web security browsers
play

Web Security: Browsers CS 161: Computer Security Prof. David Wagner - PowerPoint PPT Presentation

Jan 08, 2024 •1.09k likes •1.51k views

Web Security: Browsers CS 161: Computer Security Prof. David Wagner February 19, 2013 Announcements Midterm 1: in class, next Monday, here Midterm review session: Saturday 2/22, 2-4pm, 100 GPB Project 1 is now out; due Monday 3/3

  1. Web Security: Browsers CS 161: Computer Security Prof. David Wagner February 19, 2013

  2. Announcements • Midterm 1: in class, next Monday, here • Midterm review session: Saturday 2/22, 2-4pm, 100 GPB • Project 1 is now out; due Monday 3/3 • HW1 solutions are posted • No discussion sections next week

  3. Goals For Today • Web security challenges that are specific to web browsers – Quick reminder: web “ driveby ” attacks – Social engineering users: Clickjacking • Server-side solutions cannot fix these problems

  4. Dynamic Web Pages • Rather than static HTML, web pages can be expressed as a program, say written in Javascript : <title>Javascript demo page</title> <font size=30> Threats? Hello, <b> <script> Or what else? Or what else? var a = 1; Java, Flash, var b = 2; Active-X, PDF … document.write("world: ", a+b, "</b>"); </script>

  5. Drive-By Downloads Drive-By download = attack that infects your system just by you visiting a (malicious) web page. Your are now 0wnd!

  13. Defenses Against Driveby Attacks • Sandboxing: rich content (PDF, Flash, …) runs in a constrained environment – Implements Least Privilege • Disable unneeded functionality – Excessive featurism kills! – But not always practical • Patching / autoupdate – Still a race, and can be disruptive • Control exposure to untrusted sites – E.g., Google Safe Browsing : dynamically updated list of malware & phishing sites – Browser warns on any access …

  14. Misleading Users • Browser assumes clicks & keystrokes = clear indication of what the user wants to do – Constitutes part of the user’s trusted path • Attacker can meddle with integrity of this relationship in all sorts of ways …

  16. Stealing Keystrokes (demo)

  17. Misleading Users • Browser assumes clicks & keystrokes = clear indication of what the user wants to do – Constitutes part of the user’s trusted path • Attacker can meddle with integrity of this relationship in all sorts of ways … • Especially, recall the power of Javascript! – Alter page contents (dynamically) – Track events (mouse clicks, motion, keystrokes) – Read/set cookies – Issue web requests, read replies

  18. Using JS to Steal Facebook Likes Claim your FREE iPad • Bait-and-switch • Note: many of these attacks are similar to TOCTTOU (Time of Check to Time of Use) vulnerabilities From Clickjacking: Attacks and Defenses , by Lin-Shung Huang et al, Carnegie Mellon University / Microsoft Research

  19. UI Subversion: Clickjacking • An attack application (script) compromises the context integrity of another application’s User Interface when the user acts on the UI Visual integrity Context integrity consists of Target is visible visual integrity + temporal integrity Pointer is visible 1. Target checked 2. Initiate click 3. Target clicked Temporal integrity Target clicked = Target checked Pointer clicked = Pointer checked From Clickjacking: Attacks and Defenses , by Lin-Shung Huang et al, Carnegie Mellon University / Microsoft Research

  20. Compromise visual integrity – target • Hiding the target • Partial overlays $0.15 $0.15 Click From Clickjacking: Attacks and Defenses , by Lin-Shung Huang et al, Carnegie Mellon University / Microsoft Research

  21. Compromise visual integrity – pointer • Manipulating cursor feedback Claim your FREE iPad From Clickjacking: Attacks and Defenses , by Lin-Shung Huang et al, Carnegie Mellon University / Microsoft Research

  22. Clickjacking to Access the User’s Webcam Fake cursor Real cursor From Clickjacking: Attacks and Defenses , by Lin-Shung Huang et al, Carnegie Mellon University / Microsoft Research

  23. Some Clickjacking Defenses • Require confirmation for actions (annoys users) • Frame-busting: Web site ensures that its “ vulnerable ” pages can’t be included as a frame inside another browser frame – So user can’t be looking at it with something invisible overlaid on top … – … nor have the site invisible above something else

  24. Attacker implements this attack by placing Twitter’s page in a “ Frame ” inside their own page. Otherwise the two pages wouldn’t overlap.

  25. Some Clickjacking Defenses • Require confirmation for actions (annoys users) • Frame-busting: Web site ensures that its “ vulnerable ” pages can’t be included as a frame inside another browser frame – So user can’t be looking at it with something invisible overlaid on top … – … nor have the site invisible above something else • Conceptually implemented with Javascript like: if ¡(top.location ¡!= ¡self.location) ¡ ¡ ¡ ¡ ¡top.location ¡= ¡self.location; ¡ (Note: actually quite tricky to get this right!) � • Current research considers more general approach … �

  26. InContext Defense (Research) • A set of techniques to ensure context integrity for user actions • Server opt-in approach – Let websites indicate their sensitive UIs – Let browsers enforce context integrity when users act on the sensitive UIs attacker.com attacker.com From Clickjacking: Attacks and Defenses , by Lin-Shung Huang et al, Carnegie Mellon University / Microsoft Research

  27. Ensuring visual integrity of pointer • Remove cursor customization – Attack success: 43% -> 16% From Clickjacking: Attacks and Defenses , by Lin-Shung Huang et al, Carnegie Mellon University / Microsoft Research

  28. Ensuring visual integrity of pointer • Freeze screen around target on pointer entry – Attack success: 43% -> 15% – Attack success (margin=10px): 12% – Attack success (margin=20px): 4% (baseline:5%) Margin=10px Margin=20px From Clickjacking: Attacks and Defenses , by Lin-Shung Huang et al, Carnegie Mellon University / Microsoft Research

  29. Ensuring visual integrity of pointer • Lightbox effect around target on pointer entry – Attack success (Freezing + lightbox): 2% From Clickjacking: Attacks and Defenses , by Lin-Shung Huang et al, Carnegie Mellon University / Microsoft Research

  30. Enforcing temporal integrity • UI delay: after visual changes on target or pointer, invalidate clicks for X ms – Attack success (delay=250ms): 47% -> 2% (2/91) – Attack success (delay=500ms): 1% (1/89) From Clickjacking: Attacks and Defenses , by Lin-Shung Huang et al, Carnegie Mellon University / Microsoft Research

  31. Enforcing temporal integrity • Pointer re-entry: after visual changes on target, invalidate clicks until pointer re-enters target – Attack success: 0% (0/88) 31 From Clickjacking: Attacks and Defenses , by Lin-Shung Huang et al, Carnegie Mellon University / Microsoft Research

  32. Other Forms of UI Sneakiness • Along with stealing events, attackers can use power of Javascript customization / dynamic changes to mess with the user ’ s mind … � • For example, the user may not be paying sufficient attention ... � – Tabnabbing � • Or they might find themselves living in The Matrix … �

  33. “ Browser in Browser ” Apparent browser is just a fully interactive image generated by Javascript running in real browser!

  34. Lessons • Clickjacking is an injection attack on the human brain • Trusted path is critical to security • The web security model was not designed with trusted path in mind • Changing the web security model is challenging, because of legacy constraints

  35. Discussion • So, how do these lessons apply to desktop applications? • Compare the security model for desktop apps: – Are desktop apps safer against these attacks? – Are desktop apps riskier against these attacks?

  37. Discussion • So, how do these lessons apply to mobile (smartphone/tablet) apps? • Compare the security model for mobile apps: – Are mobile apps safer against these attacks? – Are mobile apps riskier against these attacks?

Recommend

HTTP SECURITY HEADERS (Protection For Browsers) BIO Emmanuel JK Gbordzor ISO 27001 LI, CISA,

HTTP SECURITY HEADERS (Protection For Browsers) BIO Emmanuel JK Gbordzor ISO 27001 LI, CISA,

HTTP SECURITY HEADERS (Protection For Browsers) BIO Emmanuel JK Gbordzor ISO 27001 LI, CISA, CCNA, CCNA- Security, ITILv3, 11 years in IT About 2 years In Security Information Security Manager @ PaySwitch Head, Network &amp;

726 views • 27 slides
Print Books with Browsers Designing books in browsers using Paged.js Julie Blanc (@julieblancfr)

Print Books with Browsers Designing books in browsers using Paged.js Julie Blanc (@julieblancfr)

Print Books with Browsers Designing books in browsers using Paged.js Julie Blanc (@julieblancfr) Digital Publishing Summit May 26, 2019 Automated typesetting and pagination for print Make PDF outputs of HTML contents from browsers Flux

823 views • 67 slides
Extension Breakdown: Security Analysis of Browsers Extension Resources Control Policies

Extension Breakdown: Security Analysis of Browsers Extension Resources Control Policies

Extension Breakdown: Security Analysis of Browsers Extension Resources Control Policies Iskander Sanchez-Rola, Igor Santos, Davide Balzarotti Extensions Browser extensions are the most popular technique currently available to extend the

722 views • 38 slides
An Analysis of Private Browsing Modes in Modern Browsers

An Analysis of Private Browsing Modes in Modern Browsers

Stanford Computer Security Lab An Analysis of Private Browsing Modes in Modern Browsers Gaurav Aggarwal, Elie Bursztein, Collin Jackson, Dan Boneh Usenix

653 views • 40 slides
Browsers: Critical Infrastructure Ubiquitous: many platforms, sensitive apps Vulnerable:

Browsers: Critical Infrastructure Ubiquitous: many platforms, sensitive apps Vulnerable:

Browser Security Guarantees through Formal Shim Verification Zachary Tatlock Dongseok Jang Sorin Lerner UC San Diego Browsers: Critical Infrastructure Ubiquitous: many platforms, sensitive apps Vulnerable: Pwn2Own, just a click to

862 views • 73 slides
chromozoom.org rethinking the UI of genome browsers Ted Pak Roth Laboratory Donnelly Centre,

chromozoom.org rethinking the UI of genome browsers Ted Pak Roth Laboratory Donnelly Centre,

chromozoom.org rethinking the UI of genome browsers Ted Pak Roth Laboratory Donnelly Centre, University of Toronto Samuel Lunenfeld Research Institute, Mt. Sinai Hospital genome browsers: lots of data small viewable area UCSC, GBrowse,

418 views • 24 slides
Trusted Browsers for Uncertain Times David Kohlbrenner and Hovav Shacham UC San Diego Building

Trusted Browsers for Uncertain Times David Kohlbrenner and Hovav Shacham UC San Diego Building

Trusted Browsers for Uncertain Times David Kohlbrenner and Hovav Shacham UC San Diego Building a browser that can provably mitigate timing attacks Trusted Browsers Time and web browsers Mitigating attacks for A trusted browser

1.39k views • 85 slides
02. Web browsers and Web applications Nataliia Bielova

02. Web browsers and Web applications Nataliia Bielova

02. Web browsers and Web applications Nataliia Bielova @nataliabielova September 17 th , 2018 Web Privacy course University of Trento Today s class What is Web

647 views • 36 slides
Lecture 13 Transport Layer Security/ Secure Socket Layer (TLS/SSL) (Chapter 9 in KPS) SSL:

Lecture 13 Transport Layer Security/ Secure Socket Layer (TLS/SSL) (Chapter 9 in KPS) SSL:

Lecture 13 Transport Layer Security/ Secure Socket Layer (TLS/SSL) (Chapter 9 in KPS) SSL: Secure Sockets Layer v widely deployed security v original goals: protocol Web e-commerce supported by almost all transactions browsers, web

570 views • 21 slides
Lecture 14 Transport Layer Security/ Secure Socket Layer (TLS/SSL) (Chapter 9 in KPS) SSL:

Lecture 14 Transport Layer Security/ Secure Socket Layer (TLS/SSL) (Chapter 9 in KPS) SSL:

Lecture 14 Transport Layer Security/ Secure Socket Layer (TLS/SSL) (Chapter 9 in KPS) SSL: Secure Sockets Layer v widely deployed security v original goals: protocol Web e-commerce transactions supported by almost all browsers,

609 views • 21 slides
Producing media content for the browsers using GPAC Romain Bouqueau (GPAC Licensing) Cyril

Producing media content for the browsers using GPAC Romain Bouqueau (GPAC Licensing) Cyril

Producing media content for the browsers using GPAC Romain Bouqueau (GPAC Licensing) Cyril Concolato (Telecom ParisTech) 1 GPAC - FOSDEM 2015 Web &amp; Media Web Browsers are more and more capable of playing media data Either simply

171 views • 16 slides
Why are Web Browsers Slow on Smartphones? Zhen Wang (Rice) Felix Xiaozhu Lin (Rice) Lin Zhong

Why are Web Browsers Slow on Smartphones? Zhen Wang (Rice) Felix Xiaozhu Lin (Rice) Lin Zhong

Why are Web Browsers Slow on Smartphones? Zhen Wang (Rice) Felix Xiaozhu Lin (Rice) Lin Zhong (Rice) Mansoor Chishtie (TI) WINDOW TO THE CLOUD 2 Mobile browsers are slow 17 sec Nexus One (N1) HTC Dream (G1) 13 sec 12 sec 8 sec Top 10

745 views • 58 slides
The PUNCH Portal to Internet Computing: Run Any Software Anywhere via WWW Browsers Nirav H.

The PUNCH Portal to Internet Computing: Run Any Software Anywhere via WWW Browsers Nirav H.

The PUNCH Portal to Internet Computing: Run Any Software Anywhere via WWW Browsers Nirav H. Kapadia Jos e A. B. Fortes Mark S. Lundstrom School of Electrical and Computer Engineering Purdue University I. Introduction to PUNCH II. System

950 views • 47 slides
Applications and Applets An applet is a program delivered via the web security issues,

Applications and Applets An applet is a program delivered via the web security issues,

Applications and Applets An applet is a program delivered via the web security issues, sandbox model where does code/images/etc come from? How is it delivered? what browsers support the 1.1 AWT event model (what about 1.2)? Use

382 views • 3 slides
Ensuring Resource Trust and Integrity in Web Browsers using Blockchain Technology Benjamin

Ensuring Resource Trust and Integrity in Web Browsers using Blockchain Technology Benjamin

Introduction Conceptual Overview Peer Review Process Conclusion Ensuring Resource Trust and Integrity in Web Browsers using Blockchain Technology Benjamin Leiding 1 Clemens H. Cap 2 1 University of Gttingen, Germany

476 views • 21 slides
How to Run your Favorite Language on Web Browsers The Revenge of Virtual Machines Paris, le 4

How to Run your Favorite Language on Web Browsers The Revenge of Virtual Machines Paris, le 4

Benjamin Canou, Emmanuel Chailloux and Jrme Vouillon . . . How to Run your Favorite Language on Web Browsers The Revenge of Virtual Machines Paris, le 4 octobre 2011 WWW 2012, Lyon, France . Introduction . . Introduction 3/20 What

341 views • 20 slides
Designing the Browser @joshcarpenter, Google Oct 19 2016, W3C WebVR Workshop All browsers

Designing the Browser @joshcarpenter, Google Oct 19 2016, W3C WebVR Workshop All browsers

Designing the Browser @joshcarpenter, Google Oct 19 2016, W3C WebVR Workshop All browsers should... No UI dead zones: Maximize for creative freedom of 360 experiences. Do not take away real estate from developers by persisting browser UI

499 views • 16 slides
Morellian Analysis for Browsers: Making Web Authentication Stronger With Canvas Fingerprinting

Morellian Analysis for Browsers: Making Web Authentication Stronger With Canvas Fingerprinting

Morellian Analysis for Browsers: Making Web Authentication Stronger With Canvas Fingerprinting Pierre Laperdrix , Gildas Avoine, Benoit Baudry, Nick Nikiforakis DIMVA 2019 In Introduction Web attacks and data breaches 2 Attacks on the

945 views • 66 slides
Sugar: Secure GPU Acceleration in Web Browsers Zhihao Yao , Zongheng Ma, Yingtong Liu, Ardalan

Sugar: Secure GPU Acceleration in Web Browsers Zhihao Yao , Zongheng Ma, Yingtong Liu, Ardalan

Sugar: Secure GPU Acceleration in Web Browsers Zhihao Yao , Zongheng Ma, Yingtong Liu, Ardalan Amiri Sani, Aparna Chandramowlishwaran Trustworthy Systems Lab, UC Irvine 1 WebGL was released in 2011 Source: https://www.google.com/map 2 WebGL

846 views • 59 slides
Real-Time Communica/on in Web-browsers (RTCWeb) Michael

Real-Time Communica/on in Web-browsers (RTCWeb) Michael

Real-Time Communica/on in Web-browsers (RTCWeb) Michael Txen (tuexen@=-muenster.de) Outline RTCWeb overview Peer to peer protocol stack RTCWeb

490 views • 22 slides
A Reference Architecture for Web Browsers Alan Grosskurth and Michael W. Godfrey Software

A Reference Architecture for Web Browsers Alan Grosskurth and Michael W. Godfrey Software

A Reference Architecture for Web Browsers Alan Grosskurth and Michael W. Godfrey Software Architecture Group (SWAG) School of Computer Science University of Waterloo, Waterloo, Canada { agrossku,migod } @uwaterloo.ca 2005.09.29 1 Overview

600 views • 13 slides
UCSC interactive ucscin.org rethinking the UI of genome browsers Ted Pak Roth Laboratory

UCSC interactive ucscin.org rethinking the UI of genome browsers Ted Pak Roth Laboratory

UCSC interactive ucscin.org rethinking the UI of genome browsers Ted Pak Roth Laboratory Donnelly Centre, University of Toronto Samuel Lunenfeld Research Institute, Mt. Sinai Hospital motivation live demo how it works motivation live

1.14k views • 77 slides
Beauty and the Beast: Diverting modern web browsers to build unique browser fingerprints Pierre

Beauty and the Beast: Diverting modern web browsers to build unique browser fingerprints Pierre

Beauty and the Beast: Diverting modern web browsers to build unique browser fingerprints Pierre Laperdrix, Walter Rudametkin, Benoit Baudry 2/19 Example of a fingerprint Attribute Value User agent Mozilla/5.0 (X11; Linux i686; rv:25.0)

215 views • 19 slides
Fidelius: Protecting User Secrets from Compromised Browsers Saba Eskandarian , Jonathan Cogan,

Fidelius: Protecting User Secrets from Compromised Browsers Saba Eskandarian , Jonathan Cogan,

Fidelius: Protecting User Secrets from Compromised Browsers Saba Eskandarian , Jonathan Cogan, Sawyer Birnbaum, Peh Chang Wei Brandon, Dillon Franke, Forest Fraser, Gaspar Garcia, Eric Gong, Hung T. Nguyen, Taresh K. Sethi, Vishal Subbiah,

718 views • 28 slides

More recommend