple guide to: mobile browser-based application development (part 4, JQuery & DOM) Chris Greenhalgh G54UBI / Chris Greenhalgh.

CNIT 133 Interactive Web Pags – JavaScript and AJAX JavaScript Environment.

Winrunner Usage - Best Practices S.A.Christopher.

3-Protecting Systems Dr. John P. Abraham Professor UTPA.

Master Thesis Defense Jan Fiedler 04/17/98

1 Internet Browsing Vulnerabilities and Security ECE4112 Final Lab Ye Yan Frank Park Scott Kim Neil Joshi.

JSF Introduction Copyright © Liferay, Inc. All Rights Reserved. No material may be reproduced electronically or in print without written permission.

Chapter 34 Java Technology for Active Web Documents methods used to provide continuous Web updates to browser – Server push – Active documents.

DEV-5: Introduction to WebSpeed ® Stephen Ferguson Sr. Training Program Manager.

CSCE 201 Web Browser Security Fall CSCE Farkas2 Web Evolution Web Evolution Past: Human usage – HTTP – Static Web pages (HTML) Current: Human.

Interception and Analysis Framework for Win32 Scripts (not for public release) Tim Hollebeek, Ph.D.

Introduction to JavaServer Pages. 2 JSP and Servlet Limitations of servlet  It’s inaccessible to non-programmers JSP is a complement to servlet  focuses.

SCALABLE EVOLUTION OF HIGHLY AVAILABLE SYSTEMS BY ABHISHEK ASOKAN 8/6/2004.

 2004 Prentice Hall, Inc. All rights reserved. Chapter 13 - Dynamic HTML: Object Model and Collections Outline 13.1 Introduction 13.2 Object Referencing.

G53SEC 1 Reference Monitors Enforcement of Access Control.

Copyright © cs-tutorial.com. Overview Introduction Architecture Implementation Evaluation.

Building Secure Web Applications With ASP.Net MVC.

JavaScript Tutorial 1 - Introduction to JavaScript1 Tutorial 1 Introduction to JavaScript Section A – Programming, HTML, and JavaScript.

Overview of Form and Javascript fundamentals. Brief matching exercise 1. This is the software that allows a user to access and view HTML documents 2.

Cs332a_chapt10.ppt CS332A Advanced HTML Programming DHTML Dynamic Hypertext Markup Language A term describing a series of technologies Not a stand-a-lone.

Web Pages with Features. Features on Web Pages Interactive Pages –Shows current date, get server’s IP, interactive quizzes Processing Forms –Serach a.

ASP (Active Server Pages) by Bülent & Resul. Presentation Outline Introduction What is an ASP file? How does ASP work? What can ASP do? Differences Between.

Buffer Overflow Attack Proofing of Code Binary Gopal Gupta, Parag Doshi, R. Reghuramalingam, Doug Harris The University of Texas at Dallas.

M. Alexander Helen J. Wang Yunxin Liu Microsoft Research 1 Presented by Zhaoliang Duan.

1 Technical & Business Writing (ENG-715) Muhammad Bilal Bashir UIIT, Rawalpindi.

Shield: Vulnerability-Driven Network Filters for Preventing Known Vulnerability Exploits H. Wang, C. Guo, D. Simon, and A. Zugenmaier Microsoft Research.

Introduction Program File Authorization Security Theorem Active Code Authorization Authorization Logic Implementation considerations Conclusion.

Rich Internet Applications 3. Client JavaScript. Document Object Model (DOM) The DOM, is an interface that allows scripts or programs to access and manipulate.

 Web pages originally static  Page is delivered exactly as stored on server  Same information displayed for all users, from all contexts  Dynamic.

Copyright (c) 2006 IBM Corporation; made available under the EPL v1.0 Update Policy ~ Where we are in 3.2.

Web Security Firewalls, Buffer overflows and proxy servers.

1 CSC160 Chapter 1: Introduction to JavaScript Chapter 2: Placing JavaScript in an HTML File.

Constraint Framework, page 1 Collaborative learning for security and repair in application communities MIT site visit April 10, 2007 Constraints approach.

HIPS. Host-Based Intrusion Prevention Systems  One of the major benefits to HIPS technology is the ability to identify and stop known and unknown attacks,

Unit 20 - Client Side Customisation of Web Pages

TMG Client Protection 6NPS – Session 7.

Introduction to Dynamic Web Programming

Ad-blocker circumvention System

BrowserShield: Vulnerability-Driven Filtering of Dynamic HTML

JavaScript an introduction.

An Introduction to JavaScript

Exploring DOM-Based Cross Site Attacks

Mike Ter Louw, V.N. Venkatakrishnan University of Illinois at Chicago

Presentation transcript:

BrowserShield: Vulnerability- Driven Filtering of Dynamic HTML  CHARLES REIS University of Washington  JOHN DUNAGAN, HELEN J. WANG, and OPHER DUBROVSKY  Microsoft and SAHER ESMEIR Technion  Presenter:Ravindar R Yenugu

Outline Introduction to Topic Overview of Shield Model Limits of Shield Model Overview of BrowserShield Implementation Results Conclusions

WEB BASED ATTACKS Web Based Attacks Web browser exploits are common examples: Buffer overflows, ActiveX flaws, etc critical vulnerabilities, 8 patches in critical vulnerabilities, 7 updates in 2005

Shields: End-host Vulnerability-Driven Network Filters Goal: Protect the time window between vulnerability disclosure and patch application. Approach: Characterize the vulnerability instead of its exploits and use the vulnerability signature for end-host fire walling. Advantages of Shield:  Protection as good as patches (resilient to attack variations), unlike exploit-driven firewalls  Easier to test and deploy, more reliable than patches

Drawbacks of shield model Shield works for static HTML Script code can hide exploits -finding exploits is undecidable Can’t know deterministically until runtime

Challenges The key challenge in filtering dynamic HTML is that it is undecidable to statically determine whether an embedded script will exploit the browser at runtime. We avoid this undecidability problem by rewriting web pages and any embedded scripts into safe equivalents, inserting checks so that the filtering is done at runtime.

BrowserShield Overview Injector injects the rewriting logic; actual rewriting is offloaded to and executes on client browser Injector can be a firewall, browser extension, web publisher Web server BrowserShield Logic Injector Client Browser HTML + JavaScript Shielded HTML and JavaScript Policies © 2007 Microsoft Corporation

Example: IFRAME Vulnerability <iframe src=”xxxxxxxx....” name=”xxxxxxxx....”> This is MS Vulnerability Buffer overrun if name and src attributes are too long Affected iframe, frame, embed tags

Example 2 In this vulnerability, IE had a vulnerable buffer that was overrun if both the name and the src attributes were too long in an iframe, frame, or embed HTML element Our system focuses on JavaScript because it is the predominant scripting language used on the Web; a full-fledged system would require additionally rewriting or disabling VBScript and any other script languages used by Web browsers that BrowserShield protects.

Working of Browser shield The BrowserShield system consists of a JavaScript library that translates Web pages into safe equivalents and a logic injector (such as a firewall) that modifies Web pages to use this library. BrowserShield uses two separate translations along with policies that are enforced at runtime They are i. T-HTML ii. T-SCRIPT

T-HTML & T-SCRIPT

Deployment of BrowserShield They have implemented a prototype of the BrowserShield system, in which the rewriting logic is injected into a Web page at an enterprise firewall and executed by the browser at rendering time. They chose the firewall deployment scenario because it offers the greatest manageability benefit, as BrowserShield updates can be centralized at the firewall, immediately protecting all client machines in the organization without any BrowserShield–related installation at either clients or web servers.

Characteristics of Browser shield Complete interposition: All script access to the HTML document tree must be mediated by the BrowserShield framework. Tamper-proof: Web pages must not be able to modify or tamper with the BrowserShield framework in unintended ways. Transparency: Apart from timing considerations and reasonable increases in resource usage, web pages should not be able to detect any changes in behavior due to the BrowserShield framework. The sole exception is for policy enforcement (e.g., the behavior of a page containing an exploit is visibly modified). Flexible policies: We desire the BrowserShield framework to have a good separation between mechanism and policy, to make the system flexible for many applications.

Complete Interposition To provide complete interposition, BrowserShield must mediate all possible accesses and manipulations allowed by the Document Object Model (DOM) over the HTML document trees (including script elements). we achieve this using script rewriting to interpose on function calls, object method calls, object property accesses, object creation, and control constructs. These interposition points are sufficient to mediate script access to the DOM. We summarize our rewriting rules in following table.

Tamper proof enforcement Preventing scripts from tampering with BrowserShield is challenging because BrowserShield logic lives in the same name space as the code it is managing. To address this, we use name resolution management to ensure that all Browser-Shield logic is inaccessible. This entails renaming certain variables and modifying the output of reflection in some cases.

Transparency The BrowserShield framework must also ensure that its presence is transparent to the original script’s semantics. Transparency additionally requires that we present to scripts the context they would have in the absence of BrowserShield. Achieved through Shadow copies, Preserving context mechanisms.

Flexibility The final goal of BrowserShield is to support flexible policy enforcement. This can be achieved by separating mechanism from policy Because the interposition logic itself is policy- driven, our system can be made incrementally complete. For example, if an undocumented API is discovered that can manipulate the document tree, we simply add a new policy to interpose on this API.

Dealing with Policies Writing policies:Policies are implemented as JavaScript functions. Each policy function takes in arguments relevant to the interposition point at which it is registered, such as the arguments to a JavaScript function or a representation of anHTMLtag Policy Registration:The BrowserShield framework exposes several “hook” functions for registering policies at interposition points. ex:addHTMLTagPolicy(tagName, policy) Policy Distribution:Policy functions are downloaded separately from the remainder of the Browser-Shield framework, and they can be updated and customized based on the intended application.

APPLICATIONS Comprehensive Link Translation Script Debugging Script Sandboxing Anti- Phishing Aids

Evaluation We evaluated BrowserShield’s ability to protect IE against all critical vulnerabilities for which Microsoft released patches in 2005 [Microsoft 2005]. Of the 29 critical patches that year, 8 are for IE, corresponding to 19 IE vulnerabilities. These vulnerabilities fall into three classes: IE’s handling of (i) HTML, script,or ActiveX components, (ii) HTTP, and (iii) images or other files

Evaluation Table II shows how many vulnerabilities there were in each area, and whether BrowserShield or another technology could provide patch-equivalent protection

Conclusion Script rewriting can protect web clients - Vulnerability-driven filtering - Transforms content, not browsers General framework BrowserShield can also serve as a platform for other new functionality on the Web,

QUESTIONS ? THANK YOU