static enforcement of web application integrity
play

Static Enforcement of Web Application Integrity William Robertson - PowerPoint PPT Presentation

Jun 23, 2023 •13 likes •433 views

Static Enforcement of Web Application Integrity William Robertson and Giovanni Vigna { wkr,vigna } @cs.ucsb.edu Computer Security Group UC Santa Barbara 13 August 2009 (UCSB SecLab) Static Web App Integrity Enforcement 13 August 2009 1 / 28

  1. Static Enforcement of Web Application Integrity William Robertson and Giovanni Vigna { wkr,vigna } @cs.ucsb.edu Computer Security Group UC Santa Barbara 13 August 2009 (UCSB SecLab) Static Web App Integrity Enforcement 13 August 2009 1 / 28

  2. Web applications are... ◮ easy to develop (UCSB SecLab) Static Web App Integrity Enforcement 13 August 2009 2 / 28

  3. Web applications are... ◮ easy to develop ◮ easy to deploy (UCSB SecLab) Static Web App Integrity Enforcement 13 August 2009 2 / 28

  4. Web applications are... ◮ easy to develop ◮ easy to deploy ◮ easy to update (UCSB SecLab) Static Web App Integrity Enforcement 13 August 2009 2 / 28

  5. Web applications are... ◮ easy to develop ◮ easy to deploy ◮ easy to update ◮ accessible from everywhere (UCSB SecLab) Static Web App Integrity Enforcement 13 August 2009 2 / 28

  6. ...and broken FAA Review of Web Applications Security and Intrusion Detection in Air Traffic Control Systems Report Number: FI-2009-049 Date Issued: May 4, 2009 (UCSB SecLab) Static Web App Integrity Enforcement 13 August 2009 3 / 28

  7. ...and broken FAA Review of Web Applications Security and Intrusion Detection in Air Traffic Control Systems Report Number: FI-2009-049 Date Issued: May 4, 2009 (UCSB SecLab) Static Web App Integrity Enforcement 13 August 2009 3 / 28

  8. A pervasive problem (UCSB SecLab) Static Web App Integrity Enforcement 13 August 2009 4 / 28

  9. Cross-site scripting <input type="hidden" name="m" value="$var"/> (UCSB SecLab) Static Web App Integrity Enforcement 13 August 2009 5 / 28

  10. Cross-site scripting <input type="hidden" name="m" value="x"/> (UCSB SecLab) Static Web App Integrity Enforcement 13 August 2009 5 / 28

  11. Cross-site scripting <input type="hidden" name="m" value="x"/> <script src="http://evil.com/x.js"> </script> <span id="x"/> (UCSB SecLab) Static Web App Integrity Enforcement 13 August 2009 5 / 28

  12. SQL injection UPDATE users SET passwd=’$var’ WHERE login=’user’ (UCSB SecLab) Static Web App Integrity Enforcement 13 August 2009 6 / 28

  13. SQL injection UPDATE users SET passwd=’l33r0y’ WHERE login=’user’ (UCSB SecLab) Static Web App Integrity Enforcement 13 August 2009 6 / 28

  14. SQL injection UPDATE users SET passwd=’l33r0y’ WHERE login=’admin’--’ WHERE login=’user’ (UCSB SecLab) Static Web App Integrity Enforcement 13 August 2009 6 / 28

  15. Existing solutions ◮ Web application firewalls ◮ Automated static, dynamic analyses ◮ Penetration testing and code auditing (UCSB SecLab) Static Web App Integrity Enforcement 13 August 2009 7 / 28

  16. Why are web apps vulnerable? ◮ Web documents and database queries treated as unstructured character sequences ◮ No knowledge of structure and content at the framework level ◮ Developers responsible for manually sanitizing content ◮ Failure to preserve integrity of document and database query structure (UCSB SecLab) Static Web App Integrity Enforcement 13 August 2009 8 / 28

  17. A language-based solution ◮ Explicitly denote structure and content within language using the type system ◮ Language is responsible for preserving application integrity ◮ Lift burden as much as possible from the developer ◮ No testing, separate analyses, policy specifications ◮ Web application compiles → application is safe (UCSB SecLab) Static Web App Integrity Enforcement 13 August 2009 9 / 28

  18. Framework overview ◮ Haskell-based application framework prototype ◮ Application implemented as set of functions executing within the App monad stack ◮ HTTP requests routed to functions ◮ Functions perform computations and return documents (UCSB SecLab) Static Web App Integrity Enforcement 13 August 2009 10 / 28

  19. Documents Document DocHead DocBody TitleNode LinkNode DivNode DivNode AnchorNode TextNode TextNode (UCSB SecLab) Static Web App Integrity Enforcement 13 August 2009 11 / 28

  20. Document nodes data Node = TextNode { nodeText :: String } | AnchorNode { anchorAttrs :: NodeAttrs, anchorHref :: Maybe Url, ... anchorNodes :: [Node] } | DivNode { divAttrs :: NodeAttrs, divNodes :: [Node] } ... (UCSB SecLab) Static Web App Integrity Enforcement 13 August 2009 12 / 28

  21. Document nodes data Node = TextNode { nodeText :: String } | AnchorNode { anchorAttrs :: NodeAttrs, anchorHref :: Maybe Url, ... anchorNodes :: [Node] } | DivNode { divAttrs :: NodeAttrs, divNodes :: [Node] } ... (UCSB SecLab) Static Web App Integrity Enforcement 13 August 2009 12 / 28

  22. Document nodes data Node = TextNode { nodeText :: String } | AnchorNode { anchorAttrs :: NodeAttrs, anchorHref :: Maybe Url, ... anchorNodes :: [Node] } | DivNode { divAttrs :: NodeAttrs, divNodes :: [Node] } ... (UCSB SecLab) Static Web App Integrity Enforcement 13 August 2009 12 / 28

  23. Document nodes data Node = TextNode { nodeText :: String } | AnchorNode { anchorAttrs :: NodeAttrs, anchorHref :: Maybe Url, ... anchorNodes :: [Node] } | DivNode { divAttrs :: NodeAttrs, divNodes :: [Node] } ... (UCSB SecLab) Static Web App Integrity Enforcement 13 August 2009 12 / 28

  24. Enforcing document integrity ◮ Type system restricts applications to constructing Document trees ◮ f :: HttpRequest -> App Document ◮ Framework is responsible for rendering tree into text (UCSB SecLab) Static Web App Integrity Enforcement 13 August 2009 13 / 28

  25. Document rendering Document <html> <head> DocHead DocBody <title>...</title> </head> <body> <div> TitleNode LinkNode DivNode DivNode <a href="...">...</a> </div> ... <div> </div> AnchorNode TextNode </body> </html> TextNode Web Application Framework (UCSB SecLab) Static Web App Integrity Enforcement 13 August 2009 14 / 28

  26. Node sanitization class Render a where render :: a -> String ◮ Nodes implement Render typeclass ◮ render sanitizes data given context (UCSB SecLab) Static Web App Integrity Enforcement 13 August 2009 15 / 28

  27. Database queries UPDATE users SET passwd=? WHERE login=? ◮ Mechanism already exists to fix query structure – prepared statements ◮ App monad controls access to database functions (UCSB SecLab) Static Web App Integrity Enforcement 13 August 2009 16 / 28

  28. Database queries UPDATE users SET passwd=? WHERE login=? ◮ Mechanism already exists to fix query structure – prepared statements ◮ App monad controls access to database functions (UCSB SecLab) Static Web App Integrity Enforcement 13 August 2009 16 / 28

  29. Enforcing static query integrity Application AppConfig AppState AppIO IO (UCSB SecLab) Static Web App Integrity Enforcement 13 August 2009 17 / 28

  30. Not all queries are static SELECT * FROM users WHERE login IN (’admin’) (UCSB SecLab) Static Web App Integrity Enforcement 13 August 2009 18 / 28

  31. Not all queries are static SELECT * FROM users WHERE login IN (’admin’, ’devel’) (UCSB SecLab) Static Web App Integrity Enforcement 13 August 2009 18 / 28

  32. Not all queries are static SELECT * FROM users WHERE login IN (’admin’, ’devel’, ’test’) (UCSB SecLab) Static Web App Integrity Enforcement 13 August 2009 18 / 28

  33. Enforcing dynamic query integrity SELECT ["*"] ["users"] IN "login" SET "admin" "devel" "test" (UCSB SecLab) Static Web App Integrity Enforcement 13 August 2009 19 / 28

  34. Sanitization evaluation ◮ Performed control flow analysis of framework to evaluate coverage of sanitization functions ◮ Evaluated correctness of individual sanitization functions (UCSB SecLab) Static Web App Integrity Enforcement 13 August 2009 20 / 28

  35. Sanitization function coverage (UCSB SecLab) Static Web App Integrity Enforcement 13 August 2009 21 / 28

  36. Sanitization function correctness ◮ Test-driven approach to check correctness ◮ Number of invariants manually specified ◮ 1,000,000 random test cases generated using QuickCheck ◮ Test cases for malicious examples (UCSB SecLab) Static Web App Integrity Enforcement 13 August 2009 22 / 28

  37. Sanitization function invariants propAttrValueSafe :: AttrValue -> Bool propAttrValueSafe input = (not $ elem ’<’ output) && (not $ elem ’>’ output) && (not $ elem ’&’ $ stripEntities output) && (not $ elem ’"’ output) where output = render input (UCSB SecLab) Static Web App Integrity Enforcement 13 August 2009 23 / 28

  38. Performance ◮ Implemented web application using three frameworks ◮ Haskell ◮ Pylons ◮ Tomcat ◮ Evaluated throughput and latency (UCSB SecLab) Static Web App Integrity Enforcement 13 August 2009 24 / 28

  39. Latency (UCSB SecLab) Static Web App Integrity Enforcement 13 August 2009 25 / 28

  40. Throughput (UCSB SecLab) Static Web App Integrity Enforcement 13 August 2009 26 / 28

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Specication and Enforcement of Static Specication and Enforcement of Static Separation-of-Duty

Specication and Enforcement of Static Specication and Enforcement of Static Separation-of-Duty

Specication and Enforcement of Static Specication and Enforcement of Static Separation-of-Duty Policies in Usage Control Jianfeng Lu, Ruixuan Li, Zhengding Lu, Ji Jinwei Hu, and Xiaopu Ma i H d Xi M Huazhong University of Science and

625 views • 25 slides
Gatekeeper Mostly Static Enforcement of Security &amp; Reliability Policies for JavaScript Code

Gatekeeper Mostly Static Enforcement of Security &amp; Reliability Policies for JavaScript Code

Gatekeeper Mostly Static Enforcement of Security &amp; Reliability Policies for JavaScript Code Salvatore Guarnieri, University of Washington Ben Livshits, Microsoft Research 1 alert (hi); program malicious Catch me if you can dont

828 views • 26 slides
KILOBAR KILOBAR KILOBAR INTEGRITY KILOBAR KILOBAR KILOBAR KILOBAR INTEGRITY KILOBAR

KILOBAR KILOBAR KILOBAR INTEGRITY KILOBAR KILOBAR KILOBAR KILOBAR INTEGRITY KILOBAR

KILOBAR KILOBAR KILOBAR INTEGRITY KILOBAR KILOBAR KILOBAR KILOBAR INTEGRITY KILOBAR INTEGRITY INTEGRITY INTEGRITY INTEGRITY INTEGRITY INTEGRITY Blockchain &amp; Security Ruth Crowell, Chief Executive Asia Pacific Precious Metals

460 views • 10 slides
Preserving Linked Data on the Semantic Web by the application of Link Integrity techniques from

Preserving Linked Data on the Semantic Web by the application of Link Integrity techniques from

Preserving Linked Data on the Semantic Web by the application of Link Integrity techniques from Hypermedia Rob Vesse, Wendy Hall and Les Carr {rav08r,wh,lac}@ecs.soton.ac.uk 27 April 2010 Link Integrity Aims to ensure that a Link is valid

430 views • 14 slides
Module 5: Implementing Data Integrity Overview Types of Data Integrity Enforcing Data

Module 5: Implementing Data Integrity Overview Types of Data Integrity Enforcing Data

Module 5: Implementing Data Integrity Overview Types of Data Integrity Enforcing Data Integrity Defining Constraints Types of Constraints Disabling Constraints Using Defaults and Rules Deciding Which Enforcement Method

260 views • 23 slides
Static Code Analysis of Complex PHP Application Vulnerabilities Johannes Dahse Static Code

Static Code Analysis of Complex PHP Application Vulnerabilities Johannes Dahse Static Code

Static Code Analysis Automatisierte Sicherheitsanalyse of Complex PHP Application Vulnerabilities von Webapplikationen Static Code Analysis of Complex PHP Application Vulnerabilities Johannes Dahse Static Code Analysis Automatisierte

1.48k views • 89 slides
in Hungary Enforcement procedure Procedure after Ordering enforcement enforcement order

in Hungary Enforcement procedure Procedure after Ordering enforcement enforcement order

Monitoring of enforcement in Hungary Enforcement procedure Procedure after Ordering enforcement enforcement order Ordering enforcement Authorities court notary public Enforcement order certificate of enforcement

540 views • 12 slides
Static and Method Overloading static One per class, not per object static variables

Static and Method Overloading static One per class, not per object static variables

Static and Method Overloading static One per class, not per object static variables all instances of the class share the same static variable example: serial/VIN number for Car static methods invoked through class

324 views • 7 slides
Reducing the overhead of direct application instrumentation using prior static analysis 3 rd May

Reducing the overhead of direct application instrumentation using prior static analysis 3 rd May

Mitglied der Helmholtz-Gemeinschaft Reducing the overhead of direct application instrumentation using prior static analysis 3 rd May 2011 | Jan Muler, Daniel Lorenz, Felix Wolf Overview Performance analysis with Scalasca Filtering

435 views • 19 slides
Hardware Enforcement of Application Security Policies Using Tagged Memory Nickolai Zeldovich,

Hardware Enforcement of Application Security Policies Using Tagged Memory Nickolai Zeldovich,

Faculty of Computer Science Institute for System Architecture, Operating Systems Group Hardware Enforcement of Application Security Policies Using Tagged Memory Nickolai Zeldovich, Hari Kannan, Michael Dalton and Christos Kozyrakis Dresden,

553 views • 14 slides
Static Analysis For Improved Application Performance And Quality Eric Cloninger

Static Analysis For Improved Application Performance And Quality Eric Cloninger

Static Analysis For Improved Application Performance And Quality Eric Cloninger (ericc@motorola.com) Product Line Manager, Development Tools Motorola Mobility Housekeeping bit.ly bundle for all content - http://bitly.com/nwJ1Jj @ecmoto

401 views • 19 slides
1 Static Equilibrium From Static Eq. to Dynamic Eq. System of mass points Static

1 Static Equilibrium From Static Eq. to Dynamic Eq. System of mass points Static

Static/ Dynamic Deformation I ntroduction to Static deformation Dynamic deformation Static/ Dynamic Deformation with Mass-Spring Systems undeformed shape f internal + = f inertia = 0 f external Min Gyu Choi deformed

426 views • 4 slides
ilab Lab 3 Dynamic Routing Static Routing TCP/ IP ISO/ OSI Concepts, Hardware, Software

ilab Lab 3 Dynamic Routing Static Routing TCP/ IP ISO/ OSI Concepts, Hardware, Software

Lehrstuhl fr Netzarchitekturen und Netzdienste Institut fr Informatik Technische Universitt Mnchen ilab Lab 3 Dynamic Routing Static Routing TCP/ IP ISO/ OSI Concepts, Hardware, Software Minicom Application Application

722 views • 24 slides
14.471: Public Economics Tax Enforcement Emmanuel Saez MIT: Fall 2009 1 Tax Enforcement

14.471: Public Economics Tax Enforcement Emmanuel Saez MIT: Fall 2009 1 Tax Enforcement

14.471: Public Economics Tax Enforcement Emmanuel Saez MIT: Fall 2009 1 Tax Enforcement Problem Most models of optimal taxation (income or commodity) as- sume away enforcement issues. In practice: 1) Enforcement is costly (eats up around 10%

1.12k views • 45 slides
JOINT ENFORCEMENT AGREEMENT SE DIVISION Cooperative Enforcement Program Joint Enforcement

JOINT ENFORCEMENT AGREEMENT SE DIVISION Cooperative Enforcement Program Joint Enforcement

Assistant Commander Brandi Reeder Law Enforcement Division - Fisheries Law Administrator JOINT ENFORCEMENT AGREEMENT SE DIVISION Cooperative Enforcement Program Joint Enforcement Agreement One of the most effective programs in NOAAs

600 views • 30 slides
Need for concerted efforts to implement research integrity in academic institutions Presented by

Need for concerted efforts to implement research integrity in academic institutions Presented by

Need for concerted efforts to implement research integrity in academic institutions Presented by ANWAR ALI SIDDIQUI The Aga Khan University Karachi, Pakistan INTRODUCTION Research integrity is the coherent and consistent application of

628 views • 14 slides
H OW TO INCORPORATE EFFECTS ? Effects are . . . global store (i.e. references),

H OW TO INCORPORATE EFFECTS ? Effects are . . . global store (i.e. references),

O N THE EXPRESSIVENESS OF EFFECT HANDLERS AND MONADIC REFLECTION Yannick Forster supvervised by Ohad Kammar and Marcelo Fiore Introduction Approach Expressiveness Conclusion A LITTLE SURVEY Who has ever tried to prove a functional program

479 views • 22 slides
QueryArrow: Semantically Unified Query and Update of Heterogeneous Data Stores Hao Xu

QueryArrow: Semantically Unified Query and Update of Heterogeneous Data Stores Hao Xu

QueryArrow: Semantically Unified Query and Update of Heterogeneous Data Stores Hao Xu xuhao@renci.org Ben Keller Antoine de Torcy Jason Coposky University of North Carolina at Chapel Hill June 14, 2017 Xu (UNC CH) QueryArrow June 14, 2017

447 views • 15 slides
These slides borrowed from http://www.ece.northwestern.edu/~kcoloma/ece361/lectures/Lec03-isa.pdf

These slides borrowed from http://www.ece.northwestern.edu/~kcoloma/ece361/lectures/Lec03-isa.pdf

These slides borrowed from http://www.ece.northwestern.edu/~kcoloma/ece361/lectures/Lec03-isa.pdf ECE C61 Computer Architecture Lecture 3 Instruction Set Architecture Prof. Alok N. Choudhary choudhar@ece.northwestern.edu ECE 361 3-1

716 views • 44 slides
Normalization by Evaluation in the Delay Monad Andreas Abel 1 James Chapman 2 1 Department of

Normalization by Evaluation in the Delay Monad Andreas Abel 1 James Chapman 2 1 Department of

Normalization by Evaluation in the Delay Monad Andreas Abel 1 James Chapman 2 1 Department of Computer Science and Engineering Gothenburg University, Sweden 2 Computer and Information Sciences Strathclyde University Types for Proofs and Programs

483 views • 19 slides
Monad Education Supported by Visualizations Tim Steenvoorden Jurrin Stutterheim Erik

Monad Education Supported by Visualizations Tim Steenvoorden Jurrin Stutterheim Erik

Monad Education Supported by Visualizations Tim Steenvoorden Jurrin Stutterheim Erik Barendsen Rinus Plasmeijer TFPiE, June 7 , 2016 Contents Monads are di fg icult for students What can help? What did we try? How did

509 views • 32 slides
A Monadic Approach to Certified Exact Real Arithmetic Russell OConnor Radboud University

A Monadic Approach to Certified Exact Real Arithmetic Russell OConnor Radboud University

A Monadic Approach to Certified Exact Real Arithmetic Russell OConnor Radboud University Nijmegen TYPES / TFP 2006 April 19, 2006 Certified Real Arithmetic Arbitrary precision real number computation We have fast complex libraries

319 views • 30 slides
Dynamic Coalgebraic Modalities Raul Andres Leal 1 &amp; Helle Hvid Hansen 2 1 ILLC Universiteit

Dynamic Coalgebraic Modalities Raul Andres Leal 1 &amp; Helle Hvid Hansen 2 1 ILLC Universiteit

Introduction The quest for Axioms The dark side of the moon Dynamic Coalgebraic Modalities Raul Andres Leal 1 &amp; Helle Hvid Hansen 2 1 ILLC Universiteit van Amsterdam 2 Eindhoven University of Technology, Centrum Wiskunde &amp; Informatica,

809 views • 43 slides
A Combinatorial Language for Put-based Bidirectional Programming Hugo Pacheco National Institute

A Combinatorial Language for Put-based Bidirectional Programming Hugo Pacheco National Institute

A Combinatorial Language for Put-based Bidirectional Programming Hugo Pacheco National Institute of Informatics, Tokyo, Japan IPL Meeting Tokyo - July 2nd, 2013 Bidirectional Transformations (BXs) A mechanism for maintaining the

729 views • 41 slides

More recommend