skip to main content
article

BrowserShield: Vulnerability-driven filtering of dynamic HTML

Published:01 September 2007Publication History
Skip Abstract Section

Abstract

Vulnerability-driven filtering of network data can offer a fast and easy-to-deploy alternative or intermediary to software patching, as exemplified in Shield [Wang et al. 2004]. In this article, we take Shield's vision to a new domain, inspecting and cleansing not just static content, but also dynamic content. The dynamic content we target is the dynamic HTML in Web pages, which have become a popular vector for attacks. The key challenge in filtering dynamic HTML is that it is undecidable to statically determine whether an embedded script will exploit the browser at runtime. We avoid this undecidability problem by rewriting web pages and any embedded scripts into safe equivalents, inserting checks so that the filtering is done at runtime. The rewritten pages contain logic for recursively applying runtime checks to dynamically generated or modified web content, based on known vulnerabilities. We have built and evaluated BrowserShield, a general framework that performs this dynamic instrumentation of embedded scripts, and that admits policies for customized runtime actions like vulnerability-driven filtering. We also explore other applications on top of BrowserShield.

References

  1. Altekar, G., Bagrak, I., Burstein, P., and Schultz, A. 2005. OPUS: Online patches and updates for security. Usenix Security Sumposium. Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. Anderson, J. P. 1972. Computer Security Technology Planning Study. Vol. II ESD-TR-73-51, Vol. II, Electronic Systems Division, Air Force Systems Command, Hanscom Field, Bedford, MA.Google ScholarGoogle Scholar
  3. Apache Foundation 2007. The Apache HTTP server project. http://httpd.apache.org.Google ScholarGoogle Scholar
  4. Arbaugh, W. A., Fithen, W. L., and McHugh, J. 2000. Windows of vulnerability: A case study analysis. IEEE Comput. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. Beattie, S., Arnold, S., Cowan, C., Wagle, P., and Wright, C. 2002. Timing the Application of Security Patches for Optimal Uptime. In Large Installation System Administration Conference. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. Bochs 2006. Bochs: The Open Source IA-32 emulation project. http://bochs.sourceforge.net/.Google ScholarGoogle Scholar
  7. CERT. 2000. CERT advisory CA-2000-02 malicious HTML tags embedded in client Web requests. http://www.cert.org/advisories/CA-2000-02.html.Google ScholarGoogle Scholar
  8. Costa, M., Crowcroft, J., Castro, M., Rowstron, A., Zhou, L., Zhang, L., and Barham, P. 2004. Vigilante: End-to-end containment of Internet worms. In Proceedings of the Symposium on Operating Systems Principles. Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. Cox, R. S., Hansen, J. G., Gribble, S. D., and Levy, H. M. 2006. A safety-oriented platform for Web applications. In Proceedings of the IEEE Symposium on Security and Privacy. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. Erlingsson, Ú., Abadi, M., Vrable, M., Budiu, M., and Necula, G. C. 2006. XFI: Software guards for system address spaces. In Proceedings of the Symposium on Operating Systems Design and Implementation. Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. Erlingsson, Ú. and Schneider, F. B. 2000a. IRM Enforcement of Java stack inspection. In Proceeding of the IEEE Symposium on Security and Privacy. Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. Erlingsson, Ú. and Schneider, F. B. 2000b. SASI enforcement of security policies: A retrospective. New Security Paradigms Workshop. Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. Evans, D. and Twyman, A. 1999. Flexible policy-directed code safety. In Proceedings of the IEEE Symposium on Security and Privacy.Google ScholarGoogle Scholar
  14. Freedman, M. J., Freudenthal, E., and Mazires, D. 2004. Democratizing content publication with Coral. In Proceedings of the Symposiumon Network Systems Design and Implementation. Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. Friedman, M. 2006. Protected mode in Vista IE7. http://blogs.msdn.com/ie/archive/2006/02/09/528963.aspx.Google ScholarGoogle Scholar
  16. Garfinkel, T. 2003. Traps and pitfalls: Practical problems in system call interposition based security tools. In Proceedings of the Network and Distributed System Security Conference.Google ScholarGoogle Scholar
  17. Garfinkel, T., Pfaff, B., and Rosenblum, M. 2004. Ostia: A delegating architecture for secure system call interposition. In Proceedings of the Network and Distributed System Security Conference.Google ScholarGoogle Scholar
  18. Goldberg, I., Wagner, D., Thomas, R., and Brewer, E. A. 1996. A secure environment for untrusted helper applications. In Usenix Security Symposium. Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. Greasemonkey. 2007. Greasemonkey. http://greasemonkey.mozdev.org/.Google ScholarGoogle Scholar
  20. Jim, T., Swamy, N., and Hicks, M. 2007. Defeating script injection attacks with browser-enforced embedded policies. In Proceedings of the World Wide Web Conference. Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. Jones, M. B. 1993. Interposition agents: Transparently interposing user code at the system interface. In Proceedings of the Symposiums on Operating System Principles. Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. Joshi, A., King, S. T., Dunlap, G. W., and Chen, P. M. 2005. Detecting past and present intrusions through vulnerability-specific predicates. In Proceedings of the Symposium on Operating System Principles. Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. Kiciman, E. and Wang, H. J. 2007. Live monitoring: Using adaptive intstrumentation and analysis to debug and maintain Web applications. In HotOS XI. Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. Kim, H.-A. and Karp, B. 2004. Autograph: Toward automated, distributed worm signature detection. Usenix Security Symposium. Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. Kiriansky, V., Bruening, D., and Amarasinghe, S. 2002. Secure execution via program shepherding. Usenix Security Symposium. Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. Lindholm, T. and Yellin, F. 1999. The Java Virtual Machine Specification, 2nd ED. Sun Microsystem. Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. Markham, G. 2006. Content restrictions. http://www.gerv.net/security/content-restrictions/.Google ScholarGoogle Scholar
  28. Martin, D. and Schulman, A. 2002. Deanonymizing users of the safeWeb anonymizing service. In USENIX Security Symposium. Google ScholarGoogle ScholarDigital LibraryDigital Library
  29. Microsoft. 2004. Microsoft security bulletin MS04-040. http://www.microsoft.com/technet/security/Bulletin/MS04-040.mspx.Google ScholarGoogle Scholar
  30. Microsoft. 2005. Microsoft security bulletin summaries and webcasts. http://www.microsoft. com/technet/security/bulletin/summary.mspx.Google ScholarGoogle Scholar
  31. Microsoft ISA. 2004. Internet security and acceleration server. http://www.microsoft.com/ isaserver/default.mspx.Google ScholarGoogle Scholar
  32. Microsoft SharePoint. 2007. SharePoint. http://www.microsoft.com/sharepoint.Google ScholarGoogle Scholar
  33. Mozilla. 2005. Mozilla Foundation security advisories. http://www.mozilla.org/security/announce.Google ScholarGoogle Scholar
  34. Newsome, J. and Song, D. 2005. Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software. In Proceedings of the Network and Distributed System Security Conference.Google ScholarGoogle Scholar
  35. PaX. 2007. Homepage of PaX. http://pax.grsecurity.net/.Google ScholarGoogle Scholar
  36. Romer, T., Voelker, G., Lee, D., Wolman, A., Wong, W., Levy, H., and Bershad, B. 1997. Instrumentation and optimization of Win32/Intel executables using Etch. Usenix NT Workshop. Google ScholarGoogle ScholarDigital LibraryDigital Library
  37. Romer, T. H., Lee, D., Voelker, G. M., Wolman, A., Wong, W. A., Baer, J.-L., Bershad, B. N., and Levy, H. M. 1996. The structure and performance of interpreters. In ASPLOS. Google ScholarGoogle ScholarDigital LibraryDigital Library
  38. Saltzer, J. H. and Schroeder, M. D. 1973. The protection of information in computer systems. In Proceedings of the Symposium on Operating Systems Principles. Google ScholarGoogle ScholarDigital LibraryDigital Library
  39. Secure Computing. 2006. Webwasher SSL Scanner. http://www.securecomputing.com/pdf/WW-SSLscan-PO.pdf.Google ScholarGoogle Scholar
  40. Seltzer, L. 2005. Eweek. Anti-virus protection for WMF flaw still inconsistent. http://www. eweek.com/article2/0,1895,1907102,00.asp.Google ScholarGoogle Scholar
  41. Singh, S., Estan, C., Varghese, G., and Savage, S. 2004. Automated worm fingerprinting. In Proceedings of the Symposium on Operating Systems Design and Implementation. Google ScholarGoogle ScholarDigital LibraryDigital Library
  42. Sirer, E. G., Grimm, R., Gregory, A. J., and Bershad, B. N. 1999. Design and implementation of a distributed virtual machine for networked computers. In Proceedings of the Symposium on Operating Systems Principles. Google ScholarGoogle ScholarDigital LibraryDigital Library
  43. Snort. 2005. The Open Source Network intrusion detection system. http://www.snort.org/.Google ScholarGoogle Scholar
  44. Ungar, D. and Smith, R. B. 1987. Self: The power of simplicity. In Proceedings of the Conference on Object-Oriented Programming Systems, Languages, and Applications. Google ScholarGoogle ScholarDigital LibraryDigital Library
  45. Useful Utilities. 2007. Ezproxy by useful utilities. http://www.usefulutilities.com.Google ScholarGoogle Scholar
  46. Valgrind. 2007. Valgrind. http://www.valgrind.org/.Google ScholarGoogle Scholar
  47. Virtual Conspiracy. 2005. Windows script decoder. http://www.virtualconspiracy.com.Google ScholarGoogle Scholar
  48. Wahbe, R., Lucco, S., Anderson, T., and Graham, S. 1993. Efficient software-based fault isolation. In Proceedings of the Symposium on Operating Systems Principles. Google ScholarGoogle ScholarDigital LibraryDigital Library
  49. Waldspurger, C. A. 2002. Memory resource management in VMware ESX server. In Proceedings of the Symposium on Operating Systems Design and Implementation. Google ScholarGoogle ScholarDigital LibraryDigital Library
  50. Wang, H. J., Guo, C., Simon, D. R., and Zugenmaier, A. 2004. Shield: Vulnerability-driven network filters for preventing known vulnerability exploits. In Proceedings of the SIGCOMM. Google ScholarGoogle ScholarDigital LibraryDigital Library
  51. Wang, Y.-M., Beck, D., Jiang, X., Roussev, R., Verbowski, C., Chen, S., and King, S. 2006. Automated Web patrol with Strider HoneyMonkeys: Finding Web sites that exploit browser vulnerabilities. In Proceedings of the Network and Distributed Systems Security Conference.Google ScholarGoogle Scholar
  52. Yu, D., Chander, A., Islam, N., and Serikov, I. 2007. JavaScript instrumentation for browser security. In Proceedings of the Symposium on Principles of Programming Language. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. BrowserShield: Vulnerability-driven filtering of dynamic HTML

      Recommendations

      Comments

      Login options

      Check if you have access through your login credentials or your institution to get full access on this article.

      Sign in

      Full Access

      • Published in

        cover image ACM Transactions on the Web
        ACM Transactions on the Web  Volume 1, Issue 3
        September 2007
        145 pages
        ISSN:1559-1131
        EISSN:1559-114X
        DOI:10.1145/1281480
        Issue’s Table of Contents

        Copyright © 2007 ACM

        Publisher

        Association for Computing Machinery

        New York, NY, United States

        Publication History

        • Published: 1 September 2007
        Published in tweb Volume 1, Issue 3

        Permissions

        Request permissions about this article.

        Request Permissions

        Check for updates

        Qualifiers

        • article

      PDF Format

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader
      About Cookies On This Site

      We use cookies to ensure that we give you the best experience on our website.

      Learn more

      Got it!