Presentation is loading. Please wait.

Presentation is loading. Please wait.

Analyzing Information Flow in JavaScript-based Browser Extensions Mohan Dhawan and Vinod Ganapathy Department of Computer Science Rutgers University 25.

Published byBrayden Glave Modified over 10 years ago

Similar presentations

Presentation on theme: "Analyzing Information Flow in JavaScript-based Browser Extensions Mohan Dhawan and Vinod Ganapathy Department of Computer Science Rutgers University 25."— Presentation transcript:

1 Analyzing Information Flow in JavaScript-based Browser Extensions Mohan Dhawan and Vinod Ganapathy Department of Computer Science Rutgers University 25 th Annual Computer Security Applications Conference (ACSAC 2009)

2 Mohan Dhawan 2 JavaScript-based Extensions (JSEs) Modern browsers support extensions –JavaScript-based Extensions Hugely popular –1.5 bn JSEs downloaded, 150 - 190 mn used daily [Mozilla Add-ons Statistics Dashboard]

3 Mohan Dhawan 3 JSEs – A Security Risk Unrestricted access to system resources Hard to detect malicious code Inadequate sandboxing of JSE actions Lack of good development and debugging tools for JSE Sensitive Malicious JSEs can cause loss of sensitive data Vulnerable JSEs can be exploited by remote attacker Malicious JSE Vulnerable JSE Sensitive

4 Mohan Dhawan 4 Outline Introduction Motivating Example Solution Evaluation Conclusion

5 Mohan Dhawan 5 GreaseMonkey Highly popular Firefox extension –nearly 3 million active daily users [Mozilla Add-ons Statistics Dashboard] Exports a set of APIs for users to customize and program the way web pages look and function

6 Mohan Dhawan 6 GreaseMonkey / Firefox Vulnerability www.evil.com Alice Sensitive Exploited JSEs can lead to disclosure of confidential data Firefox with GreaseMonkey GreaseMonkey

7 Mohan Dhawan 7 Firefox Sniffer (FFsniFF) – A Malicious JSE Sniffs all form fields Emails them to the attacker ******** Submit to the website Firefox with FFsniFF

8 Mohan Dhawan 8 Outline Introduction Motivating Example Solution Evaluation Conclusion

9 Mohan Dhawan 9 Prior Work Access control to guard against JSE behavior –Ter-Louw et al. (Journal of Virology, 2008) –Hallaraker and Vigna (ICECCS, 2005) Coarse grained false positives and negatives Data Cookies

10 Mohan Dhawan 10 Solving the GreaseMonkey Problem www.evil.com Alice Sensitive 1.Mark data as sensitive 2.Take action when sensitive data is sent out Firefox with GreaseMonkey GreaseMonkey

11 Mohan Dhawan 11 Our Solution Security Architecture for Browser Extensions (Sabre) –Attach security labels with each JavaScript object –Track the propagation of these labels –Take action when a sensitive object is externalized Enhance browser with JavaScript information flow analysis

12 Mohan Dhawan 12 Security Labels Sensitivity Level Provenance File System User Interface Network File System HIGH JSE Sabre Please see the paper for the list of sources and sinks. Information flows from sources to sinks.

13 Mohan Dhawan 13 Challenges in Real JSEs 1.Cross - Domain Flows 2.Benign Flows 3.Provenance 4.Implicit Flows

14 Mohan Dhawan 14 Challenge 1 : Cross – Domain Flows Necko User Interface XPConnect XPCOM DOM Network Engine User Interface Extension Rendering Engine Inter-Component Communication JavaScript Engine DOM Persistent Data JavaScript in a JSE can interact with other browser sub-systems var cookieMgr = Components.classes.[@mozilla.org/cookiemanager;1]. getService(Components.interfaces.nsICookieManager); cookies.txt

15 Mohan Dhawan 15 var cookieMgr = Components.classes.[@mozilla.org/cookiemanager;1]. getService(Components.interfaces.nsICookieManager); Problem : Label propagation for objects and properties not managed by JavaScript Solution : Assign sensitivity label of component to JavaScript objects –JavaScript can interact and store data in the DOM Modify the DOM to store security labels also Challenge 1 : Cross – Domain Flows (Object Access)

16 Mohan Dhawan 16 Challenge 2 : Benign Flows Benign JSEs may contain flow violations –PwdHash [Usenix Security 05] ******* www.url_one.com www.url_two.com PwdHash SHA1(pwd||domain) ******* *************** *********** SHA1(pwd||url_one) SHA1(pwd||url_two)

17 Mohan Dhawan 17 Challenge 2 : Benign Flows Disallowing them could render JSE dysfunctional Problem : How to identify such flows? –Difficult to isolate malicious / benign behavior at runtime Solution : Security analyst supplies a security policy to white-list trusted JSEs or declassifyspecific objects De-classification of password field in PwdHash

18 Mohan Dhawan 18 Challenge 3 : Provenance Origin of the script –Needs to be determined only once at the time of dispatching the script for execution JSEs contain overlays –Describe patches for the UI and contain JavaScript code –Event - driven and not explicitly dispatched for execution Problem : Track provenance for all JavaScript including code in JSE overlay files Solution : Per bytecode provenance tracking, or separately verify the overlay files

19 Mohan Dhawan 19 Outline Introduction Motivating Example Solution Evaluation Conclusion

20 Mohan Dhawan 20 Evaluation - Goals Effectiveness –Classify behavior of benign JSEs –Determine information flow violations in malicious JSEs Performance –Impact on JavaScript performance –Compare overhead due to per-bytecode provenance check for overlay code

21 Mohan Dhawan 21 Evaluation - Methodology Evaluated Sabre using a suite of 24 JSEs –Comprising over 120K lines of JavaScript code Enhance the browser with the JSE being tested and examine any flow violations Test Setup –Integrated Sabre with Firefox 2.0.0.9. –2.33Ghz Intel Core2 Duo, 3GB RAM, Ubuntu 7.10

22 Mohan Dhawan 22 Results - Categorizing Benign JSEs White-listing / De-classification of trusted JSEs is essential.

23 Mohan Dhawan 23 Results - Accuracy Vulnerable & Malicious JSEs –GreaseMonkey v0.3.3 –Firebug v1.01 –FFsniFF –BrowserSPY Result –Precisely identified all flow violations –No false positives during normal web browsing

24 Mohan Dhawan 24 Results - Performance Overheads

25 Mohan Dhawan 25 Outline Introduction Motivating Example Solution Evaluation Conclusion

26 Mohan Dhawan 26 Conclusion Exploited JSEs can cause loss of sensitive information Policy-based access control is coarse grained and overly restrictive Sabre uses information flow tracking across browser sub-systems to prevent security violations in untrusted JSE code

27 Mohan Dhawan 27 Thank You!

Download ppt "Analyzing Information Flow in JavaScript-based Browser Extensions Mohan Dhawan and Vinod Ganapathy Department of Computer Science Rutgers University 25."

Similar presentations

You have been given a mission and a code. Use the code to complete the mission and you will save the world from obliteration…

You have been given a mission and a code. Use the code to complete the mission and you will save the world from obliteration…
1. XP 2 * The Web is a collection of files that reside on computers, called Web servers. * Web servers are connected to each other through the Internet.

1. XP 2 * The Web is a collection of files that reside on computers, called Web servers. * Web servers are connected to each other through the Internet.
Advanced Piloting Cruise Plot.

Advanced Piloting Cruise Plot.
Chapter 1: The Database Environment

Chapter 1: The Database Environment
1 Copyright © 2013 Elsevier Inc. All rights reserved. Appendix 01.

1 Copyright © 2013 Elsevier Inc. All rights reserved. Appendix 01.
Nick Feamster CS 6262 Spring 2009

Nick Feamster CS 6262 Spring 2009
Debugging in End- User Software Engineering summarized by Andrew Ko Toward Sharing Reasoning to Improve Fault Localization in Spreadsheets Joey Lawrance,

Debugging in End- User Software Engineering summarized by Andrew Ko Toward Sharing Reasoning to Improve Fault Localization in Spreadsheets Joey Lawrance,
By Rick Clements cle@cypress.com Software Testing 101 By Rick Clements cle@cypress.com.

By Rick Clements Software Testing 101 By Rick Clements
Business Transaction Management Software for Application Coordination 1 www.choreology.com Business Processes and Coordination.

Business Transaction Management Software for Application Coordination 1 Business Processes and Coordination.
6 Copyright © 2005, Oracle. All rights reserved. Building Applications with Oracle JDeveloper 10g.

6 Copyright © 2005, Oracle. All rights reserved. Building Applications with Oracle JDeveloper 10g.
17 Copyright © 2005, Oracle. All rights reserved. Deploying Applications by Using Java Web Start.

17 Copyright © 2005, Oracle. All rights reserved. Deploying Applications by Using Java Web Start.
Copyright CompSci Resources LLC 2009 1 Web-Based XBRL Products from CompSci Resources LLC Virginia, USA. Presentation by: Colm Ó hÁonghusa.

Copyright CompSci Resources LLC Web-Based XBRL Products from CompSci Resources LLC Virginia, USA. Presentation by: Colm Ó hÁonghusa.
Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13

Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13
Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13

Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13
Title Subtitle.

Title Subtitle.
My Alphabet Book abcdefghijklm nopqrstuvwxyz.

My Alphabet Book abcdefghijklm nopqrstuvwxyz.
DIVIDING INTEGERS 1. IF THE SIGNS ARE THE SAME THE ANSWER IS POSITIVE 2. IF THE SIGNS ARE DIFFERENT THE ANSWER IS NEGATIVE.

DIVIDING INTEGERS 1. IF THE SIGNS ARE THE SAME THE ANSWER IS POSITIVE 2. IF THE SIGNS ARE DIFFERENT THE ANSWER IS NEGATIVE.
FACTORING ax2 + bx + c Think “unfoil” Work down, Show all steps.

FACTORING ax2 + bx + c Think “unfoil” Work down, Show all steps.
Addition Facts 1 - 20.

Addition Facts
Secure Virtual Machine Execution Under an Untrusted Management OS Chunxiao Li Anand Raghunathan Niraj K. Jha.

Secure Virtual Machine Execution Under an Untrusted Management OS Chunxiao Li Anand Raghunathan Niraj K. Jha.

Similar presentations

Ads by Google