Protecting Sensitive Data in Web Browsers with ScriptPolice
Event details
| Date | 03.06.2013 |
| Hour | 10:00 › 11:00 |
| Speaker | Prof. Brad Karp, University College London |
| Location | |
| Category | Conferences - Seminars |
The web browser has become an attractive target for attackers who wish to obtain users' sensitive data. The browser is rife with untrusted JavaScript: pages execute scripts, and extensions execute with elevated privilege that entitles them to see content from all origins, and to send data to third-party servers.Two principal threat models apply to a user's sensitive data within a browser. A malicious extension author may write extension code that reads sensitive page content and sends it to a remote server he controls. And a malicious page author may exploit an honest but buggy extension, thus leveraging its elevated privilege to disclose sensitive information from other origins.
In this talk, I will demonstrate zero-day vulnerabilities in real-world extensions for a widely used browser that allow maliciously crafted JavaScript in pages to leak a user's sensitive information. I will then describe two classes of policy that protect sensitive data in web browsers by limiting the privilege of JavaScript code. *Containment* policies block the export of sensitive information from an extension, however obtained. They protect against both malicious extensions and malicious pages. *Prevention* policies, by contrast, stop the misuse of an extension's privileges by a page. Both types of policy are effective for a wide range of extensions, and are thus easy to deploy in browsers. Finally, I will present ScriptPolice, a policy system for the Chrome browser's V8 JavaScript interpreter that supports simple containment and prevention policies. We demonstrate that on a variety of extensions and pages, ScriptPolice effectively protects sensitive data in the browser, while typically incurring added latency indistinguishable by the user.
(Joint work with Petr Marchenko of UCL and Ulfar Erlingsson of Google.)
In this talk, I will demonstrate zero-day vulnerabilities in real-world extensions for a widely used browser that allow maliciously crafted JavaScript in pages to leak a user's sensitive information. I will then describe two classes of policy that protect sensitive data in web browsers by limiting the privilege of JavaScript code. *Containment* policies block the export of sensitive information from an extension, however obtained. They protect against both malicious extensions and malicious pages. *Prevention* policies, by contrast, stop the misuse of an extension's privileges by a page. Both types of policy are effective for a wide range of extensions, and are thus easy to deploy in browsers. Finally, I will present ScriptPolice, a policy system for the Chrome browser's V8 JavaScript interpreter that supports simple containment and prevention policies. We demonstrate that on a variety of extensions and pages, ScriptPolice effectively protects sensitive data in the browser, while typically incurring added latency indistinguishable by the user.
(Joint work with Petr Marchenko of UCL and Ulfar Erlingsson of Google.)
Links
Practical information
- General public
- Free
Organizer
- SuRI 2013
Contact
- Simone Muller