web security browsers
play

Web Security: Browsers CS 161: Computer Security Prof. David Wagner - PowerPoint PPT Presentation

Jan 08, 2024 •1.09k likes •1.51k views

Web Security: Browsers CS 161: Computer Security Prof. David Wagner February 19, 2013 Announcements Midterm 1: in class, next Monday, here Midterm review session: Saturday 2/22, 2-4pm, 100 GPB Project 1 is now out; due Monday 3/3

  1. Web Security: Browsers CS 161: Computer Security Prof. David Wagner February 19, 2013

  2. Announcements • Midterm 1: in class, next Monday, here • Midterm review session: Saturday 2/22, 2-4pm, 100 GPB • Project 1 is now out; due Monday 3/3 • HW1 solutions are posted • No discussion sections next week

  3. Goals For Today • Web security challenges that are specific to web browsers – Quick reminder: web “ driveby ” attacks – Social engineering users: Clickjacking • Server-side solutions cannot fix these problems

  4. Dynamic Web Pages • Rather than static HTML, web pages can be expressed as a program, say written in Javascript : <title>Javascript demo page</title> <font size=30> Threats? Hello, <b> <script> Or what else? Or what else? var a = 1; Java, Flash, var b = 2; Active-X, PDF … document.write("world: ", a+b, "</b>"); </script>

  5. Drive-By Downloads Drive-By download = attack that infects your system just by you visiting a (malicious) web page. Your are now 0wnd!

  13. Defenses Against Driveby Attacks • Sandboxing: rich content (PDF, Flash, …) runs in a constrained environment – Implements Least Privilege • Disable unneeded functionality – Excessive featurism kills! – But not always practical • Patching / autoupdate – Still a race, and can be disruptive • Control exposure to untrusted sites – E.g., Google Safe Browsing : dynamically updated list of malware & phishing sites – Browser warns on any access …

  14. Misleading Users • Browser assumes clicks & keystrokes = clear indication of what the user wants to do – Constitutes part of the user’s trusted path • Attacker can meddle with integrity of this relationship in all sorts of ways …

  16. Stealing Keystrokes (demo)

  17. Misleading Users • Browser assumes clicks & keystrokes = clear indication of what the user wants to do – Constitutes part of the user’s trusted path • Attacker can meddle with integrity of this relationship in all sorts of ways … • Especially, recall the power of Javascript! – Alter page contents (dynamically) – Track events (mouse clicks, motion, keystrokes) – Read/set cookies – Issue web requests, read replies

  18. Using JS to Steal Facebook Likes Claim your FREE iPad • Bait-and-switch • Note: many of these attacks are similar to TOCTTOU (Time of Check to Time of Use) vulnerabilities From Clickjacking: Attacks and Defenses , by Lin-Shung Huang et al, Carnegie Mellon University / Microsoft Research

  19. UI Subversion: Clickjacking • An attack application (script) compromises the context integrity of another application’s User Interface when the user acts on the UI Visual integrity Context integrity consists of Target is visible visual integrity + temporal integrity Pointer is visible 1. Target checked 2. Initiate click 3. Target clicked Temporal integrity Target clicked = Target checked Pointer clicked = Pointer checked From Clickjacking: Attacks and Defenses , by Lin-Shung Huang et al, Carnegie Mellon University / Microsoft Research

  20. Compromise visual integrity – target • Hiding the target • Partial overlays $0.15 $0.15 Click From Clickjacking: Attacks and Defenses , by Lin-Shung Huang et al, Carnegie Mellon University / Microsoft Research

  21. Compromise visual integrity – pointer • Manipulating cursor feedback Claim your FREE iPad From Clickjacking: Attacks and Defenses , by Lin-Shung Huang et al, Carnegie Mellon University / Microsoft Research

  22. Clickjacking to Access the User’s Webcam Fake cursor Real cursor From Clickjacking: Attacks and Defenses , by Lin-Shung Huang et al, Carnegie Mellon University / Microsoft Research

  23. Some Clickjacking Defenses • Require confirmation for actions (annoys users) • Frame-busting: Web site ensures that its “ vulnerable ” pages can’t be included as a frame inside another browser frame – So user can’t be looking at it with something invisible overlaid on top … – … nor have the site invisible above something else

  24. Attacker implements this attack by placing Twitter’s page in a “ Frame ” inside their own page. Otherwise the two pages wouldn’t overlap.

  25. Some Clickjacking Defenses • Require confirmation for actions (annoys users) • Frame-busting: Web site ensures that its “ vulnerable ” pages can’t be included as a frame inside another browser frame – So user can’t be looking at it with something invisible overlaid on top … – … nor have the site invisible above something else • Conceptually implemented with Javascript like: if ¡(top.location ¡!= ¡self.location) ¡ ¡ ¡ ¡ ¡top.location ¡= ¡self.location; ¡ (Note: actually quite tricky to get this right!) � • Current research considers more general approach … �

  26. InContext Defense (Research) • A set of techniques to ensure context integrity for user actions • Server opt-in approach – Let websites indicate their sensitive UIs – Let browsers enforce context integrity when users act on the sensitive UIs attacker.com attacker.com From Clickjacking: Attacks and Defenses , by Lin-Shung Huang et al, Carnegie Mellon University / Microsoft Research

  27. Ensuring visual integrity of pointer • Remove cursor customization – Attack success: 43% -> 16% From Clickjacking: Attacks and Defenses , by Lin-Shung Huang et al, Carnegie Mellon University / Microsoft Research

  28. Ensuring visual integrity of pointer • Freeze screen around target on pointer entry – Attack success: 43% -> 15% – Attack success (margin=10px): 12% – Attack success (margin=20px): 4% (baseline:5%) Margin=10px Margin=20px From Clickjacking: Attacks and Defenses , by Lin-Shung Huang et al, Carnegie Mellon University / Microsoft Research

  29. Ensuring visual integrity of pointer • Lightbox effect around target on pointer entry – Attack success (Freezing + lightbox): 2% From Clickjacking: Attacks and Defenses , by Lin-Shung Huang et al, Carnegie Mellon University / Microsoft Research

  30. Enforcing temporal integrity • UI delay: after visual changes on target or pointer, invalidate clicks for X ms – Attack success (delay=250ms): 47% -> 2% (2/91) – Attack success (delay=500ms): 1% (1/89) From Clickjacking: Attacks and Defenses , by Lin-Shung Huang et al, Carnegie Mellon University / Microsoft Research

  31. Enforcing temporal integrity • Pointer re-entry: after visual changes on target, invalidate clicks until pointer re-enters target – Attack success: 0% (0/88) 31 From Clickjacking: Attacks and Defenses , by Lin-Shung Huang et al, Carnegie Mellon University / Microsoft Research

  32. Other Forms of UI Sneakiness • Along with stealing events, attackers can use power of Javascript customization / dynamic changes to mess with the user ’ s mind … � • For example, the user may not be paying sufficient attention ... � – Tabnabbing � • Or they might find themselves living in The Matrix … �

  33. “ Browser in Browser ” Apparent browser is just a fully interactive image generated by Javascript running in real browser!

  34. Lessons • Clickjacking is an injection attack on the human brain • Trusted path is critical to security • The web security model was not designed with trusted path in mind • Changing the web security model is challenging, because of legacy constraints

  35. Discussion • So, how do these lessons apply to desktop applications? • Compare the security model for desktop apps: – Are desktop apps safer against these attacks? – Are desktop apps riskier against these attacks?

  37. Discussion • So, how do these lessons apply to mobile (smartphone/tablet) apps? • Compare the security model for mobile apps: – Are mobile apps safer against these attacks? – Are mobile apps riskier against these attacks?

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

HTTP SECURITY HEADERS (Protection For Browsers) BIO Emmanuel JK Gbordzor ISO 27001 LI, CISA,

HTTP SECURITY HEADERS (Protection For Browsers) BIO Emmanuel JK Gbordzor ISO 27001 LI, CISA,

HTTP SECURITY HEADERS (Protection For Browsers) BIO Emmanuel JK Gbordzor ISO 27001 LI, CISA, CCNA, CCNA- Security, ITILv3, 11 years in IT About 2 years In Security Information Security Manager @ PaySwitch Head, Network &amp;

726 views • 27 slides
Print Books with Browsers Designing books in browsers using Paged.js Julie Blanc (@julieblancfr)

Print Books with Browsers Designing books in browsers using Paged.js Julie Blanc (@julieblancfr)

Print Books with Browsers Designing books in browsers using Paged.js Julie Blanc (@julieblancfr) Digital Publishing Summit May 26, 2019 Automated typesetting and pagination for print Make PDF outputs of HTML contents from browsers Flux

823 views • 67 slides
Extension Breakdown: Security Analysis of Browsers Extension Resources Control Policies

Extension Breakdown: Security Analysis of Browsers Extension Resources Control Policies

Extension Breakdown: Security Analysis of Browsers Extension Resources Control Policies Iskander Sanchez-Rola, Igor Santos, Davide Balzarotti Extensions Browser extensions are the most popular technique currently available to extend the

722 views • 38 slides
An Analysis of Private Browsing Modes in Modern Browsers

An Analysis of Private Browsing Modes in Modern Browsers

Stanford Computer Security Lab An Analysis of Private Browsing Modes in Modern Browsers Gaurav Aggarwal, Elie Bursztein, Collin Jackson, Dan Boneh Usenix

653 views • 40 slides
Browsers: Critical Infrastructure Ubiquitous: many platforms, sensitive apps Vulnerable:

Browsers: Critical Infrastructure Ubiquitous: many platforms, sensitive apps Vulnerable:

Browser Security Guarantees through Formal Shim Verification Zachary Tatlock Dongseok Jang Sorin Lerner UC San Diego Browsers: Critical Infrastructure Ubiquitous: many platforms, sensitive apps Vulnerable: Pwn2Own, just a click to

862 views • 73 slides
chromozoom.org rethinking the UI of genome browsers Ted Pak Roth Laboratory Donnelly Centre,

chromozoom.org rethinking the UI of genome browsers Ted Pak Roth Laboratory Donnelly Centre,

chromozoom.org rethinking the UI of genome browsers Ted Pak Roth Laboratory Donnelly Centre, University of Toronto Samuel Lunenfeld Research Institute, Mt. Sinai Hospital genome browsers: lots of data small viewable area UCSC, GBrowse,

418 views • 24 slides
Trusted Browsers for Uncertain Times David Kohlbrenner and Hovav Shacham UC San Diego Building

Trusted Browsers for Uncertain Times David Kohlbrenner and Hovav Shacham UC San Diego Building

Trusted Browsers for Uncertain Times David Kohlbrenner and Hovav Shacham UC San Diego Building a browser that can provably mitigate timing attacks Trusted Browsers Time and web browsers Mitigating attacks for A trusted browser

1.39k views • 85 slides
02. Web browsers and Web applications Nataliia Bielova

02. Web browsers and Web applications Nataliia Bielova

02. Web browsers and Web applications Nataliia Bielova @nataliabielova September 17 th , 2018 Web Privacy course University of Trento Today s class What is Web

647 views • 36 slides
Lecture 13 Transport Layer Security/ Secure Socket Layer (TLS/SSL) (Chapter 9 in KPS) SSL:

Lecture 13 Transport Layer Security/ Secure Socket Layer (TLS/SSL) (Chapter 9 in KPS) SSL:

Lecture 13 Transport Layer Security/ Secure Socket Layer (TLS/SSL) (Chapter 9 in KPS) SSL: Secure Sockets Layer v widely deployed security v original goals: protocol Web e-commerce supported by almost all transactions browsers, web

570 views • 21 slides
Lecture 14 Transport Layer Security/ Secure Socket Layer (TLS/SSL) (Chapter 9 in KPS) SSL:

Lecture 14 Transport Layer Security/ Secure Socket Layer (TLS/SSL) (Chapter 9 in KPS) SSL:

Lecture 14 Transport Layer Security/ Secure Socket Layer (TLS/SSL) (Chapter 9 in KPS) SSL: Secure Sockets Layer v widely deployed security v original goals: protocol Web e-commerce transactions supported by almost all browsers,

609 views • 21 slides
Producing media content for the browsers using GPAC Romain Bouqueau (GPAC Licensing) Cyril

Producing media content for the browsers using GPAC Romain Bouqueau (GPAC Licensing) Cyril

Producing media content for the browsers using GPAC Romain Bouqueau (GPAC Licensing) Cyril Concolato (Telecom ParisTech) 1 GPAC - FOSDEM 2015 Web &amp; Media Web Browsers are more and more capable of playing media data Either simply

171 views • 16 slides
Why are Web Browsers Slow on Smartphones? Zhen Wang (Rice) Felix Xiaozhu Lin (Rice) Lin Zhong

Why are Web Browsers Slow on Smartphones? Zhen Wang (Rice) Felix Xiaozhu Lin (Rice) Lin Zhong

Why are Web Browsers Slow on Smartphones? Zhen Wang (Rice) Felix Xiaozhu Lin (Rice) Lin Zhong (Rice) Mansoor Chishtie (TI) WINDOW TO THE CLOUD 2 Mobile browsers are slow 17 sec Nexus One (N1) HTC Dream (G1) 13 sec 12 sec 8 sec Top 10

745 views • 58 slides
The PUNCH Portal to Internet Computing: Run Any Software Anywhere via WWW Browsers Nirav H.

The PUNCH Portal to Internet Computing: Run Any Software Anywhere via WWW Browsers Nirav H.

The PUNCH Portal to Internet Computing: Run Any Software Anywhere via WWW Browsers Nirav H. Kapadia Jos e A. B. Fortes Mark S. Lundstrom School of Electrical and Computer Engineering Purdue University I. Introduction to PUNCH II. System

950 views • 47 slides
Applications and Applets An applet is a program delivered via the web security issues,

Applications and Applets An applet is a program delivered via the web security issues,

Applications and Applets An applet is a program delivered via the web security issues, sandbox model where does code/images/etc come from? How is it delivered? what browsers support the 1.1 AWT event model (what about 1.2)? Use

382 views • 3 slides
Ensuring Resource Trust and Integrity in Web Browsers using Blockchain Technology Benjamin

Ensuring Resource Trust and Integrity in Web Browsers using Blockchain Technology Benjamin

Introduction Conceptual Overview Peer Review Process Conclusion Ensuring Resource Trust and Integrity in Web Browsers using Blockchain Technology Benjamin Leiding 1 Clemens H. Cap 2 1 University of Gttingen, Germany

476 views • 21 slides
How to Run your Favorite Language on Web Browsers The Revenge of Virtual Machines Paris, le 4

How to Run your Favorite Language on Web Browsers The Revenge of Virtual Machines Paris, le 4

Benjamin Canou, Emmanuel Chailloux and Jrme Vouillon . . . How to Run your Favorite Language on Web Browsers The Revenge of Virtual Machines Paris, le 4 octobre 2011 WWW 2012, Lyon, France . Introduction . . Introduction 3/20 What

341 views • 20 slides
High Resolution Rapid Refresh Model Brian Blaylock and Dr. John Horel Department of Atmospheric

High Resolution Rapid Refresh Model Brian Blaylock and Dr. John Horel Department of Atmospheric

Multi- year Analytics of NOAAs High Resolution Rapid Refresh Model Brian Blaylock and Dr. John Horel Department of Atmospheric Sciences University of Utah March 21, 2018 Salt Lake City, Utah 1 Open Science Grid All-hands Meeting What is

424 views • 38 slides
Having Fun with OpenCV Instructor - Simon Lucey 16-423 - Designing Computer Vision Apps ? 2010

Having Fun with OpenCV Instructor - Simon Lucey 16-423 - Designing Computer Vision Apps ? 2010

Having Fun with OpenCV Instructor - Simon Lucey 16-423 - Designing Computer Vision Apps ? 2010 2015 Ideal Von Neumann Processor each cycle, CPU takes data from registers, does an operation, and puts the result back load/store

895 views • 53 slides
San Jos, Costa Rica September 29th, 2016 CIX - Soluo de entroncamento para participantes -

San Jos, Costa Rica September 29th, 2016 CIX - Soluo de entroncamento para participantes -

San Jos, Costa Rica September 29th, 2016 CIX - Soluo de entroncamento para participantes - IX.br Report of the 2016 Olympic Games LACNIC 26 Sep 26-30, 2016 in San Jos, CR IX.br IX.br(PTT.br) Report of the 2016 Olympic

715 views • 42 slides
On the freeze operator in constraint LTL Stphane Demri LSV, ENS de Cachan Joint work with

On the freeze operator in constraint LTL Stphane Demri LSV, ENS de Cachan Joint work with

On the freeze operator in constraint LTL Stphane Demri LSV, ENS de Cachan Joint work with Ranko Lazi c and David Nowak On the freeze operatorin constraint LTL p. 1 Constraint systems Constraint system: D = D, ( R ) I

487 views • 28 slides
Student Presentation: Mobile Technologies Talk: Mobile Technology GROUP to research, master

Student Presentation: Mobile Technologies Talk: Mobile Technology GROUP to research, master

CS 528 Mobile and Ubiquitous Computing Lecture 7a : Ubicomp: Human Activity Recognition (HAR) Emmanuel Agu Student Presentation: Mobile Technologies Talk: Mobile Technology GROUP to research, master and present on any TWO mobile

708 views • 46 slides
Me Meta Lear Learnin ing A Bri Brief Introduct ction Xiachong Feng TG Ph.D. Student

Me Meta Lear Learnin ing A Bri Brief Introduct ction Xiachong Feng TG Ph.D. Student

Me Meta Lear Learnin ing A Bri Brief Introduct ction Xiachong Feng TG Ph.D. Student 2018-12-01 Ou Outline Introduction to Meta Learning Types of Meta-Learning Models Papers: Optimization as a model for few-shot

745 views • 60 slides
SEARCH FOR NEUTRINOLESS DOUBLE BETA DECAY WITH GERDA Luciano Pandola INFN, Laboratori Nazionali

SEARCH FOR NEUTRINOLESS DOUBLE BETA DECAY WITH GERDA Luciano Pandola INFN, Laboratori Nazionali

SEARCH FOR NEUTRINOLESS DOUBLE BETA DECAY WITH GERDA Luciano Pandola INFN, Laboratori Nazionali del Sud IHEP, Beijing, May 17 th , 2017 IHEP, Beijing, 17 May 2017 2 Neutrino-accompained double beta decay (A,Z+ 1) + + + (

807 views • 53 slides
Derivative pricing in fractional SABR model Tai-Ho Wang Conference Honoring Jim Gatherals 60th

Derivative pricing in fractional SABR model Tai-Ho Wang Conference Honoring Jim Gatherals 60th

SABR Bridge representation Small time approximations Heuristic LDP TVO pricing in fSABR Derivative pricing in fractional SABR model Tai-Ho Wang Conference Honoring Jim Gatherals 60th Birthday Courant Institute of Mathematical Sciences

966 views • 51 slides

More recommend