Presentation is loading. Please wait.

Presentation is loading. Please wait.

Using Replicated Execution for a More Secure and Reliable Browser Authors: Hui Xue, Nathan Dautenhahn, Samuel T. King University of Illinois at Urbana.

Similar presentations


Presentation on theme: "Using Replicated Execution for a More Secure and Reliable Browser Authors: Hui Xue, Nathan Dautenhahn, Samuel T. King University of Illinois at Urbana."— Presentation transcript:

1 Using Replicated Execution for a More Secure and Reliable Browser Authors: Hui Xue, Nathan Dautenhahn, Samuel T. King University of Illinois at Urbana Champaign Source: NDSS '12 Reporter: MinHao WU https://netfiles.uiuc.edu/huixue2/www/cocktail.pptx

2 Outline Example Introduction Design Implementation Evaluation Conclusion 2

3 Browsers Are Not Safe Browsers are plagued with vulnerabilities ◦ Internet Explorer: 59 new vulnerabilities in 2010 ◦ Firefox: 100 new vulnerabilities in 2010 ◦ Safari: 119 new vulnerabilities in 2010 ◦ Chrome: 191 new vulnerabilities in 2010 3

4 Firefox Browser Exploit Example Firefox 3.0.x malicious popup by CVE-2009-3076 4

5 Opera: Exploit Fails Opera shows no popup 5

6 Reason: Browser Specific Vulnerabilities Different browsers different code bases The same bug often only in one browser 6

7 Cocktail: Mixing Browsers For Better Security 7

8 How Cocktail Works: Example 8 click HTTP GET Proxy HTTP GET a.com/i mg.png “a.com” server “a.com” server request img.png a.com/i mg.png ✓ ✓

9 How Cocktail Works: Example 9 click HTTP GET a.com/i mg.png “a.com” server “a.com” server request img.png a.com/i mg.png response img.png Qt DISPLAY Proxy ✓ ✓

10 Withstanding False Positive/Attack 10 click Proxy “a.com” server “a.com” server HTTP GET ✓ ✓ a.com/i mg.png HTTP GET a.com/questi on.png request img.png response img.png Qt DISPLAY

11 Observation : Opportunistic N-Version Programming 11 DOM Same specification “roughly” followed Different code base +

12 How to Compare Different Browsers? States to compare: display + network ◦ Display: vision based page layout abstraction Interaction with server Client side non-determinism 12

13 Challenge: Interaction with Server Pages from server can be different 13 “a.com” server “a.com” server A A B B C C

14 Solution Avoid major changes to browser ◦ Browsers self-update is easy ◦ Open source is not required Solution: proxy replication ◦ Replicate incoming network data with proxy  HTTPS handling: Man-in-the-middle 14

15 Solution: Proxy Replication One browser as seen by server 15 a.com server a.com server Page A Proxy Page A

16 Challenge: Client Side Non-determinism Same page content, different execution result 16 … randomId = Math.random(); url = “doubleclick.com?ad=” + randomId; … … randomId = Math.random(); url = “doubleclick.com?ad=” + randomId; …

17 Client Non-determinism Summary Script related randomness Browser specific behaviors ◦ E.g., Opera community 17 Random NumberMath.random() Date and Timenew Date() Browser Specific Valuewindow.opera; navigator.appName Browser Locale“EN” VS “en-US”………. …...

18 Solution Extension modifies script execution ◦ Overwrites Math, Date, window.opera Browser configuration change ◦ Disable Opera community ◦ Adjust browser locale 18 Firefox Cocktail Extension Cocktail Extension Opera Cocktail Extension Cocktail Extension Chrome Cocktail Extension Cocktail Extension

19 False Positive Browsers treat malformed URL differently 19 <iframe src=" http://www.adfusion.com/Adfusion.PartnerSite/ca tegoryhtml.aspx?userfeedguid=948fbed8-69ae-4659 -b3c1-b9863e5ab24e&clicktag=http://ads.bluelith ium.com/clk?2,13%...%2Flrec%2F,&CB={REQUES TID} width="300" height="250" scrolling="no" frameborder="0" marginheight="0" marginwidth="0” > Missing "

20 Why Cocktail Is More Secure Voting == Security Withstand some F.P. ◦ Only need 2 to proceed Ext. to eliminate non-determinism Looks like a good one Acts like a good one It is one uncompromised browser 20 Ckt Ext Ckt Ext Ckt Ext Ckt Ext Ckt Ext Ckt Ext Voting Proxy Voting Proxy DISPLA Y

21 Implementation 21

22 The UI component is responsible for providing the interface between the user and Cocktail, routing user input to each replica, and voting on the display states of each replica. The replica component maintains each browser replica, which all run in sandboxed environments. The network component is responsible for handling network requests from the replicas and voting on network requests. 22

23 UI replication ◦ Recorder and re-player: Extension ◦ Passing UI events across browsers: Proxy UI Display capturing and voting ◦ ImageMagick and OpenCV Proxy ◦ OpenSSL for MITM 23

24 Evaluation 24

25 Evaluation Security analysis ◦ User interaction: CVE-2009-3076 ◦ Heap overflow: CVE-2009-2477 ◦ DOS attack: Firefox 3.0.4 DOS, April 2009 ◦ Same origin policy bypassing: CVE-2007-0981 Performance ◦ 30% slower comparing to Firefox 25

26 Conclusion Mixing different browsers for better security ◦ Practical N-Version programming for browsers ◦ Cocktail mirrors all inputs across the different browser replicas and votes on all outputs to withstand attacks ◦ Our results showed that added little overhead to the page load latency times for the web sites we tested. 26


Download ppt "Using Replicated Execution for a More Secure and Reliable Browser Authors: Hui Xue, Nathan Dautenhahn, Samuel T. King University of Illinois at Urbana."

Similar presentations


Ads by Google