Securing the Web Platform Securing the Web Platform Collin Jackson Stanford University
The Web Platform The Web Platform Dynamic Ubiquitous Dynamic Ubiquitous Interactive Instant updates Interactive Instant updates Pages Web Applications Programs Pages Web Applications Programs
The Web in 1996 The Web in 1996 A security policy is born • A security policy is born • One page, one principal • One page, one principal •
The Web in 2009 The Web in 2009 Many tabs • Many tabs • Many sources of content • Many sources of content • Concurrent sessions • Concurrent sessions •
Meet the Web Attacker Meet the Web Attacker A server with an introduction A server with an introduction
Non ‐ ‐ Assumption Assumption Non "The user is confused" "The user is confused" Blake Ross, Collin Jackson, Nick Miyake, Dan Boneh Boneh, and , and Collin Jackson, Dan Simon, Desney Desney Tan, and Adam Barth. Tan, and Adam Barth. Blake Ross, Collin Jackson, Nick Miyake, Dan Collin Jackson, Dan Simon, John C. Mitchell. Stronger Password Authentication Using John C. Mitchell. Stronger Password Authentication Using An Evaluation of Extended Validation and Picture ‐ An Evaluation of Extended Validation and Picture ‐ in in ‐ ‐ Browser Extensions (USENIX Security 2005) Picture Phishing Attacks (USEC 2007) Browser Extensions (USENIX Security 2005) Picture Phishing Attacks (USEC 2007)
The Web Attacker wants: The Web Attacker wants: Your pixels • Your pixels • Your keystrokes • Your keystrokes • Your messages • Your messages • Your session • Your session • Your browsing history • Your browsing history • Your IP address • Your IP address •
A blacklist approach? A blacklist approach?
Servers are cheap Servers are cheap Domain and hosting: $10 • Domain and hosting: $10 • Domain ‐ ‐ validated HTTPS: $0 validated HTTPS: $0 • Domain • Targeted introductions $1 per 2000 • Targeted introductions $1 per 2000 •
Value of an introduction Value of an introduction
Leveraging the Introduction Leveraging the Introduction Adam Barth, Collin Jackson, and John C. Mitchell. Securing Adam Barth, Collin Jackson, and John C. Mitchell. Securing Browser Frame Communication. (USENIX Security 2008) Browser Frame Communication. (USENIX Security 2008) Your pixels • Your pixels • Helen J. Wang, Xiaofeng Xiaofeng Fan, Jon Howell, and Collin Fan, Jon Howell, and Collin Helen J. Wang, Jackson. Protection and Communication Abstractions for Jackson. Protection and Communication Abstractions for Web Browsers in MashupOS Web Browsers in MashupOS. (SOSP 2007) . (SOSP 2007) Your keystrokes • Your keystrokes • Collin Jackson and Helen J. Wang. Subspace: Secure Cross Collin Jackson and Helen J. Wang. Subspace: Secure Cross ‐ ‐ Domain Communication for Web Mashups Mashups (WWW 2007) (WWW 2007) Domain Communication for Web Your messages • Your messages • Adam Barth, Collin Jackson, and John C. Mitchell. Robust Adam Barth, Collin Jackson, and John C. Mitchell. Robust Your session Defenses for Cross ‐ Defenses for Cross ‐ Site Request Forgery (CCS 2008) Site Request Forgery (CCS 2008) • Your session • Collin Jackson, Andrew Bortz Collin Jackson, Andrew Bortz, Dan , Dan Boneh Boneh, and John C. Mitchell. , and John C. Mitchell. Your browsing history • Your browsing history Protecting Browser State from Web Privacy Attacks (WWW Protecting Browser State from Web Privacy Attacks (WWW • 2006) 2006) Collin Jackson, Adam Barth, Andrew Bortz Bortz, , Weidong Weidong Shao Shao, , Collin Jackson, Adam Barth, Andrew Your IP address • Your IP address and Dan and Dan Boneh Boneh. Protecting Browsers from DNS Rebinding . Protecting Browsers from DNS Rebinding • Attacks (CCS 2007) Attacks (CCS 2007)
Web Attacker vs. Keystrokes Web Attacker vs. Keystrokes awglogin awglogin window.open("https://attacker.com/", " window.open("https://attacker.com /", "awglogin awglogin"); "); window.open("https://attacker.com/", "awglogin"); Adoption: Adoption: 12 12
Web Attacker vs. Messages Web Attacker vs. Messages Could hijack frames and • Could hijack frames and • read their secret messages read their secret messages Proposed a revised • Proposed a revised • protocol protocol Adoption: • Adoption: •
Web Attacker vs. Sessions Web Attacker vs. Sessions
Understanding Referer Referer Privacy Privacy Understanding
Stronger Threat Models Stronger Threat Models Network attacker • Network attacker • Collin Jackson and Adam Barth. ForceHTTPS ForceHTTPS Cookies: A Cookies: A Collin Jackson and Adam Barth. Collin Jackson and Adam Barth. Collin Jackson and Adam Barth. Defense Against Eavesdropping and Pharming Pharming (WWW 2008) (WWW 2008) Beware of Finer ‐ ‐ Grained Origins (W2SP 2008) Grained Origins (W2SP 2008) Defense Against Eavesdropping and Beware of Finer Malware containment • Malware containment • Collin Jackson, Dan Boneh Boneh, and John C. Mitchell. Transaction , and John C. Mitchell. Transaction Collin Jackson, Dan Adam Barth, Collin Jackson, Charles Reis, and the Google Adam Barth, Collin Jackson, Charles Reis, and the Google Generators: Rootkits Generators: Rootkits for the Web ( for the Web (HotSec HotSec 2007) 2007) Chrome Team. The Security Architecture of the Chromium Chrome Team. The Security Architecture of the Chromium Browser (Tech Report) Browser (Tech Report)
The Web in 2019 The Web in 2019 Cheaper introductions • Cheaper introductions • Less confusing authentication • Less confusing authentication • Different problems, same Web Attacker • Different problems, same Web Attacker •
http://www.collinjackson.com www.collinjackson.com/ / http://
Recommend
More recommend
