Advertisement

Better Security and Privacy for Web Browsers: A Survey of Techniques, and a New Implementation

  • Willem De Groef
  • Dominique Devriese
  • Frank Piessens
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7140)

Abstract

The web browser is one of the most security critical software components today. It is used to interact with a variety of important applications and services, including social networking services, e-mail services, and e-commerce and e-health applications. But the same browser is also used to visit less trustworthy sites, and it is unreasonable to make it the end-user’s responsibility to “browse safely”. So it is an important design goal for a browser to provide adequate privacy and security guarantees, and to make sure that potentially malicious content from one web site can not compromise the browser, violate the user’s privacy, or interfere with other web sites that the user interacts with.

Hence, browser security has been a very active topic of research over the past decade, and many proposals have been made for new browser security techniques or architectures. In the first part of this paper, we provide a survey of some important problems and some proposed solutions. We start with a very broad view on browser security problems, and then zoom in on the issues related to the security of JavaScript scripts on the Web. We discuss three important classes of techniques: fine-grained script access control, capability-secure scripting and information flow security for scripts, focusing on techniques with a solid formal foundation.

In the second part of the paper, we describe a novel implementation of one information flow security technique. We discuss how we have implemented the technique of secure multi-execution in the Mozilla Firefox browser, and we report on some preliminary experiments with this implementation.

Keywords

Privacy security web browser information flow security secure multi-execution 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Akhawe, D., Barth, A., Lam, P.E., Mitchell, J., Song, D.: Towards a formal foundation of web security. In: Computer Security Foundations Symposium, pp. 290–304. IEEE (2010)Google Scholar
  2. 2.
    Askarov, A., Sabelfeld, A.: Tight enforcement of information-release policies for dynamic languages. In: CSF, pp. 43–59 (2009)Google Scholar
  3. 3.
    Austin, T., Flanagan, C.: Multiple facets for dynamic information flow. In: POPL (2012)Google Scholar
  4. 4.
    Barth, A., Jackson, C., Mitchell, J.C.: Robust defenses for cross-site request forgery. In: 15th ACM Conference on Computer and Communications Security, CCS 2008 (2008), http://seclab.stanford.edu/websec/csrf/csrf.pdf
  5. 5.
    Bielova, N., Devriese, D., Massacci, F., Piessens, F.: Reactive non-interference for a browser model. In: Proceedings of the International Conference on Network and System Security, NSS (September 2011)Google Scholar
  6. 6.
    Bohannon, A., Pierce, B.C.: Featherweight Firefox: Formalizing the core of a web browser. In: WebApps (2010)Google Scholar
  7. 7.
    Bohannon, A., Pierce, B.C., Sjöberg, V., Weirich, S., Zdancewic, S.: Reactive noninterference. In: CCS (2009)Google Scholar
  8. 8.
    Capizzi, R., Longo, A., Venkatakrishnan, V., Sistla, A.: Preventing information leaks through shadow executions. In: ACSAC (2008)Google Scholar
  9. 9.
    Chudnov, A., Naumann, D.A.: Information flow monitor inlining. In: CSF, pp. 200–214 (2010)Google Scholar
  10. 10.
    Chugh, R., Meister, J., Jhala, R., Lerner, S.: Staged information flow for Javascript. In: PLDI (2009)Google Scholar
  11. 11.
    De Ryck, P., Decat, M., Desmet, L., Piessens, F., Joosen, W.: Security of web mashups: a survey. In: 15th Nordic Conference in Secure IT Systems (NordSec 2010), Springer, Heidelberg (2011), https://lirias.kuleuven.be/handle/123456789/317390 Google Scholar
  12. 12.
    De Ryck, P., Desmet, L., Heyman, T., Piessens, F., Joosen, W.: Csfire: Transparent Client-Side Mitigation of Malicious Cross-Domain Requests. In: Massacci, F., Wallach, D., Zannone, N. (eds.) ESSoS 2010. LNCS, vol. 5965, pp. 18–34. Springer, Heidelberg (2010), https://lirias.kuleuven.be/handle/123456789/260893 CrossRefGoogle Scholar
  13. 13.
    De Ryck, P., Desmet, L., Joosen, W., Piessens, F.: Automatic and Precise Client-Side Protection against CSRF Attacks. In: Atluri, V., Diaz, C. (eds.) ESORICS 2011. LNCS, vol. 6879, pp. 100–116. Springer, Heidelberg (2011), https://lirias.kuleuven.be/handle/123456789/311551 CrossRefGoogle Scholar
  14. 14.
    De Ryck, P., Desmet, L., Philippaerts, P., Piessens, F.: A security analysis of next generation web standards. Tech. rep., European Network and Information Security Agency (ENISA) (July 2011), https://lirias.kuleuven.be/handle/123456789/317385
  15. 15.
    Devriese, D., Piessens, F.: Noninterference through secure multi-execution. In: Proceedings of the IEEE Symposium on Security and Privacy. pp. 109–124 (May 2010)Google Scholar
  16. 16.
    Jang, D., Jhala, R., Lerner, S., Shacham, H.: An empirical study of privacy-violating information flows in JavaScript web applications. In: Proceedings of the ACM Conference on Computer and Communications Security (CCS), pp. 270–283. ACM Press (2010)Google Scholar
  17. 17.
    Jaskelioff, M., Russo, A.: Secure multi-execution in haskell. In: Proceedings of Andrei Ershov International Conference on Perspectives of System Informatics (PSI 2011), Akademgorodok, Novosibirsk, Russia (2011)Google Scholar
  18. 18.
    Johns, M.: On JavaScript Malware and related threats - Web page based attacks revisited. Journal in Computer Virology 4(3), 161–178 (2008)CrossRefGoogle Scholar
  19. 19.
    Johns, M., Winter, J.: RequestRodeo: client side protection against session riding. In: Proceedings of the OWASP Europe 2006 Conference, refereed papers track, Report CW448, pp. 5–17 (2006)Google Scholar
  20. 20.
    Kashyap, V., Wiedermann, B., Hardekopf, B.: Timing- and termination-sensitive secure information flow: Exploring a new approach. In: Proceedings of the 2011 IEEE Symposium on Security and Privacy, SP 2011, pp. 413–428. IEEE Computer Society, Washington, DC, USA (2011), http://dx.doi.org/10.1109/SP.2011.19 CrossRefGoogle Scholar
  21. 21.
    Li, Z., Zhang, K., Wang, X.: Mash-IF: Practical information-flow control within client-side mashups. In: Proceedings of the IEEE/IFIP International Conference on Dependable Systems & Networks (DSN), pp. 251–260. IEEE (2010)Google Scholar
  22. 22.
    Maffeis, S., Mitchell, J.C., Taly, A.: Object capabilities and isolation of untrusted web applications. In: IEEE Symposium on Security and Privacy, pp. 125–140 (2010)Google Scholar
  23. 23.
    Magazinius, J., Askarov, A., Sabelfeld, A.: A Lattice-based Approach to Mashup Security. In: Proceedings of the ACM Symposium on Information, Computer and Communications Security (ASIACSS), pp. 15–23 (2010)Google Scholar
  24. 24.
    Meyerovich, L., Livshits, B.: ConScript: Specifying and enforcing fine-grained security policies for Javascript in the browser. In: IEEE Symposium on Security and Privacy (May 2010)Google Scholar
  25. 25.
    Miller, M.S., Samuel, M., Laurie, B., Awad, I., Stay, M.: Caja: Safe active content in sanitized javascript (January 2008), http://google-caja.googlecode.com/files/caja-spec-2008-0115.pdf
  26. 26.
    Miller, M.: Robust composition: towards a unified approach to access control and concurrency control. Ph.D. thesis. Johns Hopkins University (2006)Google Scholar
  27. 27.
    Nikiforakis, N., Meert, W., Younan, Y., Johns, M., Joosen, W.: SessionShield: Lightweight Protection against Session Hijacking. In: Erlingsson, Ú., Wieringa, R., Zannone, N. (eds.) ESSoS 2011. LNCS, vol. 6542, pp. 87–100. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  28. 28.
    Phung, P.H., Sands, D., Chudnov, A.: Lightweight self-protecting javascript. In: Proceedings of the 4th International Symposium on Information, Computer, and Communications Security, ASIACCS 2009, pp. 47–60. ACM (2009), http://doi.acm.org/10.1145/1533057.1533067
  29. 29.
    Provos, N., Mavrommatis, P., Rajab, M.A., Monrose, F.: All your iframes point to us. In: Proceedings of the 17th Conference on Security Symposium, pp. 1–15. USENIX Association, Berkeley (2008), http://dl.acm.org/citation.cfm?id=1496711.1496712 Google Scholar
  30. 30.
    Provos, N., Mcnamee, D., Mavrommatis, P., Wang, K., Modadugu, N., Inc, G.: The ghost in the browser: Analysis of web-based malware. In: Usenix Hotbots (2007)Google Scholar
  31. 31.
    Reis, C., Dunagan, J., Wang, H.J., Dubrovsky, O., Esmeir, S.: BrowserShield: vulnerability-driven filtering of dynamic HTML. In: OSDI 2006: Proceedings of the 7th Symposium on Operating Systems Design and Implementation, pp. 61–74. USENIX Association (2006), http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.85.1661
  32. 32.
    Ruderman, J.: Same origin policy for JavaScript (2010)Google Scholar
  33. 33.
    Russo, A., Sabelfeld, A.: Securing timeout instructions in web applications. In: CSF, pp. 92–106 (2009)Google Scholar
  34. 34.
    Russo, A., Sabelfeld, A., Chudnov, A.: Tracking Information Flow in Dynamic Tree Structures. In: Backes, M., Ning, P. (eds.) ESORICS 2009. LNCS, vol. 5789, pp. 86–103. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  35. 35.
    Sabelfeld, A., Myers, A.C.: Language-based information-flow security. In: JSAC, vol. 21, pp. 5–19 (2003)Google Scholar
  36. 36.
    Schepers, D., Rossi, J.: Document Object Model (DOM) Level 3 Events Specification (2011)Google Scholar
  37. 37.
    Singh, K., Moshchuk, A., Wang, H.J., Lee, W.: On the incoherencies in web browser access control policies. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 463–478 (2010)Google Scholar
  38. 38.
    Ter Louw, M., Ganesh, K.T., Venkatakrishnan, V.: Adjail: Practical Enforcement of Confidentiality and Integrity Policies on Web Advertisements. In: Proceedings of the USENIX Security Symposium, p. 24 (2010)Google Scholar
  39. 39.
    Van Acker, S., De Ryck, P., Desmet, L., Piessens, F., Joosen, W.: Webjail: Least-privilege integration of third-party components in web mashups. In: ACSAC (December 2011), https://lirias.kuleuven.be/handle/123456789/316291
  40. 40.
    Wang, H.J., Grier, C., Moshchuk, A., King, S.T., Choudhury, P., Venter, H.: The multi-principal os construction of the gazelle web browser. In: USENIX Security Symposium, pp. 417–432 (2009)Google Scholar
  41. 41.
    Weber, J.: Performance: Profiling how different web sites use browser subsystems (August 2010), http://blogs.msdn.com/b/ie/archive/2010/08/30/performance-profiling-how-different-web-sites-use-browser-subsystems.aspx
  42. 42.
    Wikipedia: Usage share of web browsers (October 2011)Google Scholar
  43. 43.
    Zalewski, M.: Browser security handbook (2010), http://code.google.com/p/browsersec/wiki/Main

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Willem De Groef
    • 1
  • Dominique Devriese
    • 1
  • Frank Piessens
    • 1
  1. 1.IBBT-DistrinetKatholieke Universiteit LeuvenBelgium

Personalised recommendations