cs 527 software security
play

CS-527 Software Security Browser Security Asst. Prof. Mathias Payer - PowerPoint PPT Presentation

Jun 18, 2023 •258 likes •434 views

CS-527 Software Security Browser Security Asst. Prof. Mathias Payer Department of Computer Science Purdue University TA: Kyriakos Ispoglou https://nebelwelt.net/teaching/17-527-SoftSec/ Spring 2017 Web Environment Table of Contents Web

  1. CS-527 Software Security Browser Security Asst. Prof. Mathias Payer Department of Computer Science Purdue University TA: Kyriakos Ispoglou https://nebelwelt.net/teaching/17-527-SoftSec/ Spring 2017

  2. Web Environment Table of Contents Web Environment 1 Design Principles 2 Browser isolation principles 3 Attack vectors 4 Summary and conclusion 5 Mathias Payer (Purdue University) CS-527 Software Security 2017 2 / 16

  3. Web Environment Basics Uniform Resource Locators (URLs) allow global identification of retrievable documents, specifying both the protocol and location of the resource. Location is broken into hostname, port, path, query (a sequence of variable=value statements with & as delimeter), and fragment, e.g., protocol://hostname:port/path/?query#fragment The Hyper Text Transfer Protocol (HTTP) allows a host to fetch URLs from a remote server. HTTP is a simple stateless protocol where a client requests a page (including some auxiliary headers). The response contains the HTTP version, status code, reason, headers, length, and data in a simple human readable format. Mathias Payer (Purdue University) CS-527 Software Security 2017 3 / 16

  4. Web Environment Browsers Modern browsers have evolved into complex applications that retrieve and display html documents retrieved over http. The browser process handles entering and displaying of the URI. Upon receiving a new display request the browser process asks the browser engine if the location is cached; if not, it requests the page over http. The renderer process takes web page and renders it. A window/frame uses a basic execution model that loops between content loading, rendering, and reacting to events (user actions, rendering, or timing). Mathias Payer (Purdue University) CS-527 Software Security 2017 4 / 16

  5. Web Environment Rendering Rendering is not that simple. A bunch of different parsers handle data in different formats. There’s HTML, JavaScript, CSS, Images, and many more. All parsers and the JavaScript engine that allows dynamic code to be executed, update the Document Object Model (DOM) tree which is then “rendered”. Mathias Payer (Purdue University) CS-527 Software Security 2017 5 / 16

  6. Design Principles Table of Contents Web Environment 1 Design Principles 2 Browser isolation principles 3 Attack vectors 4 Summary and conclusion 5 Mathias Payer (Purdue University) CS-527 Software Security 2017 6 / 16

  7. Design Principles Security goals A tab cannot compromise data on the system. A tab cannot compromise data in other tabs. A tab cannot hijack and control other tabs. Mathias Payer (Purdue University) CS-527 Software Security 2017 7 / 16

  8. Design Principles Different threat models Web attacker: may control a server and/or certificate. User actively visits the page (or app or ad). Network attacker: passive eavesdropper or active man in the middle (MITM), or ARP/DNS poisoning attack. OS attacker: exploit browser and control execution. Mathias Payer (Purdue University) CS-527 Software Security 2017 8 / 16

  9. Browser isolation principles Table of Contents Web Environment 1 Design Principles 2 Browser isolation principles 3 Attack vectors 4 Summary and conclusion 5 Mathias Payer (Purdue University) CS-527 Software Security 2017 9 / 16

  10. Browser isolation principles Browser isolation The browser isolates fault domains through processes. The browser process controls a GPU process, a sandbox for each renderer, and a set of sandboxes for different plugins. Each sandbox is isolated from the system and other sandboxes. Each sandbox is reduced to the least privilege. On Linux, chrome uses seccomp secured processes to enforce isolation and least privilege. Mathias Payer (Purdue University) CS-527 Software Security 2017 10 / 16

  11. Attack vectors Table of Contents Web Environment 1 Design Principles 2 Browser isolation principles 3 Attack vectors 4 Summary and conclusion 5 Mathias Payer (Purdue University) CS-527 Software Security 2017 11 / 16

  12. Attack vectors Heap spraying Browser sandboxes are very constrained but an attacker may execute arbitrary code through JavaScript. Vulnerabilities like use-after-free are often imprecise due to variance in the heap (i.e., where objects are allocated). Idea: spray a large amount of the same object across the heap, allocating many objects. Only one object will then have to be hit in the exploit. Heap spraying conceptually solves the same problem as NOP slides. How would you detect heap spraying? Mathias Payer (Purdue University) CS-527 Software Security 2017 12 / 16

  13. Attack vectors Information leaks Browsers have several side channels that allow an attacker to identify “loaded” resources. Web cache-based attacks: image/script load times Identification: supported fonts, plugin versions, sites visited System cache-based attacks: rowhammer, covert channels. Mathias Payer (Purdue University) CS-527 Software Security 2017 13 / 16

  14. Summary and conclusion Table of Contents Web Environment 1 Design Principles 2 Browser isolation principles 3 Attack vectors 4 Summary and conclusion 5 Mathias Payer (Purdue University) CS-527 Software Security 2017 14 / 16

  15. Summary and conclusion Summary Browsers leverage HTTP and URLs to retrieve HTML documents. Browsers run individual webpages at least privileges in isolation. An attacker may control the content of the website at different levels. Vulnerabilities in the browser allow an attacker to escape and escalate privileges. Two examples of attack vectors are heap spraying and side channels. Mathias Payer (Purdue University) CS-527 Software Security 2017 15 / 16

  16. Summary and conclusion Questions? ? Mathias Payer (Purdue University) CS-527 Software Security 2017 16 / 16

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

deel 2 sws1 1 Software and Web Security - 1 & 2 Software is the main source of security

deel 2 sws1 1 Software and Web Security - 1 & 2 Software is the main source of security

Software and Web Security deel 2 sws1 1 Software and Web Security - 1 & 2 Software is the main source of security vulnerabilities esp in systems accessible via a network part 1 security problems in machine code, compiled from C(++)

1.35k views • 67 slides
Software and Web Security deel 2 deel 2 sws1 Software and Web Security - 1 & 2 y Software

Software and Web Security deel 2 deel 2 sws1 Software and Web Security - 1 & 2 y Software

1 Software and Web Security deel 2 deel 2 sws1 Software and Web Security - 1 & 2 y Software is the main source of security vulnerabilities esp in systems accessible via a network i t ibl i t k part 1 part 1 security problems

672 views • 65 slides
Software Security By Hunter Stevenson Khalid Alharbi CSCI 5828 Foundations of Software

Software Security By Hunter Stevenson Khalid Alharbi CSCI 5828 Foundations of Software

Software Security By Hunter Stevenson Khalid Alharbi CSCI 5828 Foundations of Software Engineering Spring 2012 What is the talk NOT about? Cryptography. Database security. Operating Systems security. Network security.

1.37k views • 121 slides
Software Security: Defenses & Principles CS 161: Computer Security Prof. Vern Paxson TAs:

Software Security: Defenses & Principles CS 161: Computer Security Prof. Vern Paxson TAs:

Software Security: Defenses & Principles CS 161: Computer Security Prof. Vern Paxson TAs: Devdatta Akhawe, Mobin Javed & Matthias Vallentin http://inst.eecs.berkeley.edu/~cs161/ January 25, 2011 Testing for Software Security Issues

444 views • 42 slides
Engineering Secure Software The Basics of Software Security Terminology Vulnerabilities Trust

Engineering Secure Software The Basics of Software Security Terminology Vulnerabilities Trust

Engineering Secure Software The Basics of Software Security Terminology Vulnerabilities Trust Boundary Attacks Threats Application Attacker Exploit Vulnerability : a software defect with security consequences Threat : a potential danger to

1.54k views • 80 slides
Software In-Security Buffer overflows Overview Web Application security Malware OS

Software In-Security Buffer overflows Overview Web Application security Malware OS

Lecture overview Table of contents: Introduction to SW security Software In-Security Buffer overflows Overview Web Application security Malware OS security topics Code scanning Emmanuel Benoist Taught by Ulrich

479 views • 13 slides
CS-412 Software Security Introduction Mathias Payer EPFL, Spring 2019 Mathias Payer CS-412

CS-412 Software Security Introduction Mathias Payer EPFL, Spring 2019 Mathias Payer CS-412

CS-412 Software Security Introduction Mathias Payer EPFL, Spring 2019 Mathias Payer CS-412 Software Security Course outline Secure software lifecycle Security policies Attack vectors Defense strategies: mitigations and testing Case

681 views • 49 slides
CS412 Software Security Secure Software Lifecycle Mathias Payer EPFL, Spring 2019 Mathias Payer

CS412 Software Security Secure Software Lifecycle Mathias Payer EPFL, Spring 2019 Mathias Payer

CS412 Software Security Secure Software Lifecycle Mathias Payer EPFL, Spring 2019 Mathias Payer CS412 Software Security Software liveliness Software is not a one-shot effort Software development, production, and maintenance are cost/labor

449 views • 23 slides
CS412 Software Security Web Security Mathias Payer EPFL, Spring 2019 Mathias Payer CS412

CS412 Software Security Web Security Mathias Payer EPFL, Spring 2019 Mathias Payer CS412

CS412 Software Security Web Security Mathias Payer EPFL, Spring 2019 Mathias Payer CS412 Software Security Web (and internet) security: two views Just a long running network service Complex application with multiple layers and components.

577 views • 47 slides
Introduction Gang Tan Penn State University Spring 2019 CMPSC 447: Software Security Why a

Introduction Gang Tan Penn State University Spring 2019 CMPSC 447: Software Security Why a

Introduction Gang Tan Penn State University Spring 2019 CMPSC 447: Software Security Why a course on software security? Software plays a major role in the modern society But is a major source of security problems. Software is the

659 views • 30 slides
Secure Software Development TDDC90 Software Security Ulf Kargn Institutionen fr

Secure Software Development TDDC90 Software Security Ulf Kargn Institutionen fr

Secure Software Development TDDC90 Software Security Ulf Kargn Institutionen fr Datavetenskap (IDA) Avdelningen fr Databas- och Informationsteknik (ADIT) Original slides by Marcus Bendtsen Agenda Securing the software

1.91k views • 65 slides
Chapter 11 Software Security Secure programs Security implies some degree of trust that the

Chapter 11 Software Security Secure programs Security implies some degree of trust that the

Chapter 11 Software Security Secure programs Security implies some degree of trust that the program enforces expected C onfidentiality I ntegrity A vailability How can we look at software component and assess its

837 views • 49 slides
CS527 Software Security Secure Software Lifecycle Mathias Payer Purdue University, Spring 2018

CS527 Software Security Secure Software Lifecycle Mathias Payer Purdue University, Spring 2018

CS527 Software Security Secure Software Lifecycle Mathias Payer Purdue University, Spring 2018 Mathias Payer CS527 Software Security Software liveliness Software is not a one-shot effort Software development, production, and maintenance are

725 views • 23 slides
Web Security TDDC90 Software Security Ulf Kargn Institutionen fr Datavetenskap (IDA)

Web Security TDDC90 Software Security Ulf Kargn Institutionen fr Datavetenskap (IDA)

Web Security TDDC90 Software Security Ulf Kargn Institutionen fr Datavetenskap (IDA) Avdelningen fr Databas- och Informationsteknik (ADIT) Original slides by Marcus Bendtsen Some recent attacks 2 A game changer The Internet

1.17k views • 87 slides
Software Security Return to Libc and ROP Jan Nordholz Prof. Jean-Pierre Seifert Security in

Software Security Return to Libc and ROP Jan Nordholz Prof. Jean-Pierre Seifert Security in

Software Security Return to Libc and ROP Jan Nordholz Prof. Jean-Pierre Seifert Security in Telecommunications TU Berlin SoSe 2014 jan (sect) Software Security SoSe 2014 1 / 13 Recap: Overflow Bugs Ingredients: fixed-size buffer on the

429 views • 13 slides
CS527 Software Security Web Security Mathias Payer Purdue University, Spring 2018 Mathias Payer

CS527 Software Security Web Security Mathias Payer Purdue University, Spring 2018 Mathias Payer

CS527 Software Security Web Security Mathias Payer Purdue University, Spring 2018 Mathias Payer CS527 Software Security Daemons / Services / Servers A daemon is a long running service that serves outside requests. A web server, a mail

503 views • 31 slides
A new multidimensional-type reconstruction and limiting procedure for unstructured (cell-centered)

A new multidimensional-type reconstruction and limiting procedure for unstructured (cell-centered)

A new multidimensional-type reconstruction and limiting procedure for unstructured (cell-centered) FVs solving hyperbolic conservation laws Argiris I. Delis & Ioannis K. Nikolos (TUC) Department of Sciences-Division of Mathematics

1.1k views • 95 slides
Solving Non-deterministic Planning Problems with Pattern Database Heuristics Pascal Bercher

Solving Non-deterministic Planning Problems with Pattern Database Heuristics Pascal Bercher

, Formalization & Search PDB-Heuristic Benchmarks Conclusion Solving Non-deterministic Planning Problems with Pattern Database Heuristics Pascal Bercher Robert Mattm uller Institute of Artificial Intelligence Department of Computer

865 views • 28 slides
Reconfigurable Acceleration Fabric Mingyu Gao , Christina Delimitrou, Dimin Niu, Krishna Malladi,

Reconfigurable Acceleration Fabric Mingyu Gao , Christina Delimitrou, Dimin Niu, Krishna Malladi,

DRAF: A Low-Power DRAM-based Reconfigurable Acceleration Fabric Mingyu Gao , Christina Delimitrou, Dimin Niu, Krishna Malladi, Hongzhong Zheng, Bob Brennan, Christos Kozyrakis ISCA June 22, 2016 FPGA-Based Accelerators Improve performance

555 views • 23 slides
PASSE MEETING This event is sponsored by the TBI Advisory Board Workgroup, specifically the

PASSE MEETING This event is sponsored by the TBI Advisory Board Workgroup, specifically the

PASSE MEETING This event is sponsored by the TBI Advisory Board Workgroup, specifically the Underserved Populations Sub-Workgroup and the Trust Fund/Waiver Sub-Workgroup The purpose of this meeting is to learn about PASSE and discuss the

403 views • 16 slides
University . BONORA - IRTESTE FEST : Sissa 2015 July 1.2 , , THE LIOUVILLE Equation

University . BONORA - IRTESTE FEST : Sissa 2015 July 1.2 , , THE LIOUVILLE Equation

LIOUVILLE ASPECTS ARITHMETIC OF Alotrovamoh ' ettore Florida State University . BONORA - IRTESTE FEST : Sissa 2015 July 1.2 , , THE LIOUVILLE Equation tzet * - . THE EQUATION LIOUVILLE U C- C U ,R ) ( . ye ,

512 views • 28 slides
UEC Quality of Life Committee Frank Chlebana, Fermilab (chair) Your name here (deputy) TBD

UEC Quality of Life Committee Frank Chlebana, Fermilab (chair) Your name here (deputy) TBD

UEC Quality of Life Committee Frank Chlebana, Fermilab (chair) Your name here (deputy) TBD Nov 17, 2017 Quality of Life We had a QoL subcommittee meeting on Dec 12, 2017 Apologies that the meeting was not broadly advertised Propose we

498 views • 7 slides
Science One Math March 21, 2018 Announcements Webwork MATH 2.9 due on Saturday short, on

Science One Math March 21, 2018 Announcements Webwork MATH 2.9 due on Saturday short, on

Science One Math March 21, 2018 Announcements Webwork MATH 2.9 due on Saturday short, on sequences and geometric series WebWork MATH 2.10 due a week on Saturday on convergence tests, start working on it NOW Todays evening

397 views • 17 slides
Leaving Certificate Applied Hotel Catering and Tourism Aims To help students develop

Leaving Certificate Applied Hotel Catering and Tourism Aims To help students develop

15/05/2013 Leaving Certificate Applied Hotel Catering and Tourism Aims To help students develop competencies of a broad personal and vocational nature. To promote and develop social inclusion, teamwork, quality consciousness,

348 views • 20 slides

More recommend