|
 ABSTRACT
Some web sites provide interactive extensions using browser scripts, often without inspecting the scripts to verify that they are benign and bug-free. Others handle users' confidential data and display it via the browser. Such new features contribute to the power of online services, but their combination would allow attackers to steal confidential data. This paper presents BFlow, a security system that uses information flow control to allow the combination while preventing attacks on data confidentiality. BFlow allows untrusted JavaScript to compute with, render, and store confidential data, while preventing leaks of that data. BFlow tracks confidential data as it flows within the browser, between scripts on a page and between scripts and web servers. Using these observations and assistance from participating web servers, BFlow prevents scripts that have seen confidential data from leaking it, all without disrupting the JavaScript communication techniques used in complex web pages. To achieve these ends, BFlow augments browsers with a new "protection zone" abstraction. We have implemented a BFlow browser reference monitor and server support. To evaluate BFlow's confidentiality protection and flexibility, we have built a BFlow-protected blog that supports Blogger's third party JavaScript extensions. BFlow is compatible with every legitimate Blogger extension that we have found, yet it prevents malicious extensions from leaking confidential data.
REFERENCES
Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.
| |
1
|
Adobe. Flash. http://www.adobe.com/products/flash, Jan 2009.
|
| |
2
|
|
| |
3
|
Beautifulbeta. Blogger widgets. http://beautifulbeta.blogspot.com, Jan 2009.
|
| |
4
|
David E. Bell and Leonard La Padula. Secure computer system: Unified exposition and multics interpretation. Technical Report MTR-2997, Rev. 1, MITRE Corp., Bedford, MA, USA, Mar 1976.
|
| |
5
|
Blogger. Site. http://www.blogger.com, Jan 2009.
|
 |
6
|
Stephen Chong , Jed Liu , Andrew C. Myers , Xin Qi , K. Vikram , Lantian Zheng , Xin Zheng, Secure web application via automatic partitioning, Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles, October 14-17, 2007, Stevenson, Washington, USA
|
| |
7
|
|
| |
8
|
|
| |
9
|
Trusted Computer System Evaluation Criteria (Orange Book). Department of Defense, dod 5200.28-std edition, Dec 1985.
|
| |
10
|
|
| |
11
|
Petros Efstathopoulos , Maxwell Krohn , Steve VanDeBogart , Cliff Frey , David Ziegler , Eddie Kohler , David Mazières , Frans Kaashoek , Robert Morris, Labels and event processes in the asbestos operating system, Proceedings of the twentieth ACM symposium on Operating systems principles, October 23-26, 2005, Brighton, United Kingdom
|
| |
12
|
Facebook. Site. http://www.facebook.com, Jan 2009.
|
| |
13
|
Firefox. Add-ons. https://addons.mozilla.org/, Jan 2009.
|
| |
14
|
Flickr. Badge. http://www.flickr.com/badge.gne, Jan 2009.
|
| |
15
|
Roxana Geambasu , Cherie Cheung , Alexander Moshchuk , Steven D. Gribble , Henry M. Levy, Organizing and sharing distributed personal web-service data, Proceeding of the 17th international conference on World Wide Web, April 21-25, 2008, Beijing, China
[doi> 10.1145/1367497.1367599]
|
| |
16
|
Google. Gadgets. http://www.google.com/webmasters/gadgets/, Jan 2009.
|
| |
17
|
Google. Google chrome: a new web browser for windows. http://www.google.com/chrome, Jan 2009.
|
| |
18
|
Google. Maps API. http://code.google.com/apis/maps, Jan 2009.
|
| |
19
|
Google. Open Social. http://code.google.com/apis/opensocial, Jan 2009.
|
| |
20
|
|
| |
21
|
|
| |
22
|
|
| |
23
|
Maxwell Krohn , Alexander Yip , Micah Brodsky , Natan Cliffer , M. Frans Kaashoek , Eddie Kohler , Robert Morris, Information flow control for standard OS abstractions, Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles, October 14-17, 2007, Stevenson, Washington, USA
|
| |
24
|
Maxwell Krohn, Alexander Yip, Micah Brodsky, Robert Morris, and Michael Walfish. A world wide web without walls. In Proceedings of the 6th ACM Workshop on Hot Topics in Networks, Atlanta, GA, USA, Nov 2007.
|
| |
25
|
|
| |
26
|
|
| |
27
|
|
| |
28
|
|
| |
29
|
Mark S. Miller, Mike Samuel, Ben Laurie, Ihab Awad, and Mike Stay. Caja: Safe active content in sanitized javascript, 2008. http://code.google.com/p/google-caja/downloads/list.
|
| |
30
|
|
| |
31
|
Charles Reis , John Dunagan , Helen J. Wang , Opher Dubrovsky , Saher Esmeir, BrowserShield: vulnerability-driven filtering of dynamic HTML, Proceedings of the 7th symposium on Operating systems design and implementation, November 06-08, 2006, Seattle, Washington
|
| |
32
|
Charles Reis, Steven D. Gribble, and Henry M. Levy. Architectural principles for safe web programs. In Proceedings of the 6th ACM Workshop on Hot Topics in Networks, Atlanta, GA, USA, Nov 2007.
|
| |
33
|
script.aculo.us. Library. http://script.aculo.us, Jan 2009.
|
| |
34
|
Twitter. Badge. http://twitter.com/badges/blogger, Jan 2009.
|
| |
35
|
Malte Ubl. Xssinterface: Javascript library for secure cross browser javascript messaging. http://code.google.com/p/xssinterface/, Jan 2009.
|
| |
36
|
P. Vogt, F. Nentwich, N. Jovanovic, E. Kirda, C. Kruegel, and G. Vigna. Cross-site scripting prevention with dynamic data tainting and static analysis. In Proceeding of the 14th ISOC Network and Distributed System Security Symposium, San Diego, CA, Feb 2007.
|
| |
37
|
Helen J. Wang , Xiaofeng Fan , Jon Howell , Collin Jackson, Protection and communication abstractions for web browsers in MashupOS, Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles, October 14-17, 2007, Stevenson, Washington, USA
|
| |
38
|
Yahoo. Pipes. htpp://pipes.yahoo.com, Jan 2009.
|
| |
39
|
|
|
Adobe Acrobat
QuickTime
Windows Media Player
Real Player
Pdf
D.4