Embedding of Security Components in Untrusted Third-Party Websites
نویسندگان
چکیده
Security-sensitive components, such as single sign-on APIs, need to be safely deployed on untrusted webpages. We present several new attacks on security components used in popular web applications that demonstrate how failing to isolate such components leaves them vulnerable to attacks both from the hosting website and other components loaded on the same page. These attacks are not prevented by browser security mechanisms alone, because they are caused by code interacting within the same origin. To mitigate these attacks, we propose to combine finegrained component isolation at the JavaScript level with cryptographic mechanisms. We present Defensive JavaScript (DJS), a subset of the language that guarantees the behavioral integrity of trusted scripts loaded in an untrusted page. We give a sound type system, type inference tool and build defensive libraries for cryptography and data encodings. We show the effectiveness of our solution by implementing several isolation patterns that fix some of our original attacks. We use a translation of a fragment of DJS to to applied pi-calculus to verify concrete security policies of critical components against various classes of web attackers. Key-words: JavaScript, security, cross-site scripting, cross-site request forgery, browser cryptography, single sign-on, encrypted cloud storage Chargement d’interfaces de scurit dans des sites web tiers Résumé : Certaines librairies critiques pour la scurit, par exemple pour l’authentification unique (single sign-on), ncssitent d’tre charges dans des sites tiers non srs. Nous montrons comment le manque d’isolation entre ces librairies et leur page hte les rendent vulnrables aux scripts tiers qui partagent le mme environnement, y compris pour des services trs largements utiliss. Les mcanismes de scurit des navigateurs sont impuissants face ces attaques car elles interviennent en dessous de la granularit des politiques de scurit, fixe par origine (protocole, nom de domaine et numro de port). Afin de mitiger ces attaques, nous proposons de combiner une isolation fine de ces librairies au niveau du langage avec des protections cryptographiques. cette fin, nous introduisons DJS, un fragment de JavaScript qui protge l’intgrit de l’excution d’un script dans un environnement JavaScript hostile. Nous nous appuyons sur un systme de types infrables et sur un ensemble de librairies (elles-mme bien types) pour implmenter des solutions gnriques aux attaques que nous avons dcouvertes. Nous vrifions la validit de ces schmas l’aide d’une traduction d’un sous-ensemble de DJS vers le pi-calcul appliqu contre diffrent types d’attaques. Mots-clés : JavaScript, security, cross-site scripting, cross-site request forgery, browser cryptography, single sign-on, encrypted cloud storage Embedding of Security Components in Untrusted Third-Party Websites 3 1 Defensive Security on
منابع مشابه
Guest Editors’ Introduction: Trusted System-on-Chip with Untrusted Components
h SECURITY OF ELECTRONIC hardware at different stages of its life cycle has emerged as a paramount concern to integrated circuits (ICs) designers, system integrators, as well as to the end users. Over time, hardware components, platforms and supply chains have been considered secure and trustworthy. However, recent discoveries and reports on security vulnerabilities with attacks in microchips a...
متن کاملAutomated Security Testing for Applications Integrating Third-Party Services
Modern applications have become increasingly complex in both function and construction. Commerce websites use inferred user preferences to show relevant merchandise, banking websites implement complex transaction protocols, social networks need to safeguard sensitive user information, and mobile applications incorporate authentication, sharing, and payment mechanisms. Third-party services have ...
متن کاملxBook: Redesigning Privacy Control in Social Networking Platforms
Social networking websites have recently evolved from being service providers to platforms for running third party applications. Users have typically trusted the social networking sites with personal data, and assume that their privacy preferences are correctly enforced. However, they are now being asked to trust each third-party application they use in a similar manner. This has left the users...
متن کاملWeb Authentication using Third-Parties in Untrusted Environments
With the increasing personalization of the Web, many websites allow users to create their own personal accounts. This has resulted in Web users often having many accounts on different websites, to which they need to authenticate in order to gain access. Unfortunately, there are several security problems connected to the use and re-use of passwords, the most prevalent authentication method curre...
متن کاملAnalysis of Hypertext Isolation Techniques for XSS Prevention
Modern websites and web applications commonly integrate third-party and user-generated content to enrich the user’s experience. Developers of these applications are in need of a simple way to limit the capabilities of this less trusted, outsourced web content and thereby protect their users from cross-site scripting attacks. We summarize several recent proposals that enable developers to isolat...
متن کامل