Presentation is loading. Please wait.

Presentation is loading. Please wait.

張逸文 P ROTECTING B ROWSERS FROM E XTENSION V ULNERABILITIES NDSS 2010 Adam Barth, University of California, Berkeley Adrienne Porter Felt, University of.

Similar presentations


Presentation on theme: "張逸文 P ROTECTING B ROWSERS FROM E XTENSION V ULNERABILITIES NDSS 2010 Adam Barth, University of California, Berkeley Adrienne Porter Felt, University of."— Presentation transcript:

1 張逸文 P ROTECTING B ROWSERS FROM E XTENSION V ULNERABILITIES NDSS 2010 Adam Barth, University of California, Berkeley Adrienne Porter Felt, University of California, Berkeley Prateek Saxena, University of California, Berkeley Aaron Boodman, Google,Inc.

2 O UTLINE  Introduction  Firefox Extension System  Google Chrome Extension System  Performance  Conclusion 2

3 O UTLINE  Introduction  Extensions  Benign-but-buggy Extensions  Firefox Extension System  Google Chrome Extension System  Performance  Conclusion 3

4 I NTRODUCTION  1/3 of Firefox users run at least 1 extension  Extend, modify and control browser behavior  Provide rich functionality and add features  Browser extensions differ from browser plug-ins  Extensions -- 使用瀏覽器的擴充介面,用來加 強或增加瀏覽器功能的小程式  Plug-ins -- 使用 Netscape 提供的 NPAPI 為介面, 提供跨瀏覽器協力支援的程式。 4

5 I NTRODUCTION  Benign-but-buggy extensions  Extensions aren’t written by security experts  Extensions interact extensively with web sites  Firefox extensions run with the browser’s full privileges  An attacker can usurp the extension’s broad privileges 5

6 I NTRODUCTION  Attacking Example  R. S. Liverani and N. Freeman, “Abusing Firefox Extensions”, Defcon17, July 2009  install a remote desktop server on the user’s machine 6

7 O UTLINE  Introduction  Firefox Extension System  Attacks on Extensions  Limiting Firefox Extension Privileges  Google Chrome Extension System  Performance  Conclusion 7

8 F IREFOX E XTENSION S YSTEM  Attacks on Extensions 1. Cross-site Scripting 2. Replacing Native APIs 3. JavaScript Capability Leaks 4. Mixed Content  Firefox extensions  High privilege  Rich interaction with distrusted web content 8

9 F IREFOX E XTENSION S YSTEM  Limiting Firefox Extension Privileges ??  Review 25 Firefox extensions from the 13 categories  Behavior: How much privilege does an extension need?  Implementation: How much privilege does an extension receive? 9

10 F IREFOX E XTENSION S YSTEM  Firefox Security Severity Ratings: Firefox Security Severity Ratings  Critical  High  Medium  Low  None 10

11 F IREFOX E XTENSION S YSTEM  Result  Only 3 need critical privileges  The other 22 extensions exhibit a privilege gap 11

12 F IREFOX E XTENSION S YSTEM  Use the same interfaces 12

13 F IREFOX E XTENSION S YSTEM 13

14 O UTLINE  Introduction  Firefox Extension System  Google Chrome Extension System  Least privilege  Privilege separation  Strong isolation  Performance  Conclusion 14

15 G OOGLE C HROME E XTENSION S YSTEM  Least privilege  Explicitly requested in the extension’s manifest  Developers define privileges in manifest  Execute Arbitrary Code  Web Site Access  API Access 15

16 G OOGLE C HROME E XTENSION S YSTEM 16

17 G OOGLE C HROME E XTENSION S YSTEM  Privilege separation 17

18 G OOGLE C HROME E XTENSION S YSTEM  Isolation Mechanisms  Extension identity -- a public key in the extension’s URL  Process Isolation -- run in different processes  Isolated Worlds -- own JavaScript objects 18

19 G OOGLE C HROME E XTENSION S YSTEM 19

20 O UTLINE  Introduction  Firefox Extension System  Google Chrome Extension System  Performance  Conclusion 20

21 PERFORMANCE  Inter-component communication  Round-trip latency between content script & extension core: 0.8 ms  Isolated Worlds Mechanism  Add 33.3% overhead Add 33.3% overhead 21

22 O UTLINE  Introduction  Firefox Extension System  Google Chrome Extension System  Performance  Conclusion 22

23 CONCLUSION  Firefox extension system  Extensions are over-privileged  API needs to be tamed for least privilege  New extension system for Google Chrome  Developer encouraged to request few privileges  Extensions have a reduced attack surface 23

24 動動腦 ~ 一日,私塾裡大家都在讀經 … 只有家家東張西望 老師問家家 : 妳為什麼不念呢 ? 24 因為家家有本難念的經


Download ppt "張逸文 P ROTECTING B ROWSERS FROM E XTENSION V ULNERABILITIES NDSS 2010 Adam Barth, University of California, Berkeley Adrienne Porter Felt, University of."

Similar presentations


Ads by Google