static enforcement of web application integrity
play

Static Enforcement of Web Application Integrity William Robertson - PowerPoint PPT Presentation

Jun 23, 2023 •13 likes •433 views

Static Enforcement of Web Application Integrity William Robertson and Giovanni Vigna { wkr,vigna } @cs.ucsb.edu Computer Security Group UC Santa Barbara 13 August 2009 (UCSB SecLab) Static Web App Integrity Enforcement 13 August 2009 1 / 28

  1. Static Enforcement of Web Application Integrity William Robertson and Giovanni Vigna { wkr,vigna } @cs.ucsb.edu Computer Security Group UC Santa Barbara 13 August 2009 (UCSB SecLab) Static Web App Integrity Enforcement 13 August 2009 1 / 28

  2. Web applications are... ◮ easy to develop (UCSB SecLab) Static Web App Integrity Enforcement 13 August 2009 2 / 28

  3. Web applications are... ◮ easy to develop ◮ easy to deploy (UCSB SecLab) Static Web App Integrity Enforcement 13 August 2009 2 / 28

  4. Web applications are... ◮ easy to develop ◮ easy to deploy ◮ easy to update (UCSB SecLab) Static Web App Integrity Enforcement 13 August 2009 2 / 28

  5. Web applications are... ◮ easy to develop ◮ easy to deploy ◮ easy to update ◮ accessible from everywhere (UCSB SecLab) Static Web App Integrity Enforcement 13 August 2009 2 / 28

  6. ...and broken FAA Review of Web Applications Security and Intrusion Detection in Air Traffic Control Systems Report Number: FI-2009-049 Date Issued: May 4, 2009 (UCSB SecLab) Static Web App Integrity Enforcement 13 August 2009 3 / 28

  7. ...and broken FAA Review of Web Applications Security and Intrusion Detection in Air Traffic Control Systems Report Number: FI-2009-049 Date Issued: May 4, 2009 (UCSB SecLab) Static Web App Integrity Enforcement 13 August 2009 3 / 28

  8. A pervasive problem (UCSB SecLab) Static Web App Integrity Enforcement 13 August 2009 4 / 28

  9. Cross-site scripting <input type="hidden" name="m" value="$var"/> (UCSB SecLab) Static Web App Integrity Enforcement 13 August 2009 5 / 28

  10. Cross-site scripting <input type="hidden" name="m" value="x"/> (UCSB SecLab) Static Web App Integrity Enforcement 13 August 2009 5 / 28

  11. Cross-site scripting <input type="hidden" name="m" value="x"/> <script src="http://evil.com/x.js"> </script> <span id="x"/> (UCSB SecLab) Static Web App Integrity Enforcement 13 August 2009 5 / 28

  12. SQL injection UPDATE users SET passwd=’$var’ WHERE login=’user’ (UCSB SecLab) Static Web App Integrity Enforcement 13 August 2009 6 / 28

  13. SQL injection UPDATE users SET passwd=’l33r0y’ WHERE login=’user’ (UCSB SecLab) Static Web App Integrity Enforcement 13 August 2009 6 / 28

  14. SQL injection UPDATE users SET passwd=’l33r0y’ WHERE login=’admin’--’ WHERE login=’user’ (UCSB SecLab) Static Web App Integrity Enforcement 13 August 2009 6 / 28

  15. Existing solutions ◮ Web application firewalls ◮ Automated static, dynamic analyses ◮ Penetration testing and code auditing (UCSB SecLab) Static Web App Integrity Enforcement 13 August 2009 7 / 28

  16. Why are web apps vulnerable? ◮ Web documents and database queries treated as unstructured character sequences ◮ No knowledge of structure and content at the framework level ◮ Developers responsible for manually sanitizing content ◮ Failure to preserve integrity of document and database query structure (UCSB SecLab) Static Web App Integrity Enforcement 13 August 2009 8 / 28

  17. A language-based solution ◮ Explicitly denote structure and content within language using the type system ◮ Language is responsible for preserving application integrity ◮ Lift burden as much as possible from the developer ◮ No testing, separate analyses, policy specifications ◮ Web application compiles → application is safe (UCSB SecLab) Static Web App Integrity Enforcement 13 August 2009 9 / 28

  18. Framework overview ◮ Haskell-based application framework prototype ◮ Application implemented as set of functions executing within the App monad stack ◮ HTTP requests routed to functions ◮ Functions perform computations and return documents (UCSB SecLab) Static Web App Integrity Enforcement 13 August 2009 10 / 28

  19. Documents Document DocHead DocBody TitleNode LinkNode DivNode DivNode AnchorNode TextNode TextNode (UCSB SecLab) Static Web App Integrity Enforcement 13 August 2009 11 / 28

  20. Document nodes data Node = TextNode { nodeText :: String } | AnchorNode { anchorAttrs :: NodeAttrs, anchorHref :: Maybe Url, ... anchorNodes :: [Node] } | DivNode { divAttrs :: NodeAttrs, divNodes :: [Node] } ... (UCSB SecLab) Static Web App Integrity Enforcement 13 August 2009 12 / 28

  21. Document nodes data Node = TextNode { nodeText :: String } | AnchorNode { anchorAttrs :: NodeAttrs, anchorHref :: Maybe Url, ... anchorNodes :: [Node] } | DivNode { divAttrs :: NodeAttrs, divNodes :: [Node] } ... (UCSB SecLab) Static Web App Integrity Enforcement 13 August 2009 12 / 28

  22. Document nodes data Node = TextNode { nodeText :: String } | AnchorNode { anchorAttrs :: NodeAttrs, anchorHref :: Maybe Url, ... anchorNodes :: [Node] } | DivNode { divAttrs :: NodeAttrs, divNodes :: [Node] } ... (UCSB SecLab) Static Web App Integrity Enforcement 13 August 2009 12 / 28

  23. Document nodes data Node = TextNode { nodeText :: String } | AnchorNode { anchorAttrs :: NodeAttrs, anchorHref :: Maybe Url, ... anchorNodes :: [Node] } | DivNode { divAttrs :: NodeAttrs, divNodes :: [Node] } ... (UCSB SecLab) Static Web App Integrity Enforcement 13 August 2009 12 / 28

  24. Enforcing document integrity ◮ Type system restricts applications to constructing Document trees ◮ f :: HttpRequest -> App Document ◮ Framework is responsible for rendering tree into text (UCSB SecLab) Static Web App Integrity Enforcement 13 August 2009 13 / 28

  25. Document rendering Document <html> <head> DocHead DocBody <title>...</title> </head> <body> <div> TitleNode LinkNode DivNode DivNode <a href="...">...</a> </div> ... <div> </div> AnchorNode TextNode </body> </html> TextNode Web Application Framework (UCSB SecLab) Static Web App Integrity Enforcement 13 August 2009 14 / 28

  26. Node sanitization class Render a where render :: a -> String ◮ Nodes implement Render typeclass ◮ render sanitizes data given context (UCSB SecLab) Static Web App Integrity Enforcement 13 August 2009 15 / 28

  27. Database queries UPDATE users SET passwd=? WHERE login=? ◮ Mechanism already exists to fix query structure – prepared statements ◮ App monad controls access to database functions (UCSB SecLab) Static Web App Integrity Enforcement 13 August 2009 16 / 28

  28. Database queries UPDATE users SET passwd=? WHERE login=? ◮ Mechanism already exists to fix query structure – prepared statements ◮ App monad controls access to database functions (UCSB SecLab) Static Web App Integrity Enforcement 13 August 2009 16 / 28

  29. Enforcing static query integrity Application AppConfig AppState AppIO IO (UCSB SecLab) Static Web App Integrity Enforcement 13 August 2009 17 / 28

  30. Not all queries are static SELECT * FROM users WHERE login IN (’admin’) (UCSB SecLab) Static Web App Integrity Enforcement 13 August 2009 18 / 28

  31. Not all queries are static SELECT * FROM users WHERE login IN (’admin’, ’devel’) (UCSB SecLab) Static Web App Integrity Enforcement 13 August 2009 18 / 28

  32. Not all queries are static SELECT * FROM users WHERE login IN (’admin’, ’devel’, ’test’) (UCSB SecLab) Static Web App Integrity Enforcement 13 August 2009 18 / 28

  33. Enforcing dynamic query integrity SELECT ["*"] ["users"] IN "login" SET "admin" "devel" "test" (UCSB SecLab) Static Web App Integrity Enforcement 13 August 2009 19 / 28

  34. Sanitization evaluation ◮ Performed control flow analysis of framework to evaluate coverage of sanitization functions ◮ Evaluated correctness of individual sanitization functions (UCSB SecLab) Static Web App Integrity Enforcement 13 August 2009 20 / 28

  35. Sanitization function coverage (UCSB SecLab) Static Web App Integrity Enforcement 13 August 2009 21 / 28

  36. Sanitization function correctness ◮ Test-driven approach to check correctness ◮ Number of invariants manually specified ◮ 1,000,000 random test cases generated using QuickCheck ◮ Test cases for malicious examples (UCSB SecLab) Static Web App Integrity Enforcement 13 August 2009 22 / 28

  37. Sanitization function invariants propAttrValueSafe :: AttrValue -> Bool propAttrValueSafe input = (not $ elem ’<’ output) && (not $ elem ’>’ output) && (not $ elem ’&’ $ stripEntities output) && (not $ elem ’"’ output) where output = render input (UCSB SecLab) Static Web App Integrity Enforcement 13 August 2009 23 / 28

  38. Performance ◮ Implemented web application using three frameworks ◮ Haskell ◮ Pylons ◮ Tomcat ◮ Evaluated throughput and latency (UCSB SecLab) Static Web App Integrity Enforcement 13 August 2009 24 / 28

  39. Latency (UCSB SecLab) Static Web App Integrity Enforcement 13 August 2009 25 / 28

  40. Throughput (UCSB SecLab) Static Web App Integrity Enforcement 13 August 2009 26 / 28

Recommend

Specication and Enforcement of Static Specication and Enforcement of Static Separation-of-Duty

Specication and Enforcement of Static Specication and Enforcement of Static Separation-of-Duty

Specication and Enforcement of Static Specication and Enforcement of Static Separation-of-Duty Policies in Usage Control Jianfeng Lu, Ruixuan Li, Zhengding Lu, Ji Jinwei Hu, and Xiaopu Ma i H d Xi M Huazhong University of Science and

625 views • 25 slides
Gatekeeper Mostly Static Enforcement of Security &amp; Reliability Policies for JavaScript Code

Gatekeeper Mostly Static Enforcement of Security &amp; Reliability Policies for JavaScript Code

Gatekeeper Mostly Static Enforcement of Security &amp; Reliability Policies for JavaScript Code Salvatore Guarnieri, University of Washington Ben Livshits, Microsoft Research 1 alert (hi); program malicious Catch me if you can dont

828 views • 26 slides
KILOBAR KILOBAR KILOBAR INTEGRITY KILOBAR KILOBAR KILOBAR KILOBAR INTEGRITY KILOBAR

KILOBAR KILOBAR KILOBAR INTEGRITY KILOBAR KILOBAR KILOBAR KILOBAR INTEGRITY KILOBAR

KILOBAR KILOBAR KILOBAR INTEGRITY KILOBAR KILOBAR KILOBAR KILOBAR INTEGRITY KILOBAR INTEGRITY INTEGRITY INTEGRITY INTEGRITY INTEGRITY INTEGRITY Blockchain &amp; Security Ruth Crowell, Chief Executive Asia Pacific Precious Metals

460 views • 10 slides
Preserving Linked Data on the Semantic Web by the application of Link Integrity techniques from

Preserving Linked Data on the Semantic Web by the application of Link Integrity techniques from

Preserving Linked Data on the Semantic Web by the application of Link Integrity techniques from Hypermedia Rob Vesse, Wendy Hall and Les Carr {rav08r,wh,lac}@ecs.soton.ac.uk 27 April 2010 Link Integrity Aims to ensure that a Link is valid

430 views • 14 slides
Module 5: Implementing Data Integrity Overview Types of Data Integrity Enforcing Data

Module 5: Implementing Data Integrity Overview Types of Data Integrity Enforcing Data

Module 5: Implementing Data Integrity Overview Types of Data Integrity Enforcing Data Integrity Defining Constraints Types of Constraints Disabling Constraints Using Defaults and Rules Deciding Which Enforcement Method

260 views • 23 slides
Static Code Analysis of Complex PHP Application Vulnerabilities Johannes Dahse Static Code

Static Code Analysis of Complex PHP Application Vulnerabilities Johannes Dahse Static Code

Static Code Analysis Automatisierte Sicherheitsanalyse of Complex PHP Application Vulnerabilities von Webapplikationen Static Code Analysis of Complex PHP Application Vulnerabilities Johannes Dahse Static Code Analysis Automatisierte

1.48k views • 89 slides
in Hungary Enforcement procedure Procedure after Ordering enforcement enforcement order

in Hungary Enforcement procedure Procedure after Ordering enforcement enforcement order

Monitoring of enforcement in Hungary Enforcement procedure Procedure after Ordering enforcement enforcement order Ordering enforcement Authorities court notary public Enforcement order certificate of enforcement

540 views • 12 slides
Static and Method Overloading static One per class, not per object static variables

Static and Method Overloading static One per class, not per object static variables

Static and Method Overloading static One per class, not per object static variables all instances of the class share the same static variable example: serial/VIN number for Car static methods invoked through class

324 views • 7 slides
Reducing the overhead of direct application instrumentation using prior static analysis 3 rd May

Reducing the overhead of direct application instrumentation using prior static analysis 3 rd May

Mitglied der Helmholtz-Gemeinschaft Reducing the overhead of direct application instrumentation using prior static analysis 3 rd May 2011 | Jan Muler, Daniel Lorenz, Felix Wolf Overview Performance analysis with Scalasca Filtering

435 views • 19 slides
Hardware Enforcement of Application Security Policies Using Tagged Memory Nickolai Zeldovich,

Hardware Enforcement of Application Security Policies Using Tagged Memory Nickolai Zeldovich,

Faculty of Computer Science Institute for System Architecture, Operating Systems Group Hardware Enforcement of Application Security Policies Using Tagged Memory Nickolai Zeldovich, Hari Kannan, Michael Dalton and Christos Kozyrakis Dresden,

553 views • 14 slides
Static Analysis For Improved Application Performance And Quality Eric Cloninger

Static Analysis For Improved Application Performance And Quality Eric Cloninger

Static Analysis For Improved Application Performance And Quality Eric Cloninger (ericc@motorola.com) Product Line Manager, Development Tools Motorola Mobility Housekeeping bit.ly bundle for all content - http://bitly.com/nwJ1Jj @ecmoto

401 views • 19 slides
1 Static Equilibrium From Static Eq. to Dynamic Eq. System of mass points Static

1 Static Equilibrium From Static Eq. to Dynamic Eq. System of mass points Static

Static/ Dynamic Deformation I ntroduction to Static deformation Dynamic deformation Static/ Dynamic Deformation with Mass-Spring Systems undeformed shape f internal + = f inertia = 0 f external Min Gyu Choi deformed

426 views • 4 slides
ilab Lab 3 Dynamic Routing Static Routing TCP/ IP ISO/ OSI Concepts, Hardware, Software

ilab Lab 3 Dynamic Routing Static Routing TCP/ IP ISO/ OSI Concepts, Hardware, Software

Lehrstuhl fr Netzarchitekturen und Netzdienste Institut fr Informatik Technische Universitt Mnchen ilab Lab 3 Dynamic Routing Static Routing TCP/ IP ISO/ OSI Concepts, Hardware, Software Minicom Application Application

722 views • 24 slides
14.471: Public Economics Tax Enforcement Emmanuel Saez MIT: Fall 2009 1 Tax Enforcement

14.471: Public Economics Tax Enforcement Emmanuel Saez MIT: Fall 2009 1 Tax Enforcement

14.471: Public Economics Tax Enforcement Emmanuel Saez MIT: Fall 2009 1 Tax Enforcement Problem Most models of optimal taxation (income or commodity) as- sume away enforcement issues. In practice: 1) Enforcement is costly (eats up around 10%

1.12k views • 45 slides
JOINT ENFORCEMENT AGREEMENT SE DIVISION Cooperative Enforcement Program Joint Enforcement

JOINT ENFORCEMENT AGREEMENT SE DIVISION Cooperative Enforcement Program Joint Enforcement

Assistant Commander Brandi Reeder Law Enforcement Division - Fisheries Law Administrator JOINT ENFORCEMENT AGREEMENT SE DIVISION Cooperative Enforcement Program Joint Enforcement Agreement One of the most effective programs in NOAAs

600 views • 30 slides
Need for concerted efforts to implement research integrity in academic institutions Presented by

Need for concerted efforts to implement research integrity in academic institutions Presented by

Need for concerted efforts to implement research integrity in academic institutions Presented by ANWAR ALI SIDDIQUI The Aga Khan University Karachi, Pakistan INTRODUCTION Research integrity is the coherent and consistent application of

628 views • 14 slides
230B: Public Economics Tax Enforcement Emmanuel Saez Berkeley 1 Tax Enforcement Problem Most

230B: Public Economics Tax Enforcement Emmanuel Saez Berkeley 1 Tax Enforcement Problem Most

230B: Public Economics Tax Enforcement Emmanuel Saez Berkeley 1 Tax Enforcement Problem Most models of optimal taxation (income or commodity) as- sume away enforcement issues. In practice: 1) Enforcement is costly (eats up around 10% of

889 views • 55 slides
Oil and Gas Update Citizens Advisory Council April 21, 2015 Roadmap Overview Enforcement

Oil and Gas Update Citizens Advisory Council April 21, 2015 Roadmap Overview Enforcement

Oil and Gas Update Citizens Advisory Council April 21, 2015 Roadmap Overview Enforcement Integrity and Transparency Surface Activities Rulemaking Vision for the Future Question and Answer Session Total Well Applications

616 views • 30 slides
CS314 Software Engineering Web Development Dave Matthews Web application evolution Static

CS314 Software Engineering Web Development Dave Matthews Web application evolution Static

9/12/18 CS314 Software Engineering Web Development Dave Matthews Web application evolution Static server pages Active server pages Mobile server pages Single page applications 1 9/12/18 Static server pages Active server

213 views • 7 slides
Austin Hackett UNCLASSIFIED/UNLIMITED DISTIBUTION GIS in Law Enforcement Planning and

Austin Hackett UNCLASSIFIED/UNLIMITED DISTIBUTION GIS in Law Enforcement Planning and

Austin Hackett UNCLASSIFIED/UNLIMITED DISTIBUTION GIS in Law Enforcement Planning and analysis Data management Situational awareness/ Field Operations Contingency Preparation UNCLASSIFIED/UNLIMITED DISTIBUTION Static Reports

394 views • 8 slides
Static Checking of Dynamically-Varying Security Policies in Database-Backed Applications Adam

Static Checking of Dynamically-Varying Security Policies in Database-Backed Applications Adam

Static Checking of Dynamically-Varying Security Policies in Database-Backed Applications Adam Chlipala OSDI 2010 Beyond Code Injection 1.Injection An application includes an Dependent on application-specific unintended run-time program

595 views • 20 slides
Professional Integrity to Testing &amp; Certification Practitioners Integrity Training for PCSTP

Professional Integrity to Testing &amp; Certification Practitioners Integrity Training for PCSTP

Professional Integrity to Testing &amp; Certification Practitioners Integrity Training for PCSTP Applicants Hong Kong Ethics Development Centre Independent Commission Against Corruption Competence Requirement Integrity Management

574 views • 23 slides
Static and dynamic verification Static and dynamic V&amp;V Software inspections Concerned

Static and dynamic verification Static and dynamic V&amp;V Software inspections Concerned

1 2 Static and dynamic verification Static and dynamic V&amp;V Software inspections Concerned with analysis of the static system Static representation to discover problems (static verification verification) May be supplement by

107 views • 6 slides
LESSONS LEARNED Research Integrity Some Thoughts Integrity is doing the right thing when

LESSONS LEARNED Research Integrity Some Thoughts Integrity is doing the right thing when

Mr. Gianfranco Scipione, M.Sc., J.D./M.B.A. Manager, Research Integrity UHN Research Ms. Katie Roposa, BScN, MEd, RN, CMQ/OE Director, Research Quality Integration UHN Research LESSONS LEARNED Research Integrity Some Thoughts Integrity

623 views • 21 slides

More recommend