DeCore: Detecting Content Repurposing Attacks on Clients’ Systems

  • Smitha Sundareswaran
  • Anna C. Squicciarini
Conference paper
Part of the Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering book series (LNICST, volume 50)

Abstract

Web 2.0 platforms are ubiquitously used to share content and personal information, which makes them an inviting and vulnerable target of hackers and phishers alike. In this paper, we discuss an emerging class of attacks, namely content repurposing attacks, which specifically targets sites that host user uploaded content on Web 2.0 sites. This latent threat is poorly addressed, if at all, by current protection systems, both at the remote sites and at the client ends. We design and develop an approach that protects from content repurposing attacks at the client end. As we show through a detailed evaluation, our solution promptly detects and stops various types of attacks and adds no overhead to the user’s local machine or browser where it resides. Further, our approach is light-weight and does not invasively monitor all the user interactions with the browser, providing an effective protection against these new and powerful attacks.

Keywords

Content Repurposing Malware Web 2.0 Same Origin Policy Information Flow 
This is a preview of subscription content, log in to check access.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Askarov, A., Sabelfeld, A.: Secure implementation of cryptographic protocols: A case study of mutual distrust. In: di Vimercati, S.d.C., Syverson, P.F., Gollmann, D. (eds.) ESORICS 2005. LNCS, vol. 3679, pp. 197–221. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  2. 2.
    Auger, R., et al.: Threat classification - denial of service, http://www.Webappsec.org/projects/threat/classes/denial_of_service.shtml
  3. 3.
    Bailey, M.: Foreground Security.Superior Security. Visible Results - Flash Origin Policy Issues, http://foregroundsecurity.com/MyBlog/flash-origin-policy-issues.html
  4. 4.
    Brandis, R.: Exploring below the surface of the gifar iceberg. Whitepaper (February 2009)Google Scholar
  5. 5.
  6. 6.
  7. 7.
    Dhawan, M., Ganapathy, V.: Analyzing Information Flow in JavaScript-based Browser Extensions. In: ACSAC 2009: Proceedings of the 2009 Annual Computer Security Applications Conference (December 2009)Google Scholar
  8. 8.
    Document object model (dom) level 2 events specification. W3C Specifications (November 2000), http://www.w3.org/TR/DOM-Level-2-Events/
  9. 9.
    Grossman, J.: Top ten Web hacking techniques of 2008 (official) (February 2009)Google Scholar
  10. 10.
    Gu, G., Zhang, J., Lee, W.: Botsniffer: Detecting botnet command and control channels in network traffic. In: 15th Annual Network and Distributed System Security Symposium, NDSS 2008 (February 2008)Google Scholar
  11. 11.
    Guha, A., Krishnamurthi, S., Jim, T.: Using static analysis for ajax intrusion detection. In: WWW 2009: Proceedings of the 18th international conference on World wide Web. ACM, New York (2009)Google Scholar
  12. 12.
    Haldar, V., Chandra, D., Franz, M.: Semantic remote attestation - a virtual machine directed approach to trusted computing. In: Third virtual Machine Research and Technology Symposium. USENIX (2004)Google Scholar
  13. 13.
    Hicks, B., Ahmadizadeh, K., McDaniel, P.: From languages to systems: Understanding practical application development in security-typed languages. In: 22nd Annual Computer Security Applications Conference (2006)Google Scholar
  14. 14.
    Inferno’s blog on application security. Easy server side fix for the gifar security issue (January 2009) http://securethoughts.com/2009/01/easy-server-side-fix-for-the-gifar-security-issue/
  15. 15.
    John, B.E., Vera, A., Matessa, M., Freed, M., Remington, R.: Automating CPM-Goms. In: Computing Human Interaction (2002)Google Scholar
  16. 16.
    Jackson, C., Bortz, A., Boneh, D., Mitchell, J.C.: Protecting browser state from web privacy attacks. In: Proceedings of the 15th ACM World Wide Web Conference (2006)Google Scholar
  17. 17.
    Karlof, C., Shanka, U., Tygar, J.D., Wagner, D.: Dynamic pharming attacks and locked same-origin policies for web browsers. In: 14th ACM Conference on Computer and Communications Security (2007)Google Scholar
  18. 18.
    Keizer, G.: Typical Windows user patches every 5 days Computer World, http://www.computerworld.com/s/article/9165738/Typical_Windows_user_patches_every_5_days
  19. 19.
    Kiciman, E., Livshits, B.: Ajaxscope: A platform for remotely monitoring the client-side behavior of Web 2.0 applications. In: ACM SOSP Symposium on Operating Systems Principles (2007)Google Scholar
  20. 20.
  21. 21.
    McCune, J.M., Jaeger, T., Berger, S., Caceres, R., Sailer, R.: Shamon: A system for distributed mandatory access control. In: Computer Security Applications Conference (2006)Google Scholar
  22. 22.
    Mills, E.: Cnet news. Researchers warn of malware hidden in.zip files (April 2010), http://news.cnet.com/8301-27080_3-20002542-245.html
  23. 23.
    nsIFile - Mozilla development center. Developer’s Guide (May 2009)Google Scholar
  24. 24.
    Reis, C., Dunagan, J., Wang, H.J., Dubrovsky, O., Esmeir, S.: Browsershield: Vulnerability-driven filtering of dynamic html. In: USENIX OSDI Symposium on Operating Systems Design and Implementation (2006)Google Scholar
  25. 25.
    Rios, B.: Billy (bk) Rios, Thoughts on security in an uncivilized world. Blog, http://xs-sniper.com/blog/ (Last Accessed: February, 2010)
  26. 26.
    Ritter, F.E., Baxter, G.J., Jones, G., Young, R.M.: Supporting cognitive models as users. ACM Transactions on Computer-Human Interaction 7 (2000)Google Scholar
  27. 27.
    Giffin, J., Sharif, M., Singh, K., Lee, W.: Understanding precision in host based intrusion detection. In: Kruegel, C., Lippmann, R., Clark, A. (eds.) RAID 2007. LNCS, vol. 4637, pp. 21–41. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  28. 28.
    Ur, B.E., Ganapathy, V.: Evaluating attack amplification in online social networks. In: W2SP 2009: 2009 Web 2.0 Security and Privacy Workshop (May 2009)Google Scholar
  29. 29.
    Wayner, P.: Mimic Functions. Cryptologia XVI(3) (1992)Google Scholar
  30. 30.
    Wayner, P.: Disappearing cryptography. In: Information Hiding: Steganography & Watermarking, 3rd edn. MK/Morgan Kaufmann Publishers, San Francisco (2009)Google Scholar
  31. 31.
    Yu, D., Chander, A., Islam, N., Serikov, I.: JavaScript instrumentation for browser security. In: ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (2007)Google Scholar

Copyright information

© ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering 2010

Authors and Affiliations

  • Smitha Sundareswaran
    • 1
  • Anna C. Squicciarini
    • 1
  1. 1.College of Information Sciences and TechnologyThe Pennsylvania State UniversityUSA

Personalised recommendations