Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Yinzhi Cao, Zhichun Li *, Vaibhav Rastogi, Yan Chen, and Xitao Wen Labs of Internet Security and Technology Northwestern University * NEC Labs America.

Published byJohanne Cottingham Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Yinzhi Cao, Zhichun Li *, Vaibhav Rastogi, Yan Chen, and Xitao Wen Labs of Internet Security and Technology Northwestern University * NEC Labs America."— Presentation transcript:

1 1 Yinzhi Cao, Zhichun Li *, Vaibhav Rastogi, Yan Chen, and Xitao Wen Labs of Internet Security and Technology Northwestern University * NEC Labs America Virtual Browser: a Virtualized Browser to Sandbox Third-party JavaScripts with Enhanced Security

2 Outline Introduction Related Work Design Security Analysis Evaluation Conclusions 2

3 Third-party JavaScripts are popular. –Web Mashups –Third-party Games –Widgets –Visitor Counters However, they share the same privilege as host web site, and thus –They can sabotage host web site. –They can exploit client browsers. So we propose: Virtual Browser, a virtualized browser built upon native browsers. Introduction 3

4 Outline Introduction Related Work Design Security Analysis Evaluation Conclusions 4

5 Related Work JavaScript level approaches –Static methods (ADSafe, FBJS, CoreScript, and Maffeis et al.) –Runtime Approaches (Microsoft Web Sandbox, and Google Caja) –Mixed Approaches (GateKeeper, Huang et al.) Native approaches –Browser modification (ConScript, MashupOS and WebJail) –Approaches using NaCl (AdSentry) –Approaches using iframes (AdJail and SMash) 5

6 JavaScript level approaches No dynamic JavaScript feature support (eval and with) Vulnerable to drive-by-download (especially unknown attacks) Vulnerable to browser quirks –Undocumented HTML/JavaScript parsing behavior such as is parsed as 6

7 Native approaches Modification to browsers. Many are vulnerable to drive-by-download attacks. 7

8 8

9 9

10 Therefore we propose: An approach that is (your take-away) –Robust to drive-by-download –Support dynamic JavaScript features –Supported by all the browsers –Robust to browser quirks 10 Virtual Browser

11 Outline Introduction Related Work Design Security Analysis Evaluation Conclusions 11

12 System Architecture 12

13 System Architecture 13

14 System Architecture 14 Only one parser: mitigating quirks

15 System Architecture 15

16 System Architecture 16

17 System Architecture 17

18 System Architecture 18

19 System Architecture 19

20 System Architecture 20

21 System Architecture 21

22 System Architecture 22

23 System Architecture 23 All written in JavaScript: supported by all browsers

24 System Architecture 24 Virtualization: Robust to drive-by- download

25 An Example 25 How to support dynamic features?

26 An Example 26

27 An Example 27

28 An Example 28

29 An Example 29

30 An Example 30

31 An Example 31

32 Outline Introduction Related Work Design Security Analysis Evaluation Conclusions 32

33 Security Analysis Isolating third-party JavaScript through Avoidance –Cutting off Outflows of Virtual Browser –Cutting off Inflows of Virtual Browser Communication between third-party JavaScript and trusted JavaScript –Data Security –Script Security –Securing Data Flows in Virtual Browser 33

34 Isolation through Avoidance Cutting off Outflows of Virtual Browser –We ensure third-party codes are trapped inside Virtual Browser. –An assumption: Any JavaScript code has to be parsed in the native JavaScript parsers before it can be executed in native browser. (1) Look up Manuals (2) Call Graph Analysis 34

35 Cutting off Outflows Cutting off Outflows of Virtual JavaScript Engine –Only eval and new Function will cause native parsing. –Call graph analysis also shows that. Cutting off Outflows of Virtual HTML and CSS parser :Similar So we avoid using eval and new Function in Virtual Browser source codes. 35

36 Cutting of Inflows Anonymous Object Encapsulation (function(){ this.evaluate= function () { codes } other codes }) (); 36

37 Communication through Redirection Data Security –General Data Security Mirrored Object Access Control –Such as Object Views 37 function String(s) { s = arguments.length ? "" + s : ""; if (this instanceof String){ this.value = s; return this; } return s; }

38 Communication through Redirection Data Security –Script Security Determined Scripts –Scripts that need immediate execution. (evaluate it) –Scripts that need delayed execution. (such as setTimeout) »Pseudo-function Pointer 38 setTimeout(function(){ execute(parsed node, exe context) },100)

39 Communication through Redirection Data Security –Script Security Undetermined Script –Privilege escalation may happen. –We are on par with existing solutions. –As shown by Finifter et al., we need to adopt narrow interface. 39

40 Securing Data Flows 40

41 Securing Data Flows 41 document.writeeval Redirect them back to virtual engine

42 Securing Data Flows 42 Prevented by encapsulation

43 Securing Data Flows 43 Privilege escalation: we are on par with existing solutions.

44 Securing Data Flows 44

45 Similar analysis can be applied to virtual CSS parser and HTML parser. 45

46 Outline Introduction Related Work Design Security Analysis Evaluation Conclusions 46

47 Evaluation Performance Evaluation –Speed –Memory Usage –Parsing Latency Browser Quirk Compatibility Robustness to Unknown JavaScript Vulnerability Completeness of Implementation 47

48 Performance Micro-benchmark 48 On par with Web Sandbox.

49 Performance Macro-benchmark (Game: Connect Four) 49

50 Memory Usage 50

51 Parsing Latency (JavaScript) 51

52 Parsing Latency (HTML) 52

53 Evaluation Robust to Browser Quirk –Robust to 113 browser quirks in XSS cheat sheet Robust to Unknown JavaScript Vulnerabilities –Robust to 14 JavaScript engine vulnerabilities in CVE Completeness of Implementation –Pass 96% test cases of ECMA-262 Edition 1 from Mozilla 53

54 Discussion Speed – Slow –Yes. However, latency is acceptable. –JavaScript engine is becoming faster and faster How do we deal with vulnerability of virtual engine? –Type safe language –Virtual engine adds another layer that make sure security. (Similar to Virtual Machine) 54

55 Outline Introduction Related Work Design Security Analysis Evaluation Conclusions 55

56 Conclusion We build Virtual Browser, a virtualized browser upon native browsers. We are –Robust to browser quirks. –Robust to drive-by-download. –Supported by all current browsers. –Support dynamic JavaScript features –And Slow – Yes, we are 56

57 Thanks Any Questions? 57

Download ppt "1 Yinzhi Cao, Zhichun Li *, Vaibhav Rastogi, Yan Chen, and Xitao Wen Labs of Internet Security and Technology Northwestern University * NEC Labs America."

Similar presentations

Presented by Vaibhav Rastogi. Current browsers try to separate host system from Web Websites evolved into web applications Lot of private data on the.

Presented by Vaibhav Rastogi. Current browsers try to separate host system from Web Websites evolved into web applications Lot of private data on the.
0 The Past, Present and Future of XSS Defense Jim Manico 2011 OWASP Brussels.

0 The Past, Present and Future of XSS Defense Jim Manico 2011 OWASP Brussels.
Path Cutter: Severing the Self-Propagation Path of XSS JavaScript Worms in Social Web Networks Yinzhi Cao, Vinod Yegneswaran, Phillip Porras, and Yan Chen.

Path Cutter: Severing the Self-Propagation Path of XSS JavaScript Worms in Social Web Networks Yinzhi Cao, Vinod Yegneswaran, Phillip Porras, and Yan Chen.
GATEKEEPER MOSTLY STATIC ENFORCEMENT OF SECURITY AND RELIABILITY PROPERTIES FOR JAVASCRIPT CODE Salvatore Guarnieri & Benjamin Livshits Presented by Michael.

GATEKEEPER MOSTLY STATIC ENFORCEMENT OF SECURITY AND RELIABILITY PROPERTIES FOR JAVASCRIPT CODE Salvatore Guarnieri & Benjamin Livshits Presented by Michael.
PathCutter: Severing the Self- Propagation Path of XSS JavaScript Worms in Social Web Networks Yinzhi Cao §, Vinod Yegneswaran †, Phillip Porras †, and.

PathCutter: Severing the Self- Propagation Path of XSS JavaScript Worms in Social Web Networks Yinzhi Cao §, Vinod Yegneswaran †, Phillip Porras †, and.
Mobile Code Security Aviel D. Rubin, Daniel E. Geer, Jr. MOBILE CODE SECURITY, IEEE Internet Computing, 1998 Minkyu Lee 2007. 04. 23.

Mobile Code Security Aviel D. Rubin, Daniel E. Geer, Jr. MOBILE CODE SECURITY, IEEE Internet Computing, 1998 Minkyu Lee
Automated Web Patrol with Strider Honey Monkeys: Finding Web Sites That Exploit Browser Vulnerabilities AUTHORS: Yi-Min Wang, Doug Beck, Xuxian Jiang,

Automated Web Patrol with Strider Honey Monkeys: Finding Web Sites That Exploit Browser Vulnerabilities AUTHORS: Yi-Min Wang, Doug Beck, Xuxian Jiang,
Presented by Vaibhav Rastogi.  Advent of Web 2.0 and Mashups  Inclusion of untrusted third party content a necessity  Need to restrict the functionality.

Presented by Vaibhav Rastogi.  Advent of Web 2.0 and Mashups  Inclusion of untrusted third party content a necessity  Need to restrict the functionality.
An Evaluation of the Google Chrome Extension Security Architecture

An Evaluation of the Google Chrome Extension Security Architecture
JShield: Towards Real-time and Vulnerability-based Detection of Polluted Drive-by Download Attacks Yinzhi Cao*, Xiang Pan**, Yan Chen** and Jianwei Zhuge***

JShield: Towards Real-time and Vulnerability-based Detection of Polluted Drive-by Download Attacks Yinzhi Cao*, Xiang Pan**, Yan Chen** and Jianwei Zhuge***
Web Defacement Anh Nguyen May 6 th, 2010. Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.

Web Defacement Anh Nguyen May 6 th, Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.
DT211/3 Internet Application Development Active Server Pages & IIS Web server.

DT211/3 Internet Application Development Active Server Pages & IIS Web server.
Detection of Attacks with Proxy-based Execution Alex Kiaie, Benjamin Prosnitz, Yi Tang, Yinzhi Cao.

Detection of Attacks with Proxy-based Execution Alex Kiaie, Benjamin Prosnitz, Yi Tang, Yinzhi Cao.
ACTIVE X By Ethan Huang. OUTLINE What is ActiveX? Component of ActiveX Why ActiveX? ActiveX and Java Security Issue.

ACTIVE X By Ethan Huang. OUTLINE What is ActiveX? Component of ActiveX Why ActiveX? ActiveX and Java Security Issue.
Introduction to Web Application Architectures Web Application Architectures 18 th March 2005 Bogdan L. Vrusias

Introduction to Web Application Architectures Web Application Architectures 18 th March 2005 Bogdan L. Vrusias
Computer Security and Penetration Testing

Computer Security and Penetration Testing
Phu H. Phung Chalmers University of Technology JSTools’ 12 June 13, 2012, Beijing, China Joint work with Lieven Desmet (KU Leuven)

Phu H. Phung Chalmers University of Technology JSTools’ 12 June 13, 2012, Beijing, China Joint work with Lieven Desmet (KU Leuven)
1 Subspace: Secure Cross Domain Communication for Web Mashups Collin Jackson and Helen J. Wang Mamadou H. Diallo.

1 Subspace: Secure Cross Domain Communication for Web Mashups Collin Jackson and Helen J. Wang Mamadou H. Diallo.
Redefining Web Browser Principals with a Configurable Origin Policy Yinzhi Cao, Vaibhav Rastogi, Zhichun Li†, Yan Chen and Alexander Moshchuk†† Northwestern.

Redefining Web Browser Principals with a Configurable Origin Policy Yinzhi Cao, Vaibhav Rastogi, Zhichun Li†, Yan Chen and Alexander Moshchuk†† Northwestern.
Subspace: Secure Cross-Domain Communication for Web Mashups Collin Jackson Stanford University Helen J. Wang Microsoft Research ACM WWW, May, 2007 Presenter:

Subspace: Secure Cross-Domain Communication for Web Mashups Collin Jackson Stanford University Helen J. Wang Microsoft Research ACM WWW, May, 2007 Presenter:

Similar presentations

Ads by Google