Vaibhav Rastogi and Yi Yang Objective SOP is outdated Netscape introduced this policy when most content on the Internet was static Differences amongst different resources leads to vulnerabilities ID: 629637
Download Presentation The PPT/PDF document "A Framework for Fine Grained Origins" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
A Framework for Fine Grained Origins
Vaibhav
Rastogi
and Yi YangSlide2
Objective
SOP
is outdated
Netscape introduced this policy when most content on the Internet was static
Differences amongst different resources leads to vulnerabilities
Design a new framework to capture finer grained origins and sharingSlide3
Motivation
Web
2.0 – rich applications
An abstraction that solves many problems with one shot
A simple change that provides a solution to many problemsSlide4
Separation
Third
party JavaScript
Ads, gadgets, widgets, Facebook Applications
Restrict interaction with the host website
Problem
Essentially of maintaining different originsSlide5
Separation
Solution
SOP assigns the same origin
WebSandbox
,
AdSafe
.
Complex solutions
Performance problems
More natural solution
Have a different originSlide6
Sharing
Current solutions
Either
unsafe
or
complex
document.domain
Used by several websites for cross domain sharing
Unsafe; attacks studied in class
Some websites confirmed to be using
document.domain
cnn.com, sina.com.cn, yandex.ruSlide7
Sharing
document.domain
Wrote a script to find sites which explicitly set
document.domain
in source
Post Message channel
Achieve arbitrary requirements of security
May be complex to programSlide8
Coexisting W
eb Sessions
Opening
two Gmail accounts in one browser without hassle
Current
solutions are trickySlide9
Current sharing mechanisms
Cookies
play an important role
Cross domain sharing
Eg
. google.com and mail.google.com
Cross site sharing
Eg
. cnn.com and twitter.comSlide10
Advantages
Compared to the current sharing mechanisms, our
originID
approach
Less workload
More secure
Fine-grained origins
Consistent principle labelingSlide11
Resources to be secured
DOM
Cookies
AJAX
Others, like history, display…Slide12
Related Work
Secure browser designs
Gazelle and OP
Criticize SOP but stick to it
MashupOS
Propose a new origin policy: VOP
s
andbox tag provides separation
Does not generalize for collaboration
Origins may not be changed dynamicallySlide13
Related work
On the Incoherencies in Web Browser Access Control Policies
Current SOP mechanisms thoroughly criticized
ConScript
Controlling JavaScript functionality
Solves the separation problem to some extent
Object Views
Finer grained sharing for JavaScript objects
Cookies and other resources still a problemSlide14
Approach
Two approaches for representing origins
A four tuple
<proto, domain, port,
originID
>
A
random
string
originID
= “20-9fkd9kw9j3030d9g0425d“
analogous
to session
cookies
Approaches are lightweightSlide15
Approach
Resources
to be shared are placed in the same originSlide16
Approach
Resources to be
separated are placed in different originsSlide17
Approach
If
no origins are specified the default is the prevalent Same Origin Policy
Current websites do not breakSlide18
Security Analysis
Approach 1 at least as secure as the SOP
Approach 2: a new attack
Sniff the
originID
on the wire
Send malicious content with the same
originID
The same attack also exists with cookiesSlide19
Security Analysis
Attacks by using legacy origins
Solution: Disallow interaction of pages with origin with pages using legacy SOPSlide20
Implementation
Allowing Specification of
origin
in
HTML
<html
originid
=“93681056194027”>
HTTP
headers
originID
: 93681056194027
Disabled
document.domainSlide21
Implementation
WebKit
Implementation
Document
HTML Parser
Frame / Frame Loader
Security Origin (DOM/Ajax)
Cookie Origins
HTTP Request/Response handlerSlide22
Implementation
Modified the origin policy itself to work using
originIDs
(approach 1)
Cookies
Origin specified with a URL (domain + path)
Work ongoingSlide23
Evaluation
Used test pages to allow collaboration of DOM from different origins
Real pages: cnn.com
Uses
document.domain
to allow cooperation between different frames
Disabled
document.domain
Parts of page missing
Used proxy to add
originID
headers on the fly
Page loading fine againSlide24
Future plans
Thoughts
about implementation in another browser like
Chromium
Completing the implementation
Evaluating each of the applications of the work