Article

An analysis of browser domain-isolation bugs and a light-weight transparent defense mechanism

Authors:
Shuo Chen

Microsoft, Redmond, WA

Microsoft, Redmond, WA
View Profile

,
David Ross

Microsoft, Redmond, WA

Microsoft, Redmond, WA
View Profile

,
Yi-Min Wang

Microsoft, Redmond, WA

Microsoft, Redmond, WA
View Profile

CCS '07: Proceedings of the 14th ACM conference on Computer and communications securityOctober 2007Pages 2–11https://doi.org/10.1145/1315245.1315248

Published:28 October 2007Publication History

CCS '07: Proceedings of the 14th ACM conference on Computer and communications security

Pages 2–11

ABSTRACT

Browsers' isolation mechanisms are critical to users' safety and privacy on the web. Achieving proper isolations, however, is very difficult. Historical data show that even for seemingly simple isolation policies, the current browser implementations are surprisingly error-prone. Isolation bugs have been exploited on most major browser products. This paper presents a focused study of browser isolation bugs and attacks. We found that because of the intrinsic complexity of browser components, it is impractical to exhaustively examine the browser implementation to eliminate these bugs. In this paper, we propose the script accenting mechanism as a light-weight transparent defense to enhance the current domain isolation mechanism. The basic idea is to introduce domain-specific "accents" to scripts and HTML object names so that two frames cannot communicate/interfere if they have different accents. The mechanism has been prototyped on Internet Explorer. Our evaluations showed that all known attacks were defeated, and the proposed mechanism is fully transparent to existing web applications. The measurement about end-to-end browsing time did not show any noticeable slowdown. We also argue that accenting could be a primitive that is general enough for implementing other domain-isolation policies.

References

Firefox Cross-Frame Vulnerabilities. Security Focus Vulnerability Database. Bug IDs: 10877, 11177, 12465, 12884, 13231, 20042. http://www.securityfocus.com/bidGoogle Scholar
Opera Cross-Frame Vulnerabilities. Security Focus Vulnerability Database. Bug IDs: 3553, 4745, 6754, 8887, 10763. http://www.securityfocus.com/bidGoogle Scholar
Netscape Navigator Cross-Frame Vulnerabilities. Security Focus Vulnerability Database. Bug IDs: 11177, 13231. http://www.securityfocus.com/bidGoogle Scholar
A. Clover. CSS visited pages disclosure, 2002. http://seclists.org/lists/bugtraq/2002/Feb/0271.html.Google Scholar
Don Box. Essential COM. ISBN 0-201-63446-5. Addison Wesley.Google Scholar
Richard S. Cox, Jacob G. Hansen, Steven D. Gribble and Henry M. Levy: "A Safety-Oriented Platform for Web Applications," IEEE Symposium on Security and Privacy, 2006 Google ScholarDigital Library
Douglas Crockford. "JSONRequest," http://www.json.org/JSONRequest.htmlGoogle Scholar
E. W. Felten and M. A. Schneider, "Timing attacks on web privacy," in Proc. ACM Conference on Computer and Communications Security, 2000 Google ScholarDigital Library
J. A. Goguen and J. Meseguer, "Security policies and security models," in Proc. 1982 IEEE Symposium on Security and PrivacyGoogle Scholar
Collin Jackson, Andrew Bortz, Dan Boneh, and John C. Mitchell. "Protecting Browser State from Web Privacy Attacks," in Proc. the 15th ACM World Wide Web Conference, Edinburgh, Scotland, 2006. Google ScholarDigital Library
Martin Johns. "SessionSafe: Implementing XSS Immune Session Handling," in Proc. the 11th European Symposium on Research in Computer Security, Hamburg, Germany, September, 2006 Google ScholarDigital Library
MSDN Online. http://msdn.microsoft.comGoogle Scholar
The "Javascript:" Protocol. http://www.webreference.com/js/column35/protocol.htmlGoogle Scholar
Benjamin Livshits and Monica S. Lam. "Finding Security Vulnerabilities in Java Applications with Static Analysis," in Proc. Usenix Security Symposium, Baltimore, Maryland, August 2005. Google ScholarDigital Library
Wei Xu, Sandeep Bhatkar and R. Sekar. "Taint-Enhanced Policy Enforcement: A Practical Approach to Defeat a Wide Range of Attacks," in Proc. the 15th USENIX Security Symposium, Vancouver, BC, Canada, July 2006. Google ScholarDigital Library
The XMLHttpRequest Object. W3C Working Draft 27 September 2006. http://www.w3.org/TR/XMLHttpRequest/Google Scholar
Cross-site scripting. http://en.wikipedia.org/wiki/Cross _site_scriptingGoogle Scholar
Common Language Runtime (CLR). MSDN Online. http://msdn2.microsoft.com/en-us/netframework/aa497266.aspxGoogle Scholar

Index Terms

An analysis of browser domain-isolation bugs and a light-weight transparent defense mechanism
1. Security and privacy
  1. Systems security
    1. Operating systems security

Recommendations

Protection and communication abstractions for web browsers in MashupOS
SOSP '07: Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles

Web browsers have evolved from a single-principal platform on which one site is browsed at a time into a multi-principal platform on which data and code from mutually distrusting sites interact programmatically in a single page at the browser. Today's "...
Read More
Protection and communication abstractions for web browsers in MashupOS
SOSP '07

Web browsers have evolved from a single-principal platform on which one site is browsed at a time into a multi-principal platform on which data and code from mutually distrusting sites interact programmatically in a single page at the browser. Today's "...
Read More
Content-based isolation: rethinking isolation policy design on client systems
CCS '13: Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security

Modern client platforms, such as iOS, Android, Windows Phone, and Windows 8, have progressed from a per-user isolation policy, where users are isolated but a user's applications run in the same isolation container, to an application isolation policy, ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
CCS '07: Proceedings of the 14th ACM conference on Computer and communications security
October 2007
628 pages
ISBN:9781595937032
DOI:10.1145/1315245
General Chair:
Peng Ning
NC State University, USA
,
Program Chairs:
Sabrina De Capitani di Vimercati
University of Milan, Italy
,
Paul Syverson
Naval Research Laboratory, USA
Copyright © 2007 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 28 October 2007
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
accenting
browser
domain isolation bug
same-origin policy
Qualifiers
- Article
Conference

Acceptance Rates
CCS '07 Paper Acceptance Rate55of302submissions,18%Overall Acceptance Rate1,261of6,999submissions,18%
More
Upcoming Conference
CCS '24

Sponsor:

sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 14 - 18, 2024

Salt Lake City , UT , USA
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 23
  Total Citations
  View Citations
- 874
  Total Downloads
- Downloads (Last 12 months)9
- Downloads (Last 6 weeks)1
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.