intercepting suspicious chrome extension actions
play

Intercepting Suspicious Chrome Extension Actions Michael Cypher - PowerPoint PPT Presentation

Dec 06, 2022 •21 likes •561 views

Intercepting Suspicious Chrome Extension Actions Michael Cypher Department of Computing Imperial College London June 26, 2017 Michael Cypher (Imperial College London) Intercepting Suspicious Chrome Extension Actions June 26, 2017 1 / 31

  1. Intercepting Suspicious Chrome Extension Actions Michael Cypher Department of Computing Imperial College London June 26, 2017 Michael Cypher (Imperial College London) Intercepting Suspicious Chrome Extension Actions June 26, 2017 1 / 31

  2. Chrome Browser User Usage Most popular desktop browser (62%) and browser in general (52%) and is used to execute sensitive web applications Michael Cypher (Imperial College London) Intercepting Suspicious Chrome Extension Actions June 26, 2017 2 / 31

  3. Chrome Browser Multi-process Architecture Michael Cypher (Imperial College London) Intercepting Suspicious Chrome Extension Actions June 26, 2017 3 / 31

  4. Chrome Extensions The same-origin policy prevents attackers from executing arbitrary code on web-pages, right? Michael Cypher (Imperial College London) Intercepting Suspicious Chrome Extension Actions June 26, 2017 4 / 31

  5. Chrome Extensions The same-origin policy prevents attackers from executing arbitrary code on web-pages, right? Not if they’re extensions! Michael Cypher (Imperial College London) Intercepting Suspicious Chrome Extension Actions June 26, 2017 4 / 31

  6. Chrome Extensions The same-origin policy prevents attackers from executing arbitrary code on web-pages, right? Not if they’re extensions! Extensions can execute content scripts on pages (if granted permission by users) Michael Cypher (Imperial College London) Intercepting Suspicious Chrome Extension Actions June 26, 2017 4 / 31

  7. Chrome Extensions The same-origin policy prevents attackers from executing arbitrary code on web-pages, right? Not if they’re extensions! Extensions can execute content scripts on pages (if granted permission by users) have access powerful Chrome extension APIs Michael Cypher (Imperial College London) Intercepting Suspicious Chrome Extension Actions June 26, 2017 4 / 31

  8. Chrome Extensions The same-origin policy prevents attackers from executing arbitrary code on web-pages, right? Not if they’re extensions! Extensions can execute content scripts on pages (if granted permission by users) have access powerful Chrome extension APIs are assumed to be benign-but-buggy and not malicious ! Michael Cypher (Imperial College London) Intercepting Suspicious Chrome Extension Actions June 26, 2017 4 / 31

  9. Extension System Architecture Security Model Michael Cypher (Imperial College London) Intercepting Suspicious Chrome Extension Actions June 26, 2017 5 / 31

  10. Malicious Extensions Permission model does not protect users from malicious extensions! Malicious extensions may provide useful functionality Michael Cypher (Imperial College London) Intercepting Suspicious Chrome Extension Actions June 26, 2017 6 / 31

  11. Malicious Extensions Permission model does not protect users from malicious extensions! Malicious extensions may provide useful functionality Content scripts can carry out attacks using standard Web APIs Michael Cypher (Imperial College London) Intercepting Suspicious Chrome Extension Actions June 26, 2017 6 / 31

  12. Malicious Extensions Threats Several threats are widespread on Chrome Web Store 1 Facebook hijacking present in 4,809 extensions (2012 - 2015) Michael Cypher (Imperial College London) Intercepting Suspicious Chrome Extension Actions June 26, 2017 7 / 31

  13. Malicious Extensions Threats Several threats are widespread on Chrome Web Store 1 Facebook hijacking present in 4,809 extensions (2012 - 2015) 2 Ad Injection present in 3,496 extensions Michael Cypher (Imperial College London) Intercepting Suspicious Chrome Extension Actions June 26, 2017 7 / 31

  14. Malicious Extensions Threats Several threats are widespread on Chrome Web Store 1 Facebook hijacking present in 4,809 extensions (2012 - 2015) 2 Ad Injection present in 3,496 extensions 3 User Tracking Michael Cypher (Imperial College London) Intercepting Suspicious Chrome Extension Actions June 26, 2017 7 / 31

  15. Malicious Extensions Threats Several threats are widespread on Chrome Web Store 1 Facebook hijacking present in 4,809 extensions (2012 - 2015) 2 Ad Injection present in 3,496 extensions 3 User Tracking Google automatically analyzes extensions for malice in sandboxes before publishing them but provides no guarantees Michael Cypher (Imperial College London) Intercepting Suspicious Chrome Extension Actions June 26, 2017 7 / 31

  16. Project Goals 1 Protect users from malicious extensions and provide security guarantees Michael Cypher (Imperial College London) Intercepting Suspicious Chrome Extension Actions June 26, 2017 8 / 31

  17. Project Goals 1 Protect users from malicious extensions and provide security guarantees 2 Break minimal benign web applications and extensions Michael Cypher (Imperial College London) Intercepting Suspicious Chrome Extension Actions June 26, 2017 8 / 31

  18. Project Goals 1 Protect users from malicious extensions and provide security guarantees 2 Break minimal benign web applications and extensions 3 Not incur a significant performance overhead Michael Cypher (Imperial College London) Intercepting Suspicious Chrome Extension Actions June 26, 2017 8 / 31

  19. Intercepting Suspicious Chrome Extension Actions Our approach... Analyze extension behaviour at run-time and ask users to allow or prevent suspicious actions! Michael Cypher (Imperial College London) Intercepting Suspicious Chrome Extension Actions June 26, 2017 9 / 31

  20. Intercepting Suspicious Chrome Extension Actions Project Challenges Project challenges What extension actions do we consider suspicious? Differentiating between extension actions and other script actions Improving user experience and suspicious action classification Michael Cypher (Imperial College London) Intercepting Suspicious Chrome Extension Actions June 26, 2017 10 / 31

  21. Suspicious Actions Focus on content script operations and add permissions around standard Web APIs that harm users EventTarget.click() Michael Cypher (Imperial College London) Intercepting Suspicious Chrome Extension Actions June 26, 2017 11 / 31

  22. Suspicious Actions Focus on content script operations and add permissions around standard Web APIs that harm users EventTarget.click() Node.appendChild() (45% of malware) Michael Cypher (Imperial College London) Intercepting Suspicious Chrome Extension Actions June 26, 2017 11 / 31

  23. Suspicious Actions Focus on content script operations and add permissions around standard Web APIs that harm users EventTarget.click() Node.appendChild() (45% of malware) XMLHttpRequest.send() (52% of malware) Michael Cypher (Imperial College London) Intercepting Suspicious Chrome Extension Actions June 26, 2017 11 / 31

  24. Suspicious Actions Focus on content script operations and add permissions around standard Web APIs that harm users EventTarget.click() Node.appendChild() (45% of malware) XMLHttpRequest.send() (52% of malware) Filter out benign events, or operations on elements not attached to DOM. Michael Cypher (Imperial College London) Intercepting Suspicious Chrome Extension Actions June 26, 2017 11 / 31

  25. Suspicious Actions Configuring Suspicious Actions Michael Cypher (Imperial College London) Intercepting Suspicious Chrome Extension Actions June 26, 2017 12 / 31

  26. Intercepting Suspicious Chrome Extension Actions Project Challenges Project challenges What extension actions do we consider suspicious? Differentiating between extension actions and other script actions Improving user experience and suspicious action classification Michael Cypher (Imperial College London) Intercepting Suspicious Chrome Extension Actions June 26, 2017 13 / 31

  27. Detecting Extension Actions Alternatives Neither approach provides security guarantees Measuring the ordering and frequency of events Transforming content script JavaScript to taint methods Michael Cypher (Imperial College London) Intercepting Suspicious Chrome Extension Actions June 26, 2017 14 / 31

  28. Detecting Extension Actions Using the Isolated World Michael Cypher (Imperial College London) Intercepting Suspicious Chrome Extension Actions June 26, 2017 15 / 31

  29. Detecting Extension Actions Using the Isolated World Michael Cypher (Imperial College London) Intercepting Suspicious Chrome Extension Actions June 26, 2017 15 / 31

  30. Script Injection Executing Scripts in the Main World Michael Cypher (Imperial College London) Intercepting Suspicious Chrome Extension Actions June 26, 2017 16 / 31

  31. Script Injection Executing Scripts in the Main World Michael Cypher (Imperial College London) Intercepting Suspicious Chrome Extension Actions June 26, 2017 16 / 31

  32. Script Injection Executing Scripts in the Main World Michael Cypher (Imperial College London) Intercepting Suspicious Chrome Extension Actions June 26, 2017 16 / 31

  33. Intercepting Suspicious Chrome Extension Actions Project Challenges Project challenges What extension actions do we consider suspicious? Differentiating between extension actions and other script actions Improving user experience and suspicious action classification Michael Cypher (Imperial College London) Intercepting Suspicious Chrome Extension Actions June 26, 2017 17 / 31

  34. Describing Suspicious Actions Improving User Experience Users need to be able to correctly classify suspicious actions Let web-pages describe elements themselves Highlight or scroll to element under question Michael Cypher (Imperial College London) Intercepting Suspicious Chrome Extension Actions June 26, 2017 18 / 31

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Introduction Presenter: Jienan Liu Network, Intelligence & security Lab What is Chrome

Introduction Presenter: Jienan Liu Network, Intelligence & security Lab What is Chrome

Chrome Extension Introduction Presenter: Jienan Liu Network, Intelligence & security Lab What is Chrome Extension Extension Small software programs that can modify and enhance the functionality of the Chrome browser. Written

576 views • 18 slides
Revisiting the Chrome Extension Permissions Model Pranav Prakash, Chester Leung 1 Courtesy of

Revisiting the Chrome Extension Permissions Model Pranav Prakash, Chester Leung 1 Courtesy of

Revisiting the Chrome Extension Permissions Model Pranav Prakash, Chester Leung 1 Courtesy of W3Counter 2 Courtesy of W3Counter 3 Chrome has ~190,000 Google Chrome extensions released 2010 2020 2008 2019 Chrome adds Chrome removes

1.07k views • 105 slides
5. Note two things, the box now says, Added to Chrome. Notice the Blue box with an S (for Snagit)

5. Note two things, the box now says, Added to Chrome. Notice the Blue box with an S (for Snagit)

Snagit for Google Chrome: Instructions IMPORTANT. You will need to be in Chrome and Not on Chrome for this app to work. (go to Chrome first, then go to whatever site you plan to screencast.) 1. Open Chrome, Type in Snagit for Chrome.

184 views • 3 slides
Security Architecture Presenter: Jienan Liu Network, Intelligence & security Lab outline

Security Architecture Presenter: Jienan Liu Network, Intelligence & security Lab outline

Chrome Extension Security Architecture Presenter: Jienan Liu Network, Intelligence & security Lab outline Chrome extension introduction Threats towards extension Chrome extensions security architecture What is Chrome

348 views • 23 slides
WatchKit Actions & Outlets Actions & Outlets App Extension (Interface) (Code) Watch

WatchKit Actions & Outlets Actions & Outlets App Extension (Interface) (Code) Watch

WatchKit Actions & Outlets Actions & Outlets App Extension (Interface) (Code) Watch iPhone Actions Interface elements can trigger some code e.g. button tapped, switch or slider value changed Outlets Access interface elements

739 views • 7 slides
Running Android in a Container How the play store runs on Chrome OS How Android Runs On Chrome

Running Android in a Container How the play store runs on Chrome OS How Android Runs On Chrome

Running Android in a Container How the play store runs on Chrome OS How Android Runs On Chrome OS Chrome Graphics Buffer (Prime FD) Android IPC IPC Chrome IPC Binder System Bridge Bridge (*/init*) Input Events network config, GL,

296 views • 10 slides
A Safe and Stateless Platform - Introduction to Google Chrome OS Security model Google Chrome

A Safe and Stateless Platform - Introduction to Google Chrome OS Security model Google Chrome

A Safe and Stateless Platform - Introduction to Google Chrome OS Security model Google Chrome OS Speed Security - Verified boot Security - Reboot to recover Security for the internet age Current Operating Systems Chrome OS Apps have

424 views • 8 slides
Hex Chrome Exposures from Hex Chrome Exposures from Metal Cladding Work in a Boiler O t b

Hex Chrome Exposures from Hex Chrome Exposures from Metal Cladding Work in a Boiler O t b

Hex Chrome Exposures from Hex Chrome Exposures from Metal Cladding Work in a Boiler O t b October 2012 2012 Luminant Corporate Safety David Friedman, CIH, MSPH, ARM Background Information Situation occurred at a lignite plant in Central

495 views • 25 slides
Actionable Objective Optimization for Suspicious Behavior Detection on Large Bipartite Graphs

Actionable Objective Optimization for Suspicious Behavior Detection on Large Bipartite Graphs

Actionable Objective Optimization for Suspicious Behavior Detection on Large Bipartite Graphs Tong Zhao, Matthew Malir, Meng Jiang DM2 Laboratory Computer Science and Engineering University of Notre Dame Suspicious Behavior on Bipartite Graph

584 views • 40 slides
Fare Actions BART Board of Directors June 13, 2019 Silicon Valley Berryessa Extension Fares

Fare Actions BART Board of Directors June 13, 2019 Silicon Valley Berryessa Extension Fares

Fare Actions BART Board of Directors June 13, 2019 Silicon Valley Berryessa Extension Fares 10-mile Silicon Valley Berryessa Extension adds Milpitas Station and Berryessa/North San Jos Station in Santa Clara County, south of Warm

316 views • 5 slides
CMP244: Extension of the TNUoS tariff notice period National Grid actions Place your chosen

CMP244: Extension of the TNUoS tariff notice period National Grid actions Place your chosen

CMP244: Extension of the TNUoS tariff notice period National Grid actions Place your chosen image here. The four corners must just cover the arrow tips. For covers, the three pictures should be the same size and in a straight line. 4 th

660 views • 49 slides
Chrome OS Internals Josh Triplett josh@joshtriplett.org LinuxCon Europe 2014 Josh Triplett

Chrome OS Internals Josh Triplett josh@joshtriplett.org LinuxCon Europe 2014 Josh Triplett

Chrome OS Internals Josh Triplett josh@joshtriplett.org LinuxCon Europe 2014 Josh Triplett Chrome OS Internals LinuxCon Europe 2014 1 / 43 Overview Intro to Chrome OS Architecture of Chrome OS Verified boot and developer mode Security

1.39k views • 110 slides
Loophole: Timing Attacks on Shared Event Loops in Chrome Pepe Vila & Boris Kpf IMDEA

Loophole: Timing Attacks on Shared Event Loops in Chrome Pepe Vila & Boris Kpf IMDEA

Loophole: Timing Attacks on Shared Event Loops in Chrome Pepe Vila & Boris Kpf IMDEA Software Institute About me Im Pepe @cgvwzq http://vwzq.net/ Some notes about Chrome Chrome was a blackbox for me. Its code base is immense.

622 views • 38 slides
WarningBird: Detecting Suspicious URLs in Twitter Stream NDSS 2012 Sangho Lee and Jong Kim

WarningBird: Detecting Suspicious URLs in Twitter Stream NDSS 2012 Sangho Lee and Jong Kim

WarningBird: Detecting Suspicious URLs in Twitter Stream NDSS 2012 Sangho Lee and Jong Kim POSTECH, Korea February 8, 2012 Suspicious URLs in Twitter Twitter suffers from malicious tweets. Containing URLs for spam, phishing,

332 views • 21 slides
a C h r o m e b o o k t o o Maksim Lin Freelance Android & Chrome App Developer

a C h r o m e b o o k t o o Maksim Lin Freelance Android & Chrome App Developer

Oh the things you could do if you had a C h r o m e b o o k t o o Maksim Lin Freelance Android & Chrome App Developer www.manichord.com So what are Chromebooks, ChromeOS And Chrome (Packaged) Apps? Chromebooks (and

612 views • 28 slides
Clear Chrome Browsing Data 1. Click on the 3 dots on the Chrome Browser and select Settings 2.

Clear Chrome Browsing Data 1. Click on the 3 dots on the Chrome Browser and select Settings 2.

Clear Chrome Browsing Data 1. Click on the 3 dots on the Chrome Browser and select Settings 2. Scroll down to Privacy and security and click on Clear browsing data 3. Select the time frame, then Clear data Google Meet Grid View Issues If you are

297 views • 10 slides
Kick-off: Software Security Analysis Chair for IT Security / I20 Prof. Dr. Claudia Eckert

Kick-off: Software Security Analysis Chair for IT Security / I20 Prof. Dr. Claudia Eckert

Kick-off: Software Security Analysis Chair for IT Security / I20 Prof. Dr. Claudia Eckert Technical University of Munich Dr. Julian Schtte julian.schuette@aisec.fraunhofer.de 5.2.2020 1 / 46 Outline 1. Organization 2. Time Table 3.

755 views • 46 slides
Case 1:19-cv-08365 Document 1 Filed 09/09/19 Page 1 of 36 UNITED STATES DISTRICT COURT

Case 1:19-cv-08365 Document 1 Filed 09/09/19 Page 1 of 36 UNITED STATES DISTRICT COURT

Case 1:19-cv-08365 Document 1 Filed 09/09/19 Page 1 of 36 UNITED STATES DISTRICT COURT SOUTHERN DISTRICT OF NEW YORK STATE OF NEW YORK, STATE OF CALIFORNIA, STATE OF CONNECTICUT, STATE OF DELAWARE, DISTRICT OF COLUMBIA, STATE OF MAINE,

487 views • 36 slides
Evolution of Dynamic Feature Usage in PHP Mark Hills 22nd IEEE International Conference on

Evolution of Dynamic Feature Usage in PHP Mark Hills 22nd IEEE International Conference on

Evolution of Dynamic Feature Usage in PHP Mark Hills 22nd IEEE International Conference on Software Analysis, Evolution, and Reengineering (SANER 2015), ERA Track March 2-4, 2015 Montreal, Canada http://www.rascal-mpl.org 1 PHP Analysis in

516 views • 24 slides
I N T R O D U C T I O N T O W I N E AUSTRALIAN WINE DISCOVERED Australias unique climate and

I N T R O D U C T I O N T O W I N E AUSTRALIAN WINE DISCOVERED Australias unique climate and

I N T R O D U C T I O N T O W I N E AUSTRALIAN WINE DISCOVERED Australias unique climate and landscape have fostered a fiercely independent wine scene, home to a vibrant community of growers, winemakers, viticulturists, and vignerons.

530 views • 51 slides
AGRICULTURAL POLICY AND LAW: NEW DEVELOPMENTS/ PRESSING ISSUES Donald L. Uchtmann and Robert J.

AGRICULTURAL POLICY AND LAW: NEW DEVELOPMENTS/ PRESSING ISSUES Donald L. Uchtmann and Robert J.

AGRICULTURAL POLICY AND LAW: NEW DEVELOPMENTS/ PRESSING ISSUES Donald L. Uchtmann and Robert J. Hauser Department of Agricultural and Consumer Economics University of Illinois at Urbana-Champaign Executive Summary I. 2002 Farm Bill The

779 views • 74 slides
Lehman Brothers International (Europe) (In Administration) Update to MFA members Update to AIMA

Lehman Brothers International (Europe) (In Administration) Update to MFA members Update to AIMA

Lehman Brothers International (Europe) (In Administration) Update to MFA members Update to AIMA members New York 16 November 2010 London 19 November 2010 This document is subject to the confidentiality agreement signed by the members

591 views • 29 slides
ZAMBIA GEORGE B. SAMPA CHIEF PROSTHETIST /ORTHOTIST Demographics: Prevalence ZAMBIA

ZAMBIA GEORGE B. SAMPA CHIEF PROSTHETIST /ORTHOTIST Demographics: Prevalence ZAMBIA

2015/06/18 Policy and Practice Review: ZAMBIA GEORGE B. SAMPA CHIEF PROSTHETIST /ORTHOTIST Demographics: Prevalence ZAMBIA Prevalence: Numeric value: Comments / Additional Notes: Total population size: 14,638,505 Total Zambian population

1.59k views • 10 slides
Environmentally sustainable SANITARY OPTIONS PREPARED BY Lunette for the Let s start with

Environmentally sustainable SANITARY OPTIONS PREPARED BY Lunette for the Let s start with

Environmentally sustainable SANITARY OPTIONS PREPARED BY Lunette for the Let s start with the problem... Conventional Sanitary pads (being plastic) create a favourable environment for growth of bacteria and fungal infections, so users

217 views • 18 slides

More recommend