Download presentation
Presentation is loading. Please wait.
Published byAnna Czajka Modified over 5 years ago
1
BLUEPRINT: Robust Prevention of Cross-site Scripting Attacks for Existing Browsers
Mike Ter Louw, V.N. Venkatakrishnan University of Illinois at Chicago IEEE Symposium on Security and Privacy, 2009 1
2
Outline Cross-site Scripting Overview BLUEPRINT References Overview
Specifics Experiment / Results Contributions Weakness / Improvement References 2 2
3
Trusted vs. Untrusted HTML
3 3
4
Trusted vs. Untrusted HTML
4 4
5
Cross-site Scripting (XSS)
Code injection into untrusted HTML which exploits client-side browser parsing Hacker injects code into untrusted section, innocent user visits the web page, client browser displays all content, user encounters unintended content / hack JavaScript (HTML, CSS, Java, Flash, etc.) Non-persistent (reflected), Persistent (stored) 5 5
6
XSS Example 6 6
7
XSS Example 7 7
8
XSS Example Many web applications also store user preferences in JavaScript variables directly… 8 8
9
XSS vulnerability found at these domains.
XSS vulnerability found at these domains. Not yet fixed… 9
10
BLUEPRINT Goals W3C + dev cycle slow. Need solution now!
Solution should be transparent to user, support current browsers, no plug-ins, etc. Retain expressiveness of untrusted HTML Do not rely on browser to parse this data! Enable web apps. to create a “blueprint” of untrusted web content free of XSS attacks, bridging divide between app. & browser 10 10
11
HTML Interpretation Process
11
12
Document Object Model (DOM)
12
13
BLUEPRINT Approach model interpreter ( _bp_ )
Reduce browser influence of parsing: HTML, CSS, URI, JavaScript Server encodes chunks as models, Server API uses whitelist to vet models, data encoded w/ syntactically inert chars Transmit encoded data via <code> nodes, so browser ignores them, + script calls to model interpreter ( _bp_ ) 13 13
14
BLUEPRINT API 14 14
15
HTML presented to client
BLUEPRINT Model HTML presented to client Encoded to… old new 15 15
16
HTML Interpretation Process
_bp_ script + encoded models A, B, C, D, E Normal path: A, B, C, D, E Untrusted data: A, B’, Q, P, E, R 16
17
Reduce HTML Parser Influence
Models encoded in syntactically inert lang: {a,…,z,A,…,Z,0,…,9,/,+,=}* Decode model w/ model interpreter _bp_, link embedded in <head> element Use of DOM API to create elements Original rendering order preserved, models embedded near original location, decoded synchronously as page renders 17 17
18
BLUEPRINT Model Generator
18
19
Results 19 19
20
Contributions W3C / browser development cycle is slow, offers effective XSS defense solution now No required plug-ins, browser, ext., etc., empowers web developers, user benefits Innovative thinking: Web developers bypass browser parsing 20 20
21
Weaknesses All websites now have to update their libraries of code to use BLUEPRINT… HTML interpretation process may change, especially on embedded browsers Large script (15.6kB) downloaded / cached, How safe is this script? One for each site? Client browser may disable JavaScript Page size overhead due to text encoding 21 21
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.