The Most Dangerous Code in the Browser Stefan Heule, Devon Rifkin, Alejandro Russo, Deian Stefan Stanford University, Chalmers University of Technology.

Slides:



Advertisements
Similar presentations
Protecting Browser State from Web Privacy Attacks Collin Jackson, Andrew Bortz, Dan Boneh, John Mitchell Stanford University.
Advertisements

Presented by Vaibhav Rastogi. Current browsers try to separate host system from Web Websites evolved into web applications Lot of private data on the.
ForceHTTPS: Protecting High-Security Web Sites from Network Attacks Collin Jackson and Adam Barth.
Chrome Extentions Vulnerabilities. Introduction Google Chrome Browser Chrome OS Platform Chrome Web Store Applications Open Source Platform.
Browser Comparisons Internet Explorer 8 & 9, Chrome 11 and Firefox 4 Security, Privacy, Add-ons & Convenience.
Hulk: Eliciting Malicious Behavior in Browser Extensions
張逸文 P ROTECTING B ROWSERS FROM E XTENSION V ULNERABILITIES NDSS 2010 Adam Barth, University of California, Berkeley Adrienne Porter Felt, University of.
Georgios Kontaxis, Michalis Polychronakis Angelos D. Keromytis, Evangelos P. Markatos Siddhant Ujjain (2009cs10219) Deepak Sharma (2009cs10185)
Android Security. N-Degree of Separation Applications can be thought as composed by Main Functionality Several Non-functional Concerns Security is a non-functional.
An Evaluation of the Google Chrome Extension Security Architecture
Securing Interaction for Sites, Apps and Extensions in the Browser Brad Miller J. D. Tygar.
Building and Deploying Safe and Secure Android Apps for Enterprise Presented by Technology Consulting Group at Endeavour Software Technologies.
My First Building Block Presented By Tracy Engwirda 28 September, 2005.
IFC Inside: Retrofitting Languages with Dynamic Information Flow Control Stefan Heule, Deian Stefan, Edward Z. Yang, John C. Mitchell, Alejandro Russo.
Privacy-Preserving Browser-Side Scripting With BFlow Alexander Yip, Neha Narula, Maxwell Krohn, Robert Morris Massachusetts Institute of Technology.
The OWASP Foundation Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under.
Part or all of this lesson was adapted from the University of Washington’s “Web Design & Development I” Course materials.
Phu H. Phung Chalmers University of Technology JSTools’ 12 June 13, 2012, Beijing, China Joint work with Lieven Desmet (KU Leuven)
Android Security Enforcement and Refinement. Android Applications --- Example Example of location-sensitive social networking application for mobile phones.
1 Subspace: Secure Cross Domain Communication for Web Mashups Collin Jackson and Helen J. Wang Mamadou H. Diallo.
Security Liaisons Information Presentation. Introduction  What’s the big deal with computer security? Don’t we have an IT security department to take.
D ATABASE S ECURITY Proposed by Abdulrahman Aldekhelallah University of Scranton – CS521 Spring2015.
Browser Comparisons - Convenience Internet Explorer 8 & 9, Chrome 11 and Firefox 4 Searching, Convenience & Add-ons.
Presented by…. Group 2 1. Programming language 2Introduction.
Understanding Android Security Yinshu Wu William Enck, Machigar Ongtang, and PatrickMcDaniel Pennsylvania State University.
Software Deployment at Johnston Community College Lauren Bradley | Windows System Administrator at Johnston Community College Lauren Bradley | Windows.
Peter R. Pietzuch Ioannis Papagiannis Peter Pietzuch Large-Scale Distributed Systems Group ACM Cloud Computing.
Web 2.0: Concepts and Applications 11 The Web Becomes 2.0.
Computer and Information Security Protecting yourself and your clients in the wild and wooly online world.
Web Browser Security Prepared By Mohammed EL-Batta Mohammed Soubih Supervised By Eng. Eman alajrami Explain Date 10. may University of Palestine.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Lecture 16 Page 1 CS 236 Online SQL Injection Attacks Many web servers have backing databases –Much of their information stored in a database Web pages.
3-Protecting Systems Dr. John P. Abraham Professor UTPA.
Marcel Casado NCAR/RAP WEATHER WARNING TOOL NCAR.
Extending Forefront beyond the limit TMG UAG ISA IAG Security Suite
Gaurav Aggarwal and Elie Bursztein, Collin Jackson, Dan Boneh, USENIX (Aug.,2010) A N A NALYSIS OF P RIVATE B ROWSING M ODES IN M ODERN B ROWSERS 1.
Protecting Browsers from Extension Vulnerabilities (NDSS 2010) Adam Barth, Adrienne Porter Felt, Prateek Saxena University of California, Berkeley {abarth,
July 2014 LCCU Meeting We’ll answers members’ questions: –Demonstrate the basics of using the Firefox browser. –What is a sandbox, how does a PC use one.
ADV. NETWORK SECURITY CODY WATSON What’s in Your Dongle and Bank Account? Mandatory and Discretionary Protections of External Resources.
Georgios Kontaxis‡, Michalis Polychronakis‡, Angelos D. Keromytis‡, and Evangelos P.Markatos* ‡Columbia University and *FORTH-ICS USENIX-SEC (August, 2012)
Lecture 16 Page 1 CS 236 Online Web Security CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
1 3 Computing System Fundamentals 3.4 Networked Computer Systems.
1. Same-origin Policy For JS JS on a site can read data only from the same site Protects a user’s confidential data from other sites.
M. Alexander Helen J. Wang Yunxin Liu Microsoft Research 1 Presented by Zhaoliang Duan.
Android System Security Xinming Ou. Android System Basics An open-source operating system for mobile devices (AOSP, led by Google) – Consists of a base.
Protecting Browsers from Extension Vulnerabilities Paper by: Adam Barth, Adrienne Porter Felt, Prateek Saxena at University of California, Berkeley and.
Activity 4 Protecting Ourselves. Keeping Safe There are lots of different ways we can be at risk on the Internet. How can we protect ourselves and keep.
Plug-in Architectures Presented by Truc Nguyen. What’s a plug-in? “a type of program that tightly integrates with a larger application to add a special.
1 Isolating Web Programs in Modern Browser Architectures CS6204: Cloud Environment Spring 2011.
Trends and Lessons from Three Years Fighting Malicious Extensions Nav Jagpal, Eric Dingle, Jean-Philippe, Gravel Panayiotis, Mavrommatis Niels, Provos.
Web 2.0: Concepts and Applications 11 The Web Becomes 2.0.
1 Utkarsha MishraCOMPSCI 725 David Silver, Suman Jana, Eric Chen, Collin Jackson, and Dan Boneh. “Password Managers: Attacks and Defenses.” In Proceedings.
What web developers need to know when building Metro style apps Scott Dickens Principal Program Manager Lead Microsoft Corporation DEV352.
Salesforce for Google Apps Users. Who We Are Cirruspath, Inc. Founded in 2011 HQ in Southern California, Operations in Tennessee Co-Founders Ryan Huff.
Goals Be able to identify the parts of a URL Determine the safeness of a link Know the best places to find the info you need Know how to deal with toolbars.
By: Collin Molnar. Overview  Intro to Android  Security basics  Android architecture  Application isolation  Application permissions  Physical access.
Browser code isolation John Mitchell CS 155 Spring 2016.
Phillip Schneider Information Services Librarian Gail Borden Public Library District Cybersecurity: Keeping Your Computers & Devices Safe.
PIWIK JUNIOR TIDAL ASSOCIATE PROF., WEB SERVICES & MULTIMEDIA LIBRARIAN NEW YORK CITY COLLEGE OF TECHNOLOGY, CUNY.
VPN Joshua Turner.
Understanding Android Security
Android System Security
Practical Censorship Evasion Leveraging Content Delivery Networks
Article Authors – Oleksii Starov & Nick Nikiforakas
Jon Peppler, Menlo Security Channels
Understanding Android Security
How to Stay Safe Online Rollie Edwards.
John Hazen Principal Program Manager Lead Microsoft Corporation
David Cleverly – Development Lead
Protecting Browsers from Extension Vulnerabilities
Presentation transcript:

The Most Dangerous Code in the Browser Stefan Heule, Devon Rifkin, Alejandro Russo, Deian Stefan Stanford University, Chalmers University of Technology

Web Browsers Today One of the most popular application platforms – Easy to deploy and access – Almost anything available as a web app – Including very sensitive content (e.g., banking, , passwords, health care) Security built in – E.g., website cannot steal locally stored photos – Achieved through, e.g., same-origin policy (SOP) – User does not need to worry about this

Browser Extensions Users want more functionality – Customize websites: content, behavior and display – New functionality for websites – Change browser Browsers provide extension systems

Extension Security Extensions are meant to interact with websites – Challenging for user privacy and security Firefox – Extensions are powerful Can change almost any aspect (and run native code) – Can be installed from anywhere – Web store: static analysis and human review

Chrome Extension Security Split into extensions and plugins Plugins: native code – Flash, Java, PDF, Silverlight – Require manual review Extensions: JavaScript based – Vast majority are in this category – Extension can only be installed from Chrome Web Store

Chrome Extension Architecture Content Script Extension Core History Tabs DOM Process Boundary Isolated worlds

Chrome Threat Model Extensions are benign-but-buggy – Protect extensions from websites Principle of least privilege – Extensions ask for permissions – Typically asked for at install time

Permissions of Top 500 Extensions 71.6% can “Read and modify all your data on all websites you visit”

Permissions are Meaningless

Problems Permissions are broad and vague; without context Users desensitized to permission requests Incentives for developers to asks for too many permissions – Adding permissions later requires user action Attacker model assumes extensions to be benign

Attacks in the Wild Google recently removed ~200 malicious extensions [Oakland’15] – 5% of unique IPs accessing Google had at least one malicious extension – Some injected ads, others steal personal information Popular extension developers get contacted to sell extension – And then update with malicious code

New Extension System: Goals 1.Handle mutually distrusting code – Extensions are protected from websites – Sensitive (website) user data is protected from extensions Attacker executes arbitrary extension to leak user data 2.Provide a meaningful permission system – Safe behavior should not require permission – Permissions should be fine-grained and content- specific 3.Incentivize safety – Many extensions should not require permissions

Preliminary Design Reading sensitive data is safe – if not disseminated arbitrarily Mandatory access control (MAC) confinement – Track sensitivity of information through application Proposal: use coarse-grained confinement system like COWL [OSDI’14]

Example: Google Mail Checker Extension reads unread count from gmail – Gets tainted with mail.google.com – No further communication with evil.com allowed Not all extensions are this simple – Need richer extension APIs

Explicit Sharing Some users want to leak information – Save snippet to Evernote – Share webpage to Pintrest Forbidden according to MAC – Corresponds to information declassification Leverage user intent with a sharing API – Trusted UI, e.g. “Share with …” context menu

Encrypted Sharing System allows labeled values – Can freely be passed, only tainted when inspected Encryption API takes labeled value, returns unlabeled encrypted value – Can now be freely shared, e.g. sync to other device Secure LastPass-style password manager – Cloud only sees encrypted values, user controls master key – When decrypted, passwords cannot leave browser due to MAC

More APIs Declarative CSS API – Change the display of a website Networking API – E.g., to block undesired requests (AdBlock) DOM access – Isolate extension from website using shadow DOM

Safe by Default When a large class of extensions can be written safely without permissions, warnings can become meaningful again

Conclusion Extensions most dangerous to user privacy – This need not be! Strong guarantees of MAC-based confinement system allow many extensions to be safe Meaningful permissions/warnings otherwise – Fine-grained and content specific, at runtime

Questions? Thank you :-)