DOCSLIB.ORG

Thesis Statement: We Can Successfully Apply Operating System Principles to Secure and Enhance the Extensibility of the Web Platform

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Thesis Statement: We Can Successfully Apply Operating System Principles to Secure and Enhance the Extensibility of the Web Platform RETHINKING WEB PLATFORM EXTENSIBILITY BY MOHAN DHAWAN A dissertation submitted to the Graduate School—New Brunswick Rutgers, The State University of New Jersey in partial fulfillment of the requirements for the degree of Doctor of Philosophy Graduate Program in Computer Science Written under the direction of Vinod Ganapathy and approved by New Brunswick, New Jersey May, 2013 c 2013 MOHAN DHAWAN ALL RIGHTS RESERVED ABSTRACT OF THE DISSERTATION RETHINKING WEB PLATFORM EXTENSIBILITY by MOHAN DHAWAN Dissertation Director: Vinod Ganapathy The modern Web platform provides an extensible architecture that lets third party extensions, often untrusted, enhance and customize the Web browser and the Web applications. While the prevalence of extensions for both browsers and applications has been instrumental in making the Web browser hugely successful, there are two critical issues that the designers of the modern Web platform have not yet tackled in a principled manner. First, both the third party extensions and the extensible components of the Web platform include numerous vulnerabilities, which can compromise the security and privacy of end users. Second, the black-box and opaque nature of the Web platform limits the extent of extensibility achievable for Web developers, thereby hampering the development of novel browser-based user applications. This dissertation develops new tools and techniques to address the problem of insecure extensibility in the Web platform, proposes novel language and system level solutions to make extensibility a first class primitive for developing Web software, and demonstrates that these methods are applicable to real-world Web applications and Web browser extensions. Specifically, this dissertation makes the following three contributions. First, it studies and characterizes the problem of insecure JavaScript-based Web browser extensions using a spe- cialized program analysis system, Sabre, which leverages JavaScript-level information flow mechanism to detect violations in client’s confidentiality and integrity arising from execution of untrusted extensions. Second, it formalizes the concept of transactions for JavaScript and ii implements Transcript, a language runtime system that allows hosting principals, i.e., Web browser and Web applications, to isolate untrusted JavaScript-based extensions using specula- tive execution. Lastly, this dissertation presents the design and implementation of Atlantis, a novel, extensible browser architecture that allows Web applications to define their own runtime environment and become more secure and robust. Atlantis enables developers with primitives to manage the Web application’s security and privacy, and removes their dependence on opaque, legacy Web interfaces. iii Acknowledgements This dissertation would not have been possible without the contribution, encouragement, and guidance of a number of individuals. I would like to thank my graduate advisor Professor Vinod Ganapathy and co-advisor Pro- fessor Liviu Iftode. Vinod has been a constant source of inspiration and guidance. His insights and feedbacks have directly shaped several ideas in this dissertation. His passion for excel- lence in research has motivated me to work harder and has greatly influenced my personality. I have learned tremendously from my interactions with Liviu, whose words of encouragement and wisdom have helped me throughout my graduate career. I would not have been successful in this endeavor without the help of my advisors. I would also like to thank Professor Ulrich Kremer and Dr. Kapil Singh (IBM Research) for their insightful comments to help improve this dissertation. Over the past few years, I have also had the pleasure of working with several other out- standing people who have been instrumental in shaping my graduate career, and without their guidance this dissertation and several other research works would not have been successful. I would like to thank Professor Chung-chieh Shan (Indiana University) for enlightening me about the fundamentals of JavaScript, which has been central to this dissertation. I also had the honor and privilege of working closely with Professor Vern Paxson (UC Berkeley / ICSI Berkeley), Professor Renata Cruz Teixeira (LIP6 Paris), Dr. Christian Kreibich, Dr. Mark Allman and Dr. Nicholas Weaver (ICSI Berkeley). I have greatly benefited from their clear vision, infectious optimism, kind advice and insightful feedback. I am also thankful to Dr. James Mickens (Mi- crosoft Research Redmond) and Dr. Ulfar´ Erlingsson (Google) for giving me an opportunity to work with them. I have had the privilege of sharing my time at Rutgers with several excellent people. I want iv to acknowledge the many members of the DiscoLab who over the past six years have con- tributed their valuable time, ideas, and opinions to several projects, meetings and practice talks that were crucial to me. I especially thank Aniruddha Bohra, Arati Baliga, Steve Smaldone, Pravin Shankar, Lu Han, Shakeel Butt, Rezwana Karim, Amruta Gokhale, Liu Yang and Nader Boushehrinejadmoradi. I owe my deepest gratitude to my parents, my sister and my fiancee´ for their endless love and encouragement throughout this entire journey. My parents have always taken keen interest in my academic progress. It is because of their efforts that I had an excellent education and had the chance to make a career in computing. My sister, Roopam, taught me how to read and write, and without her dedication and affection I would not have reached this career milestone. I am also thankful to my fiancee,´ Sneha, for her patience while I was working on this dissertation. I attribute everything I have ever achieved to my family, who have supported me even when I doubted myself. Without them I would have struggled to find the inspiration and motivation needed to complete this dissertation. I thank my family and dedicate this dissertation to them. v Dedication To my family, for their endless support and encouragement. To Nanaji and Sanjiv bhaiya, who are deeply missed. vi Table of Contents Abstract ......................................... ii Acknowledgements ................................... iv Dedication ........................................ vi List of Tables ...................................... x List of Figures ...................................... xi 1. Introduction ..................................... 1 1.1. Motivation.....................................1 1.2. Securing Extensibility of the Web Platform...................2 1.3. Enhancing Extensibility of the Web Platform..................3 1.4. Contributions...................................5 1.5. Statement of Joint Work.............................6 2. The Web Ecosystem ................................. 7 2.1. Core Web Application Technologies and JavaScript...............7 2.2. Web Browser...................................8 I Securing Web Platform Extensibility 10 3. JavaScript-based Extensibility in the Web Platform ............... 11 3.1. Web Application Extensions........................... 11 3.2. Web Browser Extensions............................. 12 3.2.1. Google Chrome Extension Platform................... 13 3.2.2. Mozilla Jetpack.............................. 15 4. Characterizing JavaScript-based Web Browser Extensions ............ 18 4.1. Problem...................................... 18 4.2. Motivating Examples............................... 20 4.3. Our Approach: JavaScript-level Information Flow Tracking........... 23 4.3.1. Sabre in Action.............................. 24 4.3.2. Inadequacies of Prior Techniques.................... 25 4.4. Tracking Information Flow with Sabre...................... 26 4.4.1. Security Labels.............................. 27 4.4.2. Sources and Sinks............................ 29 4.4.3. Propagating Labels............................ 31 4.4.4. Declassifying and Endorsing Flows................... 34 vii 4.5. Implementation.................................. 35 4.6. Evaluation..................................... 36 4.6.1. Effectiveness............................... 36 4.6.2. Performance............................... 41 4.7. Related Work................................... 42 4.8. Summary..................................... 44 5. Language-based Security for Web Platform Extensions ............. 45 5.1. Problem...................................... 45 5.2. Motivating Example............................... 46 5.3. Our Approach: Speculative Execution of JavaScript............... 47 5.4. Overview of Transcript.............................. 48 5.5. A Lambda Calculus with Transactions...................... 54 5.5.1. Formalization............................... 54 5.5.2. Examples................................. 57 5.6. Design of Transcript............................... 60 5.6.1. Components of an Iblock......................... 63 5.6.2. Hiding Sensitive Variables........................ 66 5.7. Security Assurances................................ 67 5.7.1. Trusted Computing Base......................... 67 5.7.2. Whitelisting for Host Policies...................... 68 5.8. Implementation in Firefox............................ 69 5.8.1. Enhancements to SpiderMonkey..................... 69 5.8.2. Supporting Speculative DOM Updates.................. 73 5.8.3. Conflict Detection............................ 74 5.8.4. The <script> Tag........................... 75 5.9. Evaluation..................................... 76 5.9.1. Case Studies on Guest Benchmarks................... 76 5.9.2. Fault Injection and Recovery....................... 78 5.9.3.
Load more

Recommended publications
  • Using Emergent Team Structure to Focus Collaboration
    Using Emergent Team Structure to Focus Collaboration by Shawn Minto B.Sc, The University of British Columbia, 2005 A THESIS SUBMITTED IN PARTIAL FULFILMENT OF THE REQUIREMENTS FOR THE DEGREE OF Master of Science The Faculty of Graduate Studies (Computer Science) The University Of British Columbia January 30, 2007 © Shawn Minto 2007 ii Abstract To build successful complex software systems, developers must collaborate with each other to solve issues. To facilitate this collaboration specialized tools are being integrated into development environments. Although these tools facilitate collaboration, they do not foster it. The problem is that the tools require the developers to maintain a list of other developers with whom they may wish to communicate. In any given situation, it is the developer who must determine who within this list has expertise for the specific situation. Unless the team is small and static, maintaining the knowledge about who is expert in particular parts of the system is difficult. As many organizations are beginning to use agile development and distributed software practices, which result in teams with dynamic membership, maintaining this knowledge is impossible. This thesis investigates whether emergent team structure can be used to support collaboration amongst software developers. The membership of an emergent team is determined from analysis of software artifacts. We first show that emergent teams exist within a particular open-source software project, the Eclipse integrated development environment. We then present a tool called Emergent Expertise Locator (EEL) that uses emergent team information to propose experts to a developer within their development environment as the developer works. We validated this approach to support collaboration by applying our ap• proach to historical data gathered from the Eclipse project, Firefox and Bugzilla and comparing the results to an existing heuristic for recommending experts that produces a list of experts based on the revision history of individual files.
    [Show full text]
  • CSS 2.1) Specification
    Cascading Style Sheets Level 2 Revision 1 (CSS 2.1) Specification W3C Editors Draft 26 February 2014 This version: http://www.w3.org/TR/2014/ED-CSS2-20140226 Latest version: http://www.w3.org/TR/CSS2 Previous versions: http://www.w3.org/TR/2011/REC-CSS2-20110607 http://www.w3.org/TR/2008/REC-CSS2-20080411/ Editors: Bert Bos <bert @w3.org> Tantek Çelik <tantek @cs.stanford.edu> Ian Hickson <ian @hixie.ch> Håkon Wium Lie <howcome @opera.com> Please refer to the errata for this document. This document is also available in these non-normative formats: plain text, gzip'ed tar file, zip file, gzip'ed PostScript, PDF. See also translations. Copyright © 2011 W3C® (MIT, ERCIM, Keio), All Rights Reserved. W3C liability, trademark and document use rules apply. Abstract This specification defines Cascading Style Sheets, level 2 revision 1 (CSS 2.1). CSS 2.1 is a style sheet language that allows authors and users to attach style (e.g., fonts and spacing) to structured documents (e.g., HTML documents and XML applications). By separating the presentation style of documents from the content of documents, CSS 2.1 simplifies Web authoring and site maintenance. CSS 2.1 builds on CSS2 [CSS2] which builds on CSS1 [CSS1]. It supports media- specific style sheets so that authors may tailor the presentation of their documents to visual browsers, aural devices, printers, braille devices, handheld devices, etc. It also supports content positioning, table layout, features for internationalization and some properties related to user interface. CSS 2.1 corrects a few errors in CSS2 (the most important being a new definition of the height/width of absolutely positioned elements, more influence for HTML's "style" attribute and a new calculation of the 'clip' property), and adds a few highly requested features which have already been widely implemented.
    [Show full text]
  • Security Analysis of Firefox Webextensions
    6.857: Computer and Network Security Due: May 16, 2018 Security Analysis of Firefox WebExtensions Srilaya Bhavaraju, Tara Smith, Benny Zhang srilayab, tsmith12, felicity Abstract With the deprecation of Legacy addons, Mozilla recently introduced the WebExtensions API for the development of Firefox browser extensions. WebExtensions was designed for cross-browser compatibility and in response to several issues in the legacy addon model. We performed a security analysis of the new WebExtensions model. The goal of this paper is to analyze how well WebExtensions responds to threats in the previous legacy model as well as identify any potential vulnerabilities in the new model. 1 Introduction Firefox release 57, otherwise known as Firefox Quantum, brings a large overhaul to the open-source web browser. Major changes with this release include the deprecation of its initial XUL/XPCOM/XBL extensions API to shift to its own WebExtensions API. This WebExtensions API is currently in use by both Google Chrome and Opera, but Firefox distinguishes itself with further restrictions and additional functionalities. Mozilla’s goals with the new extension API is to support cross-browser extension development, as well as offer greater security than the XPCOM API. Our goal in this paper is to analyze how well the WebExtensions model responds to the vulnerabilities present in legacy addons and discuss any potential vulnerabilities in the new model. We present the old security model of Firefox extensions and examine the new model by looking at the structure, permissions model, and extension review process. We then identify various threats and attacks that may occur or have occurred before moving onto recommendations.
    [Show full text]
  • Cross Site Scripting Attacks Xss Exploits and Defense.Pdf
    436_XSS_FM.qxd 4/20/07 1:18 PM Page ii 436_XSS_FM.qxd 4/20/07 1:18 PM Page i Visit us at www.syngress.com Syngress is committed to publishing high-quality books for IT Professionals and deliv- ering those books in media and formats that fit the demands of our customers. We are also committed to extending the utility of the book you purchase via additional mate- rials available from our Web site. SOLUTIONS WEB SITE To register your book, visit www.syngress.com/solutions. Once registered, you can access our [email protected] Web pages. There you may find an assortment of value- added features such as free e-books related to the topic of this book, URLs of related Web sites, FAQs from the book, corrections, and any updates from the author(s). ULTIMATE CDs Our Ultimate CD product line offers our readers budget-conscious compilations of some of our best-selling backlist titles in Adobe PDF form. These CDs are the perfect way to extend your reference library on key topics pertaining to your area of expertise, including Cisco Engineering, Microsoft Windows System Administration, CyberCrime Investigation, Open Source Security, and Firewall Configuration, to name a few. DOWNLOADABLE E-BOOKS For readers who can’t wait for hard copy, we offer most of our titles in downloadable Adobe PDF form. These e-books are often available weeks before hard copies, and are priced affordably. SYNGRESS OUTLET Our outlet store at syngress.com features overstocked, out-of-print, or slightly hurt books at significant savings. SITE LICENSING Syngress has a well-established program for site licensing our e-books onto servers in corporations, educational institutions, and large organizations.
    [Show full text]
  • Visual Validation of SSL Certificates in the Mozilla Browser Using Hash Images
    CS Senior Honors Thesis: Visual Validation of SSL Certificates in the Mozilla Browser using Hash Images Hongxian Evelyn Tay [email protected] School of Computer Science Carnegie Mellon University Advisor: Professor Adrian Perrig Electrical & Computer Engineering Engineering & Public Policy School of Computer Science Carnegie Mellon University Monday, May 03, 2004 Abstract Many internet transactions nowadays require some form of authentication from the server for security purposes. Most browsers are presented with a certificate coming from the other end of the connection, which is then validated against root certificates installed in the browser, thus establishing the server identity in a secure connection. However, an adversary can install his own root certificate in the browser and fool the client into thinking that he is connected to the correct server. Unless the client checks the certificate public key or fingerprint, he would never know if he is connected to a malicious server. These alphanumeric strings are hard to read and verify against, so most people do not take extra precautions to check. My thesis is to implement an additional process in server authentication on a browser, using human recognizable images. The process, Hash Visualization, produces unique images that are easily distinguishable and validated. Using a hash algorithm, a unique image is generated using the fingerprint of the certificate. Images are easily recognizable and the user can identify the unique image normally seen during a secure AND accurate connection. By making a visual comparison, the origin of the root certificate is known. 1. Introduction: The Problem 1.1 SSL Security The SSL (Secure Sockets Layer) Protocol has improved the state of web security in many Internet transactions, but its complexity and neglect of human factors has exposed several loopholes in security systems that use it.
    [Show full text]
  • HTML 4.01 Specification
    HTML 4.01 Specification HTML 4.01 Specification W3C Proposed Recommendation This version: http://www.w3.org/TR/1999/PR-html40-19990824 (plain text [786Kb], gzip’ed tar archive of HTML files [367Kb], a .zip archive of HTML files [400Kb], gzip’ed Postscript file [740Kb, 387 pages], a PDF file [3Mb]) Latest version: http://www.w3.org/TR/html40 Previous version: http://www.w3.org/TR/1998/REC-html40-19980424 Editors: Dave Raggett <[email protected]> Arnaud Le Hors <[email protected]> Ian Jacobs <[email protected]> Copyright © 1997-1999 W3C® (MIT, INRIA, Keio), All Rights Reserved. W3C liability, trademark, document use and software licensing rules apply. Abstract This specification defines the HyperText Markup Language (HTML), version 4.0 (subversion 4.01), the publishing language of the World Wide Web. In addition to the text, multimedia, and hyperlink features of the previous versions of HTML, HTML 4.01 supports more multimedia options, scripting languages, style sheets, better printing facilities, and documents that are more accessible to users with disabilities. HTML 4.01 also takes great strides towards the internationalization of documents, with the goal of making the Web truly World Wide. HTML 4.01 is an SGML application conforming to International Standard ISO 8879 -- Standard Generalized Markup Language [ISO8879] [p.351] . Status of this document This section describes the status of this document at the time of its publication. Other documents may supersede this document. The latest status of this document series is maintained at the W3C. 1 24 Aug 1999 14:47 HTML 4.01 Specification This document is a revised version of the 4.0 Recommendation first released on 18 December 1997 and then revised 24 April 1998 Changes since the 24 April version [p.312] are not just editorial in nature.
    [Show full text]
  • IT Acronyms.Docx
    List of computing and IT abbreviations /.—Slashdot 1GL—First-Generation Programming Language 1NF—First Normal Form 10B2—10BASE-2 10B5—10BASE-5 10B-F—10BASE-F 10B-FB—10BASE-FB 10B-FL—10BASE-FL 10B-FP—10BASE-FP 10B-T—10BASE-T 100B-FX—100BASE-FX 100B-T—100BASE-T 100B-TX—100BASE-TX 100BVG—100BASE-VG 286—Intel 80286 processor 2B1Q—2 Binary 1 Quaternary 2GL—Second-Generation Programming Language 2NF—Second Normal Form 3GL—Third-Generation Programming Language 3NF—Third Normal Form 386—Intel 80386 processor 1 486—Intel 80486 processor 4B5BLF—4 Byte 5 Byte Local Fiber 4GL—Fourth-Generation Programming Language 4NF—Fourth Normal Form 5GL—Fifth-Generation Programming Language 5NF—Fifth Normal Form 6NF—Sixth Normal Form 8B10BLF—8 Byte 10 Byte Local Fiber A AAT—Average Access Time AA—Anti-Aliasing AAA—Authentication Authorization, Accounting AABB—Axis Aligned Bounding Box AAC—Advanced Audio Coding AAL—ATM Adaptation Layer AALC—ATM Adaptation Layer Connection AARP—AppleTalk Address Resolution Protocol ABCL—Actor-Based Concurrent Language ABI—Application Binary Interface ABM—Asynchronous Balanced Mode ABR—Area Border Router ABR—Auto Baud-Rate detection ABR—Available Bitrate 2 ABR—Average Bitrate AC—Acoustic Coupler AC—Alternating Current ACD—Automatic Call Distributor ACE—Advanced Computing Environment ACF NCP—Advanced Communications Function—Network Control Program ACID—Atomicity Consistency Isolation Durability ACK—ACKnowledgement ACK—Amsterdam Compiler Kit ACL—Access Control List ACL—Active Current
    [Show full text]
  • Brackets Third Party Page (
    Brackets Third Party Page (http://www.adobe.com/go/thirdparty) "Cowboy" Ben Alman Copyright © 2010-2012 "Cowboy" Ben Alman Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. The Android Open Source Project Copyright (C) 2008 The Android Open Source Project All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
    [Show full text]
  • Liste Des Propriétés CSS
    A Liste des propriétés CSS Voici la liste des propriétés CSS telles que décrites dans les documents de la norme CSS 2 (http://www.w3.org/TR/1998/REC-CSS2-19980512/propidx.html). Ceci incorpore donc notamment les propriétés déjà présentes en CSS 1. Tableau A–1 Index des propriétés CSS Nom de la propriété Valeurs Explications azimuth angle, left-side, far-left, Détermine la direction d'origine du son en left, center-left, center, média aural. Les navigateurs actuels ne center-right, right, far-right, gérant pas encore les restitutions vocales, on right-side, behind, leftwards, utilise pour cela des logiciels spécialisés. La rightwards, inherit plupart ne prennent pas encore en charge CSS. background Raccourci pour background-color, background-image, background-repeat, background-attachment, background-position. background- scroll, fixed, inherit Fige une image d'arrière-plan insérée avec attachment background-image. Celle-ci ne défile plus avec le contenu de l'élément auquel elle est appliquée. background-color couleur, transparent, inherit Définit la couleur de fond d'un élément. © Groupe Eyrolles, 2005 Sites et ressources 254 ANNEXES Tableau A–1 Index des propriétés CSS (suite) Nom de la propriété Valeurs Explications background-image URL, none, inherit Affiche une image d'arrière-plan pour l'élé- ment (ou la page dans le cas de la balise body). Par défaut, l'image sera répétée en damier (ou papier peint) à partir du coin supé- rieur gauche de l'élément. background- pourcentage, longueur, top, center, Positionne une image d'arrière-plan définie position bottom, left, right, inherit avec background-image. Propriété géné- ralement utilisée en l'absence de répétition (background-repeat).
    [Show full text]
  • David Horner a Brain That Thinks
    David Horner a brain that thinks. Fort Wayne, Indiana (Fort Wayne, Indiana Area) Computer Software Current Senior Configuration Engineer at MorphoTrust ™ USA Past Independent Software Consultant at TecDev, LLC Advanced Imaging Consultant at Moxie Creative / Observera Senior Software Engineer at Medical Informatics Engineering see all Education Indiana University-Purdue University at Fort Wayne Recommendations 1 person has recommended David Connections 87 connections Websites Personal Website David Horner's Summary The human species has an uncanny ability to analyse and comprehend complex realities. Modeling abstractions consciously and subconsciously of past and future experience to manifest the desired outcome. A biochemical workhorse. The original quantum computer. 86bn neurons, weighing 3lbs, 80% water, and just 2% of the total human body. ●the brain is the sum of my experience...and it is talking directly to you. ●this brain is looking for interesting problems to solve. ●do you have any problems that require technical solutions? ●my preference is telecomputing with physical presence as requested. (I'm flexible) ●relocation is possible, given a firm multi-year commitment with excellent compensation. I enjoy working together with other people to accomplish great things. Specialties: Science, Research, Machine Learning, Math, Computer Vision, Modeling, Simulation, Visualization, Polygot Programmer,C, C++, Java, Perl, Python, Erlang, Haskell, PHP, Ruby, ASM, VBA,ObjC,Perl, Django,Catalyst,Dancer,Mojo,Silverlight, XAML, C#, Vb.NET, WPF,
    [Show full text]
  • Understanding and Mitigating Attacks Targeting Web Browsers
    Understanding and Mitigating Attacks Targeting Web Browsers A Dissertation presented in partial fulfillment of the requirements for the degree of Doctor of Philosophy in the field of Information Assurance by Ahmet Salih Buyukkayhan Northeastern University Khoury College of Computer Sciences Boston, Massachusetts April 2019 To my family, teachers and mentors. i Contents List of Figures v List of Tables vii Acknowledgments viii Abstract of the Dissertation ix 1 Introduction 1 1.1 Structure of the Thesis . .2 2 Background 4 2.1 Browser Extensions . .4 2.1.1 Firefox Extensions . .5 2.1.2 Extension Security . .7 2.2 Vulnerabilities in Web Applications . .9 2.2.1 Vulnerability Reward Programs and Platforms . .9 2.2.2 XSS Vulnerabilities . 10 2.2.3 XSS Defenses . 12 3 CrossFire: Firefox Extension-Reuse Vulnerabilities 14 3.1 Overview . 14 3.2 Threat Model . 15 3.3 Design . 16 3.3.1 Vulnerability Analysis . 17 3.3.2 Exploit Generation . 19 3.3.3 Example Vulnerabilities . 20 3.4 Implementation . 23 3.5 Evaluation . 23 3.5.1 Vulnerabilities in Top Extensions . 23 3.5.2 Random Sample Study of Extensions . 25 3.5.3 Performance & Manual Effort . 27 ii 3.5.4 Case Study: Submitting an Extension to Mozilla Add-ons Repository . 28 3.5.5 Jetpack Extensions. 30 3.5.6 Implications on Extension Vetting Procedures . 31 3.6 Summary . 31 4 SENTINEL: Securing Legacy Firefox Extensions 33 4.1 Overview . 33 4.2 Threat Model . 34 4.3 Design . 35 4.3.1 Intercepting XPCOM Operations . 36 4.3.2 Intercepting XUL Document Manipulations .
    [Show full text]
  • A Plug-In and an XPCOM Component for Controlling Firefox Browser Requests1
    A Plug-in and an XPCOM Component for Controlling Firefox Browser 1 Requests Mozilla’s Firefox offers useful programming APIs to enhance or modify the behavior of browser [2]. The APIs are part of XPCOM (Cross Platform Component Object Model) which provides a set of classes and related methods to perform useful and primitive operations such as file creation and intercepting requests or responses. Most of the XPCOM components are available either through the HTML rendering engine (e.g., Gecko) or JavaScript engine (e.g., SeaMonkey). However, one of the most interesting aspects of Mozilla’s Firefox runtime environment is that it offers us to build customized plug-ins and XPCOM components [1, 4]. It also allows one to implement plug-ins and components in a number of programming languages such as JavaScript. Currently, there exist many plug-ins and XPCOM components that allow programmers to access web pages and browser requests. However, they cannot control browser requests based on HTML form-based requests. This project aims to fill this gap. The project has two parts. First, a plug-in for Firefox browser needs to be developed so that a user can control which requests should be allowed or blocked. To obtain the desired functionalities, one requires implementing a number of JavaScript methods to validate requests (or URLs). The plug-in, when enabled, should perform the following three major functionalities: (i) initialization, (ii) checking requests and HTML forms, (iii) stopping a request and conditionally allowing a request to proceed. The above functionalities will be tested using a set of test cases discussed in [3].
    [Show full text]