Presentation is loading. Please wait.

Presentation is loading. Please wait.

Shuo Chen Microsoft Research One Microsoft Way David Ross Security Technology Unit, Microsoft One Microsoft Way Yi-Min Wang Microsoft Research One Microsoft.

Published byAlyson Fox Modified over 8 years ago

Similar presentations

Presentation on theme: "Shuo Chen Microsoft Research One Microsoft Way David Ross Security Technology Unit, Microsoft One Microsoft Way Yi-Min Wang Microsoft Research One Microsoft."— Presentation transcript:

1 Shuo Chen Microsoft Research One Microsoft Way David Ross Security Technology Unit, Microsoft One Microsoft Way Yi-Min Wang Microsoft Research One Microsoft Way Presented By: Yasser Yahia Abd El-Fattah

2  Problem description.  Related Work  XSS bugs in Java applications.  The Tahoma Virtual Machine Monitor (VMM).

3

4  Exploiting the Interactions between IE and Windows Explorer.  Exploiting Function Aliasing.  Exploiting the Excessive Expressiveness of Frame Navigation Calls.  Exploiting the Semantics of User Events.

5

6

7

8

9  The Accent Key.  Accenting and De-accenting.  Why the XOR operation.  How to implement the mechanism.

10  The mechanism was tested on IE v6 and proved that it can defeat the different attacks described.  The mechanism is able to be implemented on IE v7 due to the no difference between the structure of the two versions.

11  Browsers’ isolation mechanisms are critical to users’ safety and privacy on the web.  The implementation of IE’s domain-isolation mechanism and the previously reported attacks.  The proposed the script accenting technique as a light-weight transparent defense against these attacks.

12

Download ppt "Shuo Chen Microsoft Research One Microsoft Way David Ross Security Technology Unit, Microsoft One Microsoft Way Yi-Min Wang Microsoft Research One Microsoft."

Similar presentations

Protecting Browser State from Web Privacy Attacks Collin Jackson, Andrew Bortz, Dan Boneh, John Mitchell Stanford University.

Protecting Browser State from Web Privacy Attacks Collin Jackson, Andrew Bortz, Dan Boneh, John Mitchell Stanford University.
Presented by Vaibhav Rastogi. Current browsers try to separate host system from Web Websites evolved into web applications Lot of private data on the.

Presented by Vaibhav Rastogi. Current browsers try to separate host system from Web Websites evolved into web applications Lot of private data on the.
Mobile Code Security Yurii Kuzmin. What is Mobile Code? Term used to describe general-purpose executables that run in remote locations. Web browsers come.

Mobile Code Security Yurii Kuzmin. What is Mobile Code? Term used to describe general-purpose executables that run in remote locations. Web browsers come.
Anderson Quach (Microsoft) Tony Gentilcore (Google)

Anderson Quach (Microsoft) Tony Gentilcore (Google)
Path Cutter: Severing the Self-Propagation Path of XSS JavaScript Worms in Social Web Networks Yinzhi Cao, Vinod Yegneswaran, Phillip Porras, and Yan Chen.

Path Cutter: Severing the Self-Propagation Path of XSS JavaScript Worms in Social Web Networks Yinzhi Cao, Vinod Yegneswaran, Phillip Porras, and Yan Chen.
Microsoft Office 2007 Microsoft Excel Collaboration Feature Using SharePoint and Excel Services.

Microsoft Office 2007 Microsoft Excel Collaboration Feature Using SharePoint and Excel Services.
Mobile Code Security Aviel D. Rubin, Daniel E. Geer, Jr. MOBILE CODE SECURITY, IEEE Internet Computing, 1998 Minkyu Lee 2007. 04. 23.

Mobile Code Security Aviel D. Rubin, Daniel E. Geer, Jr. MOBILE CODE SECURITY, IEEE Internet Computing, 1998 Minkyu Lee
Automated Web Patrol with Strider Honey Monkeys: Finding Web Sites That Exploit Browser Vulnerabilities AUTHORS: Yi-Min Wang, Doug Beck, Xuxian Jiang,

Automated Web Patrol with Strider Honey Monkeys: Finding Web Sites That Exploit Browser Vulnerabilities AUTHORS: Yi-Min Wang, Doug Beck, Xuxian Jiang,
Chromium OS Chase Rogers. User Interface Unobtrusive Use small amount of screen space Combine apps and web pages into one tab strip Floating Windows Search.

Chromium OS Chase Rogers. User Interface Unobtrusive Use small amount of screen space Combine apps and web pages into one tab strip Floating Windows Search.
Cloud Computing Part #3 Zigmunds Buliņš, Mg. sc. ing 1.

Cloud Computing Part #3 Zigmunds Buliņš, Mg. sc. ing 1.
1 14th ACM Conference on Computer and Communications Security, Alexandria, VA Shuo Chen †, David Ross ‡, Yi-Min Wang † † Internet Services Research Center.

1 14th ACM Conference on Computer and Communications Security, Alexandria, VA Shuo Chen †, David Ross ‡, Yi-Min Wang † † Internet Services Research Center.
20065817 Su Yong Kim. Contents Domain Isolation Real-World Attacks Script Accenting Mechanism Attack Scenarios Revisited Performance Conclusion 2.

Su Yong Kim. Contents Domain Isolation Real-World Attacks Script Accenting Mechanism Attack Scenarios Revisited Performance Conclusion 2.
Secure web browsers, malicious hardware, and hardware support for binary translation Sam King.

Secure web browsers, malicious hardware, and hardware support for binary translation Sam King.
Automated Web Patrol with Strider HoneyMonkeys: Finding Web Sites That Exploit Browser Vulnerabilities Y.-M. Wang, D. Beck, X. Jiang in Proceedings of.

Automated Web Patrol with Strider HoneyMonkeys: Finding Web Sites That Exploit Browser Vulnerabilities Y.-M. Wang, D. Beck, X. Jiang in Proceedings of.
PREVIOUS GNEWS. 11 Patches – 5 Critical Affecting most everything Other updates, MSRT, Defender Definitions, Junk Mail Filter –MS10-018 - IE, Remote Execution.

PREVIOUS GNEWS. 11 Patches – 5 Critical Affecting most everything Other updates, MSRT, Defender Definitions, Junk Mail Filter –MS IE, Remote Execution.
© 2007 IBM Corporation IBM Emerging Technologies Enabling an Accessible Web 2.0 Becky Gibson Web Accessibility Architect.

© 2007 IBM Corporation IBM Emerging Technologies Enabling an Accessible Web 2.0 Becky Gibson Web Accessibility Architect.
got ? Research Project – April 1998 Hang Xia, Mark Wang, Richard S. Chang Updated: R Norman, August 1999.

got ? Research Project – April 1998 Hang Xia, Mark Wang, Richard S. Chang Updated: R Norman, August 1999.
Publishing on the WWW Active X. Aims and Objectives To introduce the concept of embedding objects within web pages To show how Active X can be used to.

Publishing on the WWW Active X. Aims and Objectives To introduce the concept of embedding objects within web pages To show how Active X can be used to.
1 Owais Mohammad Haq Department of Computer Science Eastern Michigan University April, 2005 Java Script.

1 Owais Mohammad Haq Department of Computer Science Eastern Michigan University April, 2005 Java Script.
ACTIVE X By Ethan Huang. OUTLINE What is ActiveX? Component of ActiveX Why ActiveX? ActiveX and Java Security Issue.

ACTIVE X By Ethan Huang. OUTLINE What is ActiveX? Component of ActiveX Why ActiveX? ActiveX and Java Security Issue.

Similar presentations

Ads by Google