Affiliation:
1. University of Washington, Seattle, WA
2. Microsoft, Redmond, WA
3. Technion
Abstract
Vulnerability-driven filtering of network data can offer a fast and easy-to-deploy alternative or intermediary to software patching, as exemplified in Shield [Wang et al. 2004]. In this article, we take Shield's vision to a new domain, inspecting and cleansing not just static content, but also dynamic content. The dynamic content we target is the dynamic HTML in Web pages, which have become a popular vector for attacks. The key challenge in filtering dynamic HTML is that it is undecidable to statically determine whether an embedded script will exploit the browser at runtime. We avoid this undecidability problem by rewriting web pages and any embedded scripts into safe equivalents, inserting checks so that the filtering is done at runtime. The rewritten pages contain logic for recursively applying runtime checks to dynamically generated or modified web content, based on known vulnerabilities. We have built and evaluated
BrowserShield
, a general framework that performs this dynamic instrumentation of embedded scripts, and that admits policies for customized runtime actions like vulnerability-driven filtering. We also explore other applications on top of BrowserShield.
Publisher
Association for Computing Machinery (ACM)
Subject
Computer Networks and Communications
Reference52 articles.
1. Anderson J. P. 1972. Computer Security Technology Planning Study. Vol. II ESD-TR-73-51 Vol. II Electronic Systems Division Air Force Systems Command Hanscom Field Bedford MA. Anderson J. P. 1972. Computer Security Technology Planning Study. Vol. II ESD-TR-73-51 Vol. II Electronic Systems Division Air Force Systems Command Hanscom Field Bedford MA.
2. Apache Foundation 2007. The Apache HTTP server project. http://httpd.apache.org. Apache Foundation 2007. The Apache HTTP server project. http://httpd.apache.org.
3. Arbaugh W. A. Fithen W. L. and McHugh J. 2000. Windows of vulnerability: A case study analysis. IEEE Comput. 10.1109/2.889093 Arbaugh W. A. Fithen W. L. and McHugh J. 2000. Windows of vulnerability: A case study analysis. IEEE Comput. 10.1109/2.889093
Cited by
60 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献
1. JITBULL: Securing JavaScript Runtime with a Go/No-Go Policy for JIT Engine;2024 54th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN);2024-06-24
2. Fine-Grained Data-Centric Content Protection Policy for Web Applications;Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security;2023-11-15
3. JSISOLATE: lightweight in-browser JavaScript isolation;Proceedings of the 29th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering;2021-08-18
4. Taylor–HHO algorithm: A hybrid optimization algorithm with deep long short‐term for malicious JavaScript detection;International Journal of Intelligent Systems;2021-08-09
5. A User-Oriented Approach and Tool for Security and Privacy Protection on the Web;SN Computer Science;2020-06-30