Skip to main content
SpringerLink
Log in

You Can’t Be Me: Enabling Trusted Paths and User Sub-origins in Web Browsers

  • Conference paper
Research in Attacks, Intrusions and Defenses (RAID 2014)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 8688))

Included in the following conference series:

Abstract

Once a web application authenticates a user, it loosely associates all resources owned by the user to the web session established. Consequently, any scripts injected into the victim web session attain unfettered access to user-owned resources, including scripts that commit malicious activities inside a web application. In this paper, we establish the first explicit notion of user sub-origins to defeat such attempts. Based on this notion, we propose a new solution called UserPath to establish an end-to-end trusted path between web application users and web servers. To evaluate our solution, we implement a prototype in Chromium, and retrofit it to 20 popular web applications. UserPath reduces the size of client-side TCB that has access to user-owned resources by 8x to 264x, with small developer effort.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. W3C: Content security policy 1.0, http://www.w3.org/TR/CSP/

  2. Johns, M.: Preparedjs: Secure script-templates for javascript. In: Detection of Intrusions and Malware & Vulnerability Assessment (2013)

    Google Scholar 

  3. Chen, P., Nikiforakis, N., Huygens, C., Desmet, L.: A dangerous mix: Large-scale analysis of mixed-content websites. In: Information Security Conference (2013)

    Google Scholar 

  4. Trend Micro: New york times pushes fake av malvertisement, http://goo.gl/BtjgPc

  5. Verizon: 2013 Data breach investigation report, http://www.verizonenterprise.com/DBIR/2013/

  6. Enigma Group: Facebook profiles can be hijacked by chrome extensions malware, http://underurhat.com/hacking

  7. Liu, L., Zhang, X., Yan, G., Chen, S.: Chrome extensions: Threat analysis and countermeasures. In: Network and Distributed System Security Symposium (2012)

    Google Scholar 

  8. Akhawe, D., Li, F., He, W., Saxena, P., Song, D.: Data-confined html5 applications. In: European Symposium on Research in Computer Security (2013)

    Google Scholar 

  9. Dong, X., Chen, Z., Siadati, H., Tople, S., Saxena, P., Liang, Z.: Protecting sensitive web content from client-side vulnerabilities with cryptons. In: Proceedings of the 20th ACM Conference on Computer and Communications Security (2013)

    Google Scholar 

  10. Parno, B., McCune, J.M., Wendlandt, D., Andersen, D.G., Perrig, A.: Clamp: Practical prevention of large-scale data leaks. In: IEEE Symposium on Security and Privacy (2009)

    Google Scholar 

  11. Felt, A.P., Finifter, M., Weinberger, J., Wagner, D.: Diesel: Applying privilege separation to database access. In: ACM Symposium on Information, Computer and Communications Security (2011)

    Google Scholar 

  12. Chen, E.Y., Gorbaty, S., Singhal, A., Jackson, C.: Self-exfiltration: The dangers of browser-enforced information flow control. In: Web 2.0 Security and Privacy (2012)

    Google Scholar 

  13. Dong, X., Patil, K., Mao, J., Liang, Z.: A comprehensive client-side behavior model for diagnosing attacks in ajax applications. In: ICECCS (2013)

    Google Scholar 

  14. Projects, T.C.: Per-page suborigins, http://goo.gl/PoH5pY

  15. Roesner, F., Kohno, T., Moshchuk, A., Parno, B., Wang, H.J., Cowan, C.: User-driven access control: Rethinking permission granting in modern operating systems. In: Proceedings of the 2012 IEEE Symposium on Security and Privacy (2012)

    Google Scholar 

  16. Roesner, F., Fogarty, J., Kohno, T.: User interface toolkit mechanisms for securing interface elements. In: User Interface Software and Technology (2012)

    Google Scholar 

  17. Dong, X., Hu, H., Saxena, P., Liang, Z.: A quantitative evaluation of privilege separation in web browser designs. In: Crampton, J., Jajodia, S., Mayes, K. (eds.) ESORICS 2013. LNCS, vol. 8134, pp. 75–93. Springer, Heidelberg (2013)

    Chapter  Google Scholar 

  18. Akhawe, D., Saxena, P., Song, D.: Privilege separation in html5 applications. In: USENIX Security (2012)

    Google Scholar 

  19. mOiwa, Y., Takagi, H., Watanabe, H., Suzuki, H.: Pake-based mutual http authentication for preventing phishing attacks. In: World Wide Web Conference (2009)

    Google Scholar 

  20. Budianto, E., Jia, Y.: Summary of source code modification, chromium patches, and userpath technical report, https://github.com/ebudianto/UserPath

  21. Budianto, E., Jia, Y.: Url for demo video, https://github.com/ebudianto/UserPath/wiki/DEMO-Video-URLs

  22. Dietz, M., Czeskis, A., Balfanz, D., Wallach, D.S.: Origin-bound certificates: A fresh approach to strong client authentication for the web. In: USENIX Security (2012)

    Google Scholar 

  23. Jackson, C., Simon, D.R., Tan, D.S., Barth, A.: An evaluation of extended validation and picture-in-picture phishing attacks. In: Proceedings of 1st USEC (2007)

    Google Scholar 

  24. Cao, Y., Yegneswaran, V., Porras, P., Chen, Y.: Pathcutter: Severing the self-propagation path of xss javascript worms in social web networks. In: Network and Distributed System Security Symposium (2012)

    Google Scholar 

  25. Hansen, R., Grossman, J.: Clickjacking, http://goo.gl/p7dxIC

  26. YGN Ethical Hacker Group: Elgg 1.7.9 xss vulnerability, http://goo.gl/XUeqis

  27. Cve-2012-6561, C.V.E.: xss vulnerability in elgg, http://goo.gl/mmW8bM

  28. Barth, A., Jackson, C., Mitchell, J.C.: Robust defenses for cross-site request forgery. In: Conference on Computer and Communications Security (2008)

    Google Scholar 

  29. Wu, M., Miller, R.C., Little, G.: Web wallet: Preventing phishing attacks by revealing user intentions. In: Symposium on Usable Privacy and Security (2006)

    Google Scholar 

  30. Bhargavan, K., Delignat-Lavaud, A., Maffeis, S.: Language-based defenses against untrusted browser origins. In: USENIX Security (2013)

    Google Scholar 

  31. Maffeis, S., Mitchell, J.C., Taly, A.: Object capabilities and isolation of untrusted web application. In: IEEE Symposium on Security and Privacy (2010)

    Google Scholar 

  32. Huang, L.S., Moshchuk, A., Wang, H.J., Schechter, S., Jackson, C.: Clickjacking: attacks and defenses. In: USENIX Security (2012)

    Google Scholar 

  33. Zhou, Y., Evans, D.: Protecting private web content from embedded scripts. In: European Symposium on Research in Computer Security (2011)

    Google Scholar 

  34. Dong, X., Tran, M., Liang, Z., Jiang, X.: Adsentry: comprehensive and flexible confinement of javascript-based advertisements. In: ACSAC (2011)

    Google Scholar 

  35. Akhawe, D., Barth, A., Lam, P.E., Mitchell, J., Song, D.: Towards a formal foundation of web security. In: Computer Security Foundations (2010)

    Google Scholar 

  36. Barth, A., Felt, A.P., Saxena, P., Boodman, A.: Protecting browsers from extension vulnerabilities. In: Network and Distributed System Security Symposium (2010)

    Google Scholar 

  37. Bisht, P., Hinrichs, T., Skrupsky, N., Bobrowicz, R., Venkatakrishnan, V.N.: Notamper: automatic blackbox detection of parameter tampering opportunities in web applications. In: Conference on Computer and Communications Security (2010)

    Google Scholar 

  38. Wu, T.: The secure remote password protocol. In: Network and Distributed System Security Symposium (1998)

    Google Scholar 

  39. The Spanner: Dom clobbering, http://goo.gl/ZOLmal

  40. pAdida, B., Barth, A., Jackson, C.: Rootkits for javascript environments. In: WOOT (2009)

    Google Scholar 

  41. Ye, Z.E., Smith, S.: Trusted paths for browsers. In: USENIX Security (2002)

    Google Scholar 

  42. Libonati, A., McCune, J.M., Reiter, M.K.: Usability testing a malware-resistant input mechanism. In: Network and Distributed System Security Symposium (2011)

    Google Scholar 

  43. Engler, J., Karlof, C., Shi, E., Song, D.: Is it too late for pake? In: Proceedings of Web 2.0 Security and Privacy (2009)

    Google Scholar 

  44. Slack, Q.: Tls-srp in apache mod_ssl, http://goo.gl/cHMoau

  45. Provos, N., Friedl, M., Honeyman, P.: Preventing privilege escalation. In: USENIX Security (2003)

    Google Scholar 

  46. Brumley, D., Song, D.: Privtrans: automatically partitioning programs for privilege separation. In: USENIX Security (2004)

    Google Scholar 

  47. Grier, C., Tang, S., King, S.: Designing and implementing the op and op2 web browsers. ACM Transactions on the Web (2011)

    Google Scholar 

  48. Wang, H.J., Grier, C., Moshchuk, A., King, S.T., Choudhury, P., Venter, H.: The multi-principal os construction of the gazelle web browser. In: USENIX Security (2009)

    Google Scholar 

  49. Barth, A., Jackson, C., Reis, C., Team, T.G.C.: The security architecture of the chromium browser, http://goo.gl/BGjJqC

  50. Papagiannis, I., Pietzuch, P.: Cloudfilter: practical control of sensitive data propagation to the cloud. In: Cloud Computing Security Workshop (2012)

    Google Scholar 

  51. Tong, T., Evans, D.: Guardroid: A trusted path for password entry. In: MoST (2013)

    Google Scholar 

  52. McCune, J.M., Perrig, A., Reiter, M.K.: Safe passage for passwords and other sensitive data. In: Network and Distributed System Security Symposium (2009)

    Google Scholar 

  53. Zhou, Z., Gligor, V.D., Newsome, J., McCune, J.M.: Building verifiable trusted path on commodity x86 computers. In: IEEE Symposium on Security and Privacy (2012)

    Google Scholar 

  54. Ter Louw, M., Venkatakrishnan, V.N.: Blueprint: Robust prevention of cross-site scripting attacks for existing browsers. In: IEEE Symposium on Security and Privacy (2009)

    Google Scholar 

  55. Nadji, Y., Saxena, P., Song, D.: Document structure integrity: A robust basis for cross-site scripting defense. In: Network and Distributed System Security Symposium (2009)

    Google Scholar 

  56. Gundy, M.V., Chen, H.: Noncespaces: Using randomization to enforce information flow tracking and thwart cross-site scripting attacks. In: Network and Distributed System Security Symposium (2009)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. National University of Singapore, Singapore

    Enrico Budianto, Yaoqi Jia, Prateek Saxena & Zhenkai Liang

  2. Advanced Digital Sciences Center, Singapore

    Xinshu Dong

Authors
  1. Enrico Budianto
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yaoqi Jia
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Xinshu Dong
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Prateek Saxena
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Zhenkai Liang
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. George Mason University, Fairfax, VA, USA

    Angelos Stavrou

  2. VU University Amsterdam, The Netherlands

    Herbert Bos

  3. Stevens Institute of Technology, NJ, USA

    Georgios Portokalidis

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer International Publishing Switzerland

About this paper

Cite this paper

Budianto, E., Jia, Y., Dong, X., Saxena, P., Liang, Z. (2014). You Can’t Be Me: Enabling Trusted Paths and User Sub-origins in Web Browsers. In: Stavrou, A., Bos, H., Portokalidis, G. (eds) Research in Attacks, Intrusions and Defenses. RAID 2014. Lecture Notes in Computer Science, vol 8688. Springer, Cham. https://doi.org/10.1007/978-3-319-11379-1_8

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-11379-1_8

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-11378-4

  • Online ISBN: 978-3-319-11379-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation