HowILearnedtoStopWorrying andLovePlugins - - PowerPoint PPT Presentation

how i learned to stop worrying and love plugins
SMART_READER_LITE
LIVE PREVIEW

HowILearnedtoStopWorrying andLovePlugins - - PowerPoint PPT Presentation

Aug 29, 2022 118 likes •341 views

HowILearnedtoStopWorrying andLovePlugins ChrisGrier,SamuelT.King,DanS.Wallach UIUC,RiceUniversity BrowserPlugins

slide-1
SLIDE 1

How
I
Learned
to
Stop
Worrying
 and
Love
Plugins


Chris
Grier,
Samuel
T.
King,
Dan
S.
Wallach
 UIUC,
Rice
University


slide-2
SLIDE 2

Browser
Plugins


  • Plugins
enable
new
types
of
content
to
be
displayed
by


browsers


  • Rich
media,
interacGvity


  • Last
year
419
disclosed
plugin
vulnerabiliGes


– Acrobat,
Flash,
Java,
etc…



  • Plugins
can
provide
a
direct
means
to
take
over


computer
systems


– 99%
of
Internet
users
have
at
least
one
plugin
installed


2


slide-3
SLIDE 3

3


slide-4
SLIDE 4

Tuesday
news


4


Flash,
Acrobat
vulnerabiliGes
used
for
drive‐by
download
 
 CERT
release
says
malware
redirects
Google
search
results


slide-5
SLIDE 5

5


slide-6
SLIDE 6
  • hVp://www.flickr.com/photos/24967759@N00/2924995732/


6


slide-7
SLIDE 7

Current
state
of
the
art


  • FF/IE8



– No
control
over
plugins
 – AcGveX
sGll
poses
substanGal
security
risks


  • Chrome,
OP,
Gazelle


– Plugins
isolated
from
browser
 – OP/Gazelle
‐‐
plugins
use
browser
kernel
 – Chrome
supports
using
sandbox
for
plugins
 – What
policies
to
enforce?


7


slide-8
SLIDE 8

Plugin
policies


  • What
plugin
policies
should
we
use?

  • Start
looking
at
tradeoffs
with
security
vs.


funcGonality
and
compaGbility


8


slide-9
SLIDE 9

Outline


  • Browser
and
plugin
architectures

  • Plugin
capabiliGes

  • Proposed
policies

  • Preliminary
Flash
study


9


slide-10
SLIDE 10

IsolaGng
plugins


  • Plugin
in
a
sandbox


– Required
to
use
browser
 – Prevent
system
damage


  • Browser
handles
plugin


access


  • Possible
sandboxes


include


– NaCl,
OS‐level
sandboxes,


  • thers


10


Separate
protecGon
domains


slide-11
SLIDE 11

Benefits
of
using
browser


  • Browser
has
semanGc
informaGon
from


parsing
page


– Can
use
HTML
aVributes,
tags


  • Users
have
a
single
place
for
configuraGon
of


security
policy


11


slide-12
SLIDE 12

Plugin
capabiliGes


  • DOM

  • Network

  • Storage

  • Devices


12


slide-13
SLIDE 13

Proposed
policies


  • Goal:
Determine
acceptable
policies
for
plugins

  • Policy
for
each
of
the
different
areas
of
access

  • The
mechanism
exists,
we
need
to
develop


policies
that
are
reasonable


– Allow
funcGonality
 – Use
browser
to
enforce
security


  • Many
possibiliGes,
more
detail
in
paper


13


slide-14
SLIDE 14

Document
access


  • Rooted
subtree


– Web
page
author
specifies
an
 element
for
plugin
 – Plugin
has
access
to
the
element,
 can
modify
subtree


  • Clean
document


– Provide
the
plugin
with
access
to
 the
tags
and
structure
 – Remove
text,
aVributes


14


slide-15
SLIDE 15

Persistent
state


  • Jailed
access


– Filesystem
is
accessed
through
chroot
type
jails


  • AutomaGc


– Determine
global
vs.
local
state
automaGcally
 – ParGGon
the
plugins
accesses


15


slide-16
SLIDE 16

Network
access


  • Same‐company


– Origin
too
fine,
should
abstract
to
handle
popular
 use
like
content
delivery
networks
 – DNS
lookups
provide
hints
for
domain
ownership


  • All‐or‐one


– Plugins
can
choose:
any
network
access
or
local
 system
access
but
not
both


16


slide-17
SLIDE 17

Device
access


  • Don’t
let
plugins
determine
access
on
their
own


– Page,
user,
and
plugin
can
provide
hints


  • CapabiliGes


– Page
defines
a
set
of
capabiliGes
a
plugin
can
request,
 browser
policy
can
be
more
or
less
restricGve
 – Embedding
an
ad?
No
device
access.
 – Embedding
a
game?
Sound
playback
only.


17


slide-18
SLIDE 18

What
to
fix
first


  • A
quick
look
at
what
Flash
does
online

  • Minimize
impact
on
backwards
compaGbility
‐
get
the


mechanisms
and
policy
in
place.


  • Download
random
SWFs,
decode
and
inspect
which
APIs


are
used


– Networking/Socket:
68%
 – ExternalInterface,
LocalConnecGon:
1%
 – FileReference:
<1%

 – Media
APIs
for
camera/mic
access:
2%
 – Shared
objects
(flash
cookies):
2%


18


slide-19
SLIDE 19

Conclusion


  • Plugins
significantly
enhance
the
web
experience


– Adds
great
funcGonality
 – With
significant
security
problems


  • Browser
controls
can
enable
security
without


losing
funcGonality


  • Commercial
and
research
browsers
have


mechanisms
but
we
need
good
policies


19


slide-20
SLIDE 20

QuesGons?


20


slide-21
SLIDE 21

Specific
Flash
use


  • AdverGsement
(MS
Flash
ad
on
Facebook)


– No
network,
filesystem,
document
 – Sound
device
opened


  • Game
(Pandemic
2)


– No
document,
fs
access
 – Plays
sound,
opens
new
tabs
for
web
pages


  • Video
(Hulu)


– Stores
sepngs
using
flash
cookies
 – Fetches
video
content
with
networking
API
 – No
document
access
 – Full‐screen,
video
and
sound


21