Abstract
Vulnerability-driven filtering of network data can offer a fast and easy-to-deploy alternative or intermediary to software patching, as exemplified in Shield [Wang et al. 2004]. In this article, we take Shield's vision to a new domain, inspecting and cleansing not just static content, but also dynamic content. The dynamic content we target is the dynamic HTML in Web pages, which have become a popular vector for attacks. The key challenge in filtering dynamic HTML is that it is undecidable to statically determine whether an embedded script will exploit the browser at runtime. We avoid this undecidability problem by rewriting web pages and any embedded scripts into safe equivalents, inserting checks so that the filtering is done at runtime. The rewritten pages contain logic for recursively applying runtime checks to dynamically generated or modified web content, based on known vulnerabilities. We have built and evaluated BrowserShield, a general framework that performs this dynamic instrumentation of embedded scripts, and that admits policies for customized runtime actions like vulnerability-driven filtering. We also explore other applications on top of BrowserShield.
- Altekar, G., Bagrak, I., Burstein, P., and Schultz, A. 2005. OPUS: Online patches and updates for security. Usenix Security Sumposium. Google Scholar
Digital Library
- Anderson, J. P. 1972. Computer Security Technology Planning Study. Vol. II ESD-TR-73-51, Vol. II, Electronic Systems Division, Air Force Systems Command, Hanscom Field, Bedford, MA.Google Scholar
- Apache Foundation 2007. The Apache HTTP server project. http://httpd.apache.org.Google Scholar
- Arbaugh, W. A., Fithen, W. L., and McHugh, J. 2000. Windows of vulnerability: A case study analysis. IEEE Comput. Google Scholar
Digital Library
- Beattie, S., Arnold, S., Cowan, C., Wagle, P., and Wright, C. 2002. Timing the Application of Security Patches for Optimal Uptime. In Large Installation System Administration Conference. Google Scholar
Digital Library
- Bochs 2006. Bochs: The Open Source IA-32 emulation project. http://bochs.sourceforge.net/.Google Scholar
- CERT. 2000. CERT advisory CA-2000-02 malicious HTML tags embedded in client Web requests. http://www.cert.org/advisories/CA-2000-02.html.Google Scholar
- Costa, M., Crowcroft, J., Castro, M., Rowstron, A., Zhou, L., Zhang, L., and Barham, P. 2004. Vigilante: End-to-end containment of Internet worms. In Proceedings of the Symposium on Operating Systems Principles. Google Scholar
Digital Library
- Cox, R. S., Hansen, J. G., Gribble, S. D., and Levy, H. M. 2006. A safety-oriented platform for Web applications. In Proceedings of the IEEE Symposium on Security and Privacy. Google Scholar
Digital Library
- Erlingsson, Ú., Abadi, M., Vrable, M., Budiu, M., and Necula, G. C. 2006. XFI: Software guards for system address spaces. In Proceedings of the Symposium on Operating Systems Design and Implementation. Google Scholar
Digital Library
- Erlingsson, Ú. and Schneider, F. B. 2000a. IRM Enforcement of Java stack inspection. In Proceeding of the IEEE Symposium on Security and Privacy. Google Scholar
Digital Library
- Erlingsson, Ú. and Schneider, F. B. 2000b. SASI enforcement of security policies: A retrospective. New Security Paradigms Workshop. Google Scholar
Digital Library
- Evans, D. and Twyman, A. 1999. Flexible policy-directed code safety. In Proceedings of the IEEE Symposium on Security and Privacy.Google Scholar
- Freedman, M. J., Freudenthal, E., and Mazires, D. 2004. Democratizing content publication with Coral. In Proceedings of the Symposiumon Network Systems Design and Implementation. Google Scholar
Digital Library
- Friedman, M. 2006. Protected mode in Vista IE7. http://blogs.msdn.com/ie/archive/2006/02/09/528963.aspx.Google Scholar
- Garfinkel, T. 2003. Traps and pitfalls: Practical problems in system call interposition based security tools. In Proceedings of the Network and Distributed System Security Conference.Google Scholar
- Garfinkel, T., Pfaff, B., and Rosenblum, M. 2004. Ostia: A delegating architecture for secure system call interposition. In Proceedings of the Network and Distributed System Security Conference.Google Scholar
- Goldberg, I., Wagner, D., Thomas, R., and Brewer, E. A. 1996. A secure environment for untrusted helper applications. In Usenix Security Symposium. Google Scholar
Digital Library
- Greasemonkey. 2007. Greasemonkey. http://greasemonkey.mozdev.org/.Google Scholar
- Jim, T., Swamy, N., and Hicks, M. 2007. Defeating script injection attacks with browser-enforced embedded policies. In Proceedings of the World Wide Web Conference. Google Scholar
Digital Library
- Jones, M. B. 1993. Interposition agents: Transparently interposing user code at the system interface. In Proceedings of the Symposiums on Operating System Principles. Google Scholar
Digital Library
- Joshi, A., King, S. T., Dunlap, G. W., and Chen, P. M. 2005. Detecting past and present intrusions through vulnerability-specific predicates. In Proceedings of the Symposium on Operating System Principles. Google Scholar
Digital Library
- Kiciman, E. and Wang, H. J. 2007. Live monitoring: Using adaptive intstrumentation and analysis to debug and maintain Web applications. In HotOS XI. Google Scholar
Digital Library
- Kim, H.-A. and Karp, B. 2004. Autograph: Toward automated, distributed worm signature detection. Usenix Security Symposium. Google Scholar
Digital Library
- Kiriansky, V., Bruening, D., and Amarasinghe, S. 2002. Secure execution via program shepherding. Usenix Security Symposium. Google Scholar
Digital Library
- Lindholm, T. and Yellin, F. 1999. The Java Virtual Machine Specification, 2nd ED. Sun Microsystem. Google Scholar
Digital Library
- Markham, G. 2006. Content restrictions. http://www.gerv.net/security/content-restrictions/.Google Scholar
- Martin, D. and Schulman, A. 2002. Deanonymizing users of the safeWeb anonymizing service. In USENIX Security Symposium. Google Scholar
Digital Library
- Microsoft. 2004. Microsoft security bulletin MS04-040. http://www.microsoft.com/technet/security/Bulletin/MS04-040.mspx.Google Scholar
- Microsoft. 2005. Microsoft security bulletin summaries and webcasts. http://www.microsoft. com/technet/security/bulletin/summary.mspx.Google Scholar
- Microsoft ISA. 2004. Internet security and acceleration server. http://www.microsoft.com/ isaserver/default.mspx.Google Scholar
- Microsoft SharePoint. 2007. SharePoint. http://www.microsoft.com/sharepoint.Google Scholar
- Mozilla. 2005. Mozilla Foundation security advisories. http://www.mozilla.org/security/announce.Google Scholar
- Newsome, J. and Song, D. 2005. Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software. In Proceedings of the Network and Distributed System Security Conference.Google Scholar
- PaX. 2007. Homepage of PaX. http://pax.grsecurity.net/.Google Scholar
- Romer, T., Voelker, G., Lee, D., Wolman, A., Wong, W., Levy, H., and Bershad, B. 1997. Instrumentation and optimization of Win32/Intel executables using Etch. Usenix NT Workshop. Google Scholar
Digital Library
- Romer, T. H., Lee, D., Voelker, G. M., Wolman, A., Wong, W. A., Baer, J.-L., Bershad, B. N., and Levy, H. M. 1996. The structure and performance of interpreters. In ASPLOS. Google Scholar
Digital Library
- Saltzer, J. H. and Schroeder, M. D. 1973. The protection of information in computer systems. In Proceedings of the Symposium on Operating Systems Principles. Google Scholar
Digital Library
- Secure Computing. 2006. Webwasher SSL Scanner. http://www.securecomputing.com/pdf/WW-SSLscan-PO.pdf.Google Scholar
- Seltzer, L. 2005. Eweek. Anti-virus protection for WMF flaw still inconsistent. http://www. eweek.com/article2/0,1895,1907102,00.asp.Google Scholar
- Singh, S., Estan, C., Varghese, G., and Savage, S. 2004. Automated worm fingerprinting. In Proceedings of the Symposium on Operating Systems Design and Implementation. Google Scholar
Digital Library
- Sirer, E. G., Grimm, R., Gregory, A. J., and Bershad, B. N. 1999. Design and implementation of a distributed virtual machine for networked computers. In Proceedings of the Symposium on Operating Systems Principles. Google Scholar
Digital Library
- Snort. 2005. The Open Source Network intrusion detection system. http://www.snort.org/.Google Scholar
- Ungar, D. and Smith, R. B. 1987. Self: The power of simplicity. In Proceedings of the Conference on Object-Oriented Programming Systems, Languages, and Applications. Google Scholar
Digital Library
- Useful Utilities. 2007. Ezproxy by useful utilities. http://www.usefulutilities.com.Google Scholar
- Valgrind. 2007. Valgrind. http://www.valgrind.org/.Google Scholar
- Virtual Conspiracy. 2005. Windows script decoder. http://www.virtualconspiracy.com.Google Scholar
- Wahbe, R., Lucco, S., Anderson, T., and Graham, S. 1993. Efficient software-based fault isolation. In Proceedings of the Symposium on Operating Systems Principles. Google Scholar
Digital Library
- Waldspurger, C. A. 2002. Memory resource management in VMware ESX server. In Proceedings of the Symposium on Operating Systems Design and Implementation. Google Scholar
Digital Library
- Wang, H. J., Guo, C., Simon, D. R., and Zugenmaier, A. 2004. Shield: Vulnerability-driven network filters for preventing known vulnerability exploits. In Proceedings of the SIGCOMM. Google Scholar
Digital Library
- Wang, Y.-M., Beck, D., Jiang, X., Roussev, R., Verbowski, C., Chen, S., and King, S. 2006. Automated Web patrol with Strider HoneyMonkeys: Finding Web sites that exploit browser vulnerabilities. In Proceedings of the Network and Distributed Systems Security Conference.Google Scholar
- Yu, D., Chander, A., Islam, N., and Serikov, I. 2007. JavaScript instrumentation for browser security. In Proceedings of the Symposium on Principles of Programming Language. Google Scholar
Digital Library
Index Terms
BrowserShield: Vulnerability-driven filtering of dynamic HTML
Recommendations
BrowserShield: vulnerability-driven filtering of dynamic HTML
OSDI '06: Proceedings of the 7th symposium on Operating systems design and implementationVulnerability-driven filtering of network data can offer a fast and easy-to-deploy alternative or intermediary to software patching, as exemplified in Shield [43]. In this paper, we take Shield's vision to a new domain, inspecting and cleansing not just ...
BrowserShield: vulnerability-driven filtering of dynamic HTML
OSDI '06: Proceedings of the 7th USENIX Symposium on Operating Systems Design and Implementation - Volume 7Vulnerability-driven filtering of network data can offer a fast and easy-to-deploy alternative or intermediary to software patching, as exemplified in Shield. In this paper, we take Shield's vision to a new domain, inspecting and cleansing not just ...
A comparative Study of the Safety between Internet Explorer and Firefox
ISISE '12: Proceedings of the 2012 Fourth International Symposium on Information Science and EngineeringInternet Explorer (IE) and Firefox (FX) are two major web browsers today. The safety level of IE and FX is consequently a great concern. In this work, we tried to find out and explain the statistic trend of the vulnerabilities of IE and FX and analyzed ...






Comments