Abstract
Providing security guarantees for systems built out of untrusted components requires the ability to define and enforce access control policies over untrusted code. In Web 2.0 applications, JavaScript code from different origins is often combined on a single page, leading to well-known vulnerabilities. We present a security infrastructure which allows users and content providers to specify access control policies over subsets of a JavaScript program by leveraging the concept of delimited histories with revocation. We implement our proposal in WebKit and evaluate it with three policies on 50 widely used websites with no changes to their JavaScript code and report performance overheads and violations.
- M. Abadi and C. Fournet. Access control based on execution history. In Network and Distributed System Security Symp. (NDSS), 2003.Google Scholar
- D. Akhawe, A. Barth, P. E. Lam, J. Mitchell, and D. Song. Towards a formal foundation of web security. In ph Computer Security Foundations Symposium (CSF), 2010. Google Scholar
Digital Library
- E. Athanasopoulos, V. Pappas, and E. P. Markatos. Code-injection attacks in browsers supporting policies. In W2SP 2009: WEB 2.0 Security and Privacy, 2009.Google Scholar
- A. Barth, C. Jackson, and W. Li. Attacks on javascript mashup communication. In W2SP 2009: WEB 2.0 Security and Privacy, 2009.Google Scholar
- A. Barth, C. Jackson, and J. C. Mitchell. Securing frame communication in browsers. Commun. ACM, 52(6), 2009. Google Scholar
Digital Library
- L. Bauer, J. Ligatti, and D. Walker. Composing expressive runtime security policies. ACM Trans. Softw. Eng. Methodol., 18:9:1--9:43, 2009. Google Scholar
Digital Library
- A. Birgisson, M. Dhawan, U. Erlingsson, V. Ganapathy, and L. Iftode. Enforcing authorization policies using transactional memory introspection. In Conference on Computer and communications security (CCS), 2008. Google Scholar
Digital Library
- R. Chugh, J. A. Meister, R. Jhala, and S. Lerner. Staged information flow for JavaScript. In Conference on Programming language design and implementation (PLDI), 2009. Google Scholar
Digital Library
- W. De Groef, D. Devriese, N. Nikiforakis, and F. Piessens. FlowFox: a web browser with flexible and precise information flow control. In Computer and Communications Security (CCS), 2012. Google Scholar
Digital Library
- F. De Keukelaere, S. Bhola, M. Steiner, S. Chari, and S. Yoshihama. Smash: secure component model for cross-domain mashups on unmodified browsers. In Conference on World Wide Web (WWW), 2008. Google Scholar
Digital Library
- M. Dhawan, C.-c. Shan, and V. Ganapathy. Enhancing JavaScript with transactions. In ECOOP-Object-Oriented Programming, 2012. Google Scholar
Digital Library
- A. Felt, P. Hooimeijer, D. Evans, and W. Weimer. Talking to strangers without taking their candy: isolating proxied content. In Workshop on Social Network Systems (SocialNets), 2008. Google Scholar
Digital Library
- S. Guarnieri and B. Livshits. Gatekeeper: Mostly static enforcement of security and reliability policies for JavaScript code. In USENIX Security Symposium, 2009. Google Scholar
Digital Library
- A. Guha, S. Krishnamurthi, and T. Jim. Using static analysis for Ajax intrusion detection. In Conference on World wide web (WWW), 2009. Google Scholar
Digital Library
- O. Hallaraker and G. Vigna. Detecting malicious JavaScript Code in Mozilla. In Conference on Engineering of Complex Computer Systems (ICECCS), 2005. Google Scholar
Digital Library
- M. Herlihy and J. E. B. Moss. Transactional memory: architectural support for lock-free data structures. In International Symposium on Computer architecture (ISCA), 1993. Google Scholar
Digital Library
- J. Howell, C. Jackson, H. J. Wang, and X. Fan. MashupOS: operating system abstractions for client mashups. In Workshop on Hot topics in Operating Systems (HOTOS), 2007. Google Scholar
Digital Library
- A. Janc and L. Olejnik. Feasibility and real-world implications of web browser history detection. In Proceedings of the 2010 Workshop on Web 2.0 Security and Privacy, 2010.Google Scholar
- D. Jang, R. Jhala, S. Lerner, and H. Shacham. An empirical study of privacy-violating information flows in JavaScript web applications. In Conference on Computer and communications security (CSS, 2010. Google Scholar
Digital Library
- T. Jim, N. Swamy, and M. Hicks. Defeating script injection attacks with browser-enforced embedded policies. In International conference on World Wide Web (WWW), 2007. Google Scholar
Digital Library
- M. E. Locasto, A. Stavrou, G. F. Cretu, and A. D. Keromytis. From STEM to SEAD: Speculative execution for automated defense. In USENIX Annual Technical Conference, 2007. Google Scholar
Digital Library
- M. T. Louw, K. T. Ganesh, and V. Venkatakrishnan. AdJail: Practical enforcement of confidentiality and integrity policies on web advertisements. In USENIX Security Symposium, 2010. Google Scholar
Digital Library
- S. Maffeis, J. Mitchell, and A. Taly. Isolating JavaScript with filters, rewriting, and wrappers. In Computer Security (ESORICS), 2009. Google Scholar
Digital Library
- S. Maffeis and A. Taly. Language-based isolation of untrusted JavaScript. In Symposium on Computer Security Foundations (CSF), 2009. Google Scholar
Digital Library
- L. A. Meyerovich and B. Livshits. ConScript: specifying and enforcing fine-grained security policies for JavaScript in the browser. In Symposium on Security and Privacy (S&P), 2010. Google Scholar
Digital Library
- N. Nikiforakis, L. Invernizzi, A. Kapravelos, S. Van Acker, W. Joosen, C. Kruegel, F. Piessens, and G. Vigna. You are what you include: Large-scale evaluation of remote JavaScript inclusions. In Computer and Communications Security (CCS), 2012. Google Scholar
Digital Library
- P. H. Phung, D. Sands, and A. Chudnov. Lightweight self-protecting JavaScript. In International Symposium on Information, Computer, and Communications Security (ASIACCS), 2009. Google Scholar
Digital Library
- C. Reis, J. Dunagan, H. J. Wang, O. Dubrovsky, and S. Esmeir. Browsershield: Vulnerability-driven filtering of dynamic HTML. ACM Trans. Web, 1(3):11, 2007. Google Scholar
Digital Library
- C. Reis and S. D. Gribble. Isolating web programs in modern browser architectures. In European Conference on Computer Systems (EUROSYS), 2009. Google Scholar
Digital Library
- G. Richards, C. Hammer, B. Burg, and J. Vitek. The eval that men do -- a large-scale study of the use of eval in JavaScript applications. In ECOOP--Object-oriented Programming, 2011. Google Scholar
Digital Library
- G. Richards, S. Lebresne, B. Burg, and J. Vitek. An analysis of the dynamic behavior of JavaScript programs. In Conference on Programming Language Design and Implementation (PLDI), 2010. Google Scholar
Digital Library
- A. Rudys and D. S. Wallach. Transactional rollback for language-based systems. In Conference on Dependable Systems and Networks (DSN), 2002. Google Scholar
Digital Library
- F. B. Schneider. Enforceable security policies. ACM Trans. Inf. Syst. Secur., 3:30--50, February 2000. Google Scholar
Digital Library
- A. Taly, Ú. Erlingsson, J. C. Mitchell, M. S. Miller, and J. Nagra. Automated Analysis of Security-Critical JavaScript APIs. In Symposium on Security and Privacy (S&P), 2011. Google Scholar
Digital Library
- K. Vikram, A. Prateek, and B. Livshits. Ripley: automatically securing web 2.0 applications through replicated execution. In Conference on Computer and Communications Security (CCS), 2009. Google Scholar
Digital Library
- D. Yu, A. Chander, N. Islam, and I. Serikov. JavaScript instrumentation for browser security. In Symposium on Principles of programming languages (POPL), 2007. Google Scholar
Digital Library
- Úlfar Erlingsson. The Inlined Reference Monitor Approach to Security Policy Enforcement. PhD thesis, Cornell University, 2004. Google Scholar
Digital Library
Index Terms
Flexible access control for javascript
Recommendations
Flexible access control for javascript
OOPSLA '13: Proceedings of the 2013 ACM SIGPLAN international conference on Object oriented programming systems languages & applicationsProviding security guarantees for systems built out of untrusted components requires the ability to define and enforce access control policies over untrusted code. In Web 2.0 applications, JavaScript code from different origins is often combined on a ...
A two-tier sandbox architecture for untrusted JavaScript
JSTools '12: Proceedings of the Workshop on JavaScript ToolsThe large majority of websites nowadays embeds third-party JavaScript into their pages, coming from external partners. Ideally, these scripts are benign and come from trusted sources, but over time, these third-party scripts can start to misbehave, or ...
Flexible Access Control using IPC Redirection
HOTOS '99: Proceedings of the The Seventh Workshop on Hot Topics in Operating SystemsWe present a mechanism for inter-process communication (IPC) redirection that enables efficient and flexible access control for micro-kernel systems. In such systems, services are implemented at user-level, so IPC is the only means of communication ...







Comments