Download presentation
Presentation is loading. Please wait.
Published byCyrus Yarborough Modified over 9 years ago
1
張逸文 P ROTECTING B ROWSERS FROM E XTENSION V ULNERABILITIES NDSS 2010 Adam Barth, University of California, Berkeley Adrienne Porter Felt, University of California, Berkeley Prateek Saxena, University of California, Berkeley Aaron Boodman, Google,Inc.
2
O UTLINE Introduction Firefox Extension System Google Chrome Extension System Performance Conclusion 2
3
O UTLINE Introduction Extensions Benign-but-buggy Extensions Firefox Extension System Google Chrome Extension System Performance Conclusion 3
4
I NTRODUCTION 1/3 of Firefox users run at least 1 extension Extend, modify and control browser behavior Provide rich functionality and add features Browser extensions differ from browser plug-ins Extensions -- 使用瀏覽器的擴充介面,用來加 強或增加瀏覽器功能的小程式 Plug-ins -- 使用 Netscape 提供的 NPAPI 為介面, 提供跨瀏覽器協力支援的程式。 4
5
I NTRODUCTION Benign-but-buggy extensions Extensions aren’t written by security experts Extensions interact extensively with web sites Firefox extensions run with the browser’s full privileges An attacker can usurp the extension’s broad privileges 5
6
I NTRODUCTION Attacking Example R. S. Liverani and N. Freeman, “Abusing Firefox Extensions”, Defcon17, July 2009 install a remote desktop server on the user’s machine 6
7
O UTLINE Introduction Firefox Extension System Attacks on Extensions Limiting Firefox Extension Privileges Google Chrome Extension System Performance Conclusion 7
8
F IREFOX E XTENSION S YSTEM Attacks on Extensions 1. Cross-site Scripting 2. Replacing Native APIs 3. JavaScript Capability Leaks 4. Mixed Content Firefox extensions High privilege Rich interaction with distrusted web content 8
9
F IREFOX E XTENSION S YSTEM Limiting Firefox Extension Privileges ?? Review 25 Firefox extensions from the 13 categories Behavior: How much privilege does an extension need? Implementation: How much privilege does an extension receive? 9
10
F IREFOX E XTENSION S YSTEM Firefox Security Severity Ratings: Firefox Security Severity Ratings Critical High Medium Low None 10
11
F IREFOX E XTENSION S YSTEM Result Only 3 need critical privileges The other 22 extensions exhibit a privilege gap 11
12
F IREFOX E XTENSION S YSTEM Use the same interfaces 12
13
F IREFOX E XTENSION S YSTEM 13
14
O UTLINE Introduction Firefox Extension System Google Chrome Extension System Least privilege Privilege separation Strong isolation Performance Conclusion 14
15
G OOGLE C HROME E XTENSION S YSTEM Least privilege Explicitly requested in the extension’s manifest Developers define privileges in manifest Execute Arbitrary Code Web Site Access API Access 15
16
G OOGLE C HROME E XTENSION S YSTEM 16
17
G OOGLE C HROME E XTENSION S YSTEM Privilege separation 17
18
G OOGLE C HROME E XTENSION S YSTEM Isolation Mechanisms Extension identity -- a public key in the extension’s URL Process Isolation -- run in different processes Isolated Worlds -- own JavaScript objects 18
19
G OOGLE C HROME E XTENSION S YSTEM 19
20
O UTLINE Introduction Firefox Extension System Google Chrome Extension System Performance Conclusion 20
21
PERFORMANCE Inter-component communication Round-trip latency between content script & extension core: 0.8 ms Isolated Worlds Mechanism Add 33.3% overhead Add 33.3% overhead 21
22
O UTLINE Introduction Firefox Extension System Google Chrome Extension System Performance Conclusion 22
23
CONCLUSION Firefox extension system Extensions are over-privileged API needs to be tamed for least privilege New extension system for Google Chrome Developer encouraged to request few privileges Extensions have a reduced attack surface 23
24
動動腦 ~ 一日,私塾裡大家都在讀經 … 只有家家東張西望 老師問家家 : 妳為什麼不念呢 ? 24 因為家家有本難念的經
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.