DOC PREVIEW
Stanford CS 155 - Basic web security model

This preview shows page 1-2-3-4-5-6-40-41-42-43-44-81-82-83-84-85-86 out of 86 pages.

Save
View full document
View full document
Premium Document
Do you want full access? Go Premium and unlock all 86 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 86 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 86 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 86 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 86 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 86 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 86 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 86 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 86 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 86 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 86 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 86 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 86 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 86 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 86 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 86 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 86 pages.
Access to all documents
Download any document
Ad free experience
Premium Document
Do you want full access? Go Premium and unlock all 86 pages.
Access to all documents
Download any document
Ad free experience

Unformatted text preview:

Basic web security modelVulnerability Stats: web is “winning”Web security: two sidesCreditsOutlineWeb RefresherHTTP protocolURLsHTTP RequestHTTP ResponseSecurity User InterfaceSafe to type your password?Slide 13Slide 14Slide 15Slide 16Slide 17Same-Origin PolicySlide 19Policy GoalsComponents of browser security policyPopup windowsWindows InteractAre all interactions good?FramesFrames and iFramesMasups: lots of frames (gadgets)Need for isolation - mashupsWindow Policy AnomalyA Guninski AttackWhat should the policy be?Slide 32Slide 33Library importPages can embed content from many sources (example)Cross-origin InteractionMashupsNeed for isolation: embedded contentRecent Developmentswindow.postMessagepostMessage syntaxWhy include “targetOrigin”?Data exportSame Origin Requests with XMLHttpRequestSending a Cross-Domain GETSending a Cross-Domain POSTCookie SecuritySlide 48Same origin policy: “high level”Setting/deleting cookies by serverScope setting rules (write SOP)Cookies are identified by (name,domain,path)Reading cookies on server (read SOP)ExamplesClient side read/write: document.cookieSlide 56Viewing/deleting cookies in Browser UICookie protocol problemsInteraction with the DOM SOPHttpOnly Cookies IE6 SP1, FF2.0.0.5Browser security designSlide 62ApproachSlide 64PREVENTING THE INTRODUCTIONDrive-by downloadsWorld of Warcraft keyloggerScaling it up to the entire webNow do it in the browserHelping the webmaster outIntroductions are easyVulnerability ResponseClosing the vulnerability windowObstacles to patch deploymentGetting better, but not fast enoughFailure ContainmentSeverityProtected Mode IEIE7 Containment GoalsContainment GoalsChromium Security ArchitecturePreventing File TheftTask AllocationIs the "kernel" too complex?Another approach: Cookie BlockingConclusionBasic web security model Elie Bursztein CS155Vulnerability Stats: web is “winning”Source: MITRE CVE trendsMajority of vulnerabilities now found in web softwareWeb security: two sidesWeb browser: (client side)Attacks target browser security weaknessesResult in:Malware installation (keyloggers, bot-nets)Document theft from corporate networkLoss of private dataWeb application code: (server side)Runs at web site: banks, e-merchants, blogsWritten in PHP, ASP, JSP, Ruby, …Many potential bugs: XSS, XSRF, SQL injectionAttacks lead to stolen CC#, defaced sites.CreditsAdam Barth, Collin Jackson, John Mitchell, Dan Boneh and the entire websec teamhttp://crypto.stanford.edu/websecOutlineWeb Refresher: Security User InterfaceGoals of a browserWhen is it safe to type my password?Same-Origin PolicyHow sites are isolatedOpting out of isolationFrame hijackingNavigation policyCookie security Browser security designWeb RefresherHTTP protocolHTTP is widely used SimpleStatelessUnencryptedURLsGlobal identifiers of network-retrievable documents Example:http://stanford.edu:81/class?name=cs155#homeworkSpecial characters are encoded as hex:%0A = newline%20 or + = space, %2B = + (special exception)ProtocolHostnamePortPathQueryFragmentGET /index.html HTTP/1.1Accept: image/gif, image/x-bitmap, image/jpeg, */*Accept-Language: enConnection: Keep-AliveUser-Agent: Mozilla/1.22 (compatible; MSIE 2.0; Windows 95)Host: www.example.comReferer: http://www.google.com?q=dingbatsHTTP RequestMethod File HTTP version HeadersData – none for GETBlank lineGET: no side effect. POST: possible side effect.HTTP/1.0 200 OKDate: Sun, 21 Apr 1996 02:20:42 GMTServer: Microsoft-Internet-Information-Server/5.0 Connection: keep-aliveContent-Type: text/htmlLast-Modified: Thu, 18 Apr 1996 17:39:05 GMTSet-Cookie: …Content-Length: 2543 <HTML> Some data... blah, blah, blah </HTML>HTTP ResponseHTTP version Status code Reason phraseHeadersDataCookies11Security User InterfaceWhen is it safe to type my password?Safe to type your password?12OutlineWeb Refresher: Security User InterfaceGoals of a browserWhen is it safe to type my password?Same-Origin PolicyHow sites are isolatedOpting out of isolationFrame hijackingNavigation policyCookie security Browser security designSafe to type your password?14Safe to type your password?15Safe to type your password?16??????Safe to type your password?1718Same-Origin PolicyHow does the browser isolate different sites?OutlineWeb Refresher: Security User InterfaceGoals of a browserWhen is it safe to type my password?Same-Origin PolicyHow sites are isolatedOpting out of isolationFrame hijackingNavigation policyCookie security Browser security designPolicy GoalsSafe to visit an evil web siteSafe to visit two pages at the same timeAddress bardistinguishes themAllow safe delegationComponents of browser security policyFrame to Frame relationshipscanScript(A,B)Can Frame A execute a script that reads or writes DOM elements of Frame B?canNavigate(A,B)Can Frame A change the origin of content for Frame B?Frame to cookie relationshipsreadCookie(A,S), writeCookie(A,S)Can Frame A read/write cookies from origin S?SecurityIndicator (W) [ssl lock icon]Is the security indicator displayed for window W?Popup windowsWith hyperlinks<a href=“http://www.b.com” target=“foo”>click here</a>With JavaScriptmywin = window.open(“http://www.b.com”, “foo”, “width=10,height=10”)Navigating named window re-uses existing oneCan access properties of remote window:mywin.document.bodymywin.location = “http://www.c.com”;Windows Interact23Are all interactions good?24FramesModularityBrings together content from multiple sourcesClient-side aggregationDelegationFrame can draw only on its own rectanglesrc = 7.gmodules.com/...name = remote_iframe_7src = google.com/…name = awgloginFrames and iFramesawgloginAddress bar says nothing about origin of embedded content• frames (ads), scripts, flash objects, CSS<iframe name=awgloginsrc=“https://www.google.com/ accounts/ServiceLoginBox”style=“width:19em; height:16.4em” >Masups: lots of frames (gadgets)27Need for isolation - mashupsMalicious gadget should not affect other gadgetsWindow Policy Anomalytop.frames[1].location = "http://www.attacker.com/...";top.frames[2].location = "http://www.attacker.com/...";...30A Guninski Attackawgloginwindow.open("https://attacker.com/", "awglogin");What should the policy be?31ChildSiblingDescendantFrame BustBrowser Policy IE 6 (default) Permissive IE 6 (option)


View Full Document

Stanford CS 155 - Basic web security model

Documents in this Course
Lecture 5

Lecture 5

64 pages

Phishing

Phishing

31 pages

Load more
Download Basic web security model
Our administrator received your request to download this document. We will send you the file to your email shortly.
Loading Unlocking...
Login

Join to view Basic web security model and access 3M+ class-specific study document.

or
We will never post anything without your permission.
Don't have an account?
Sign Up

Join to view Basic web security model 2 2 and access 3M+ class-specific study document.

or

By creating an account you agree to our Privacy Policy and Terms Of Use

Already a member?