Security
Thursday 3:30–5:00 PM
Chair, Kristen Lefevre
Fine-Grained Privilege Separation for Web Applications
Akshay Krishnamurthy, Adrian Mettler, David Wagner
We present a web application programming model that simplifies reasoning about security considerations and verifying security properties of web applications. In our model, applications can easily be divided into privilege-separated components, enabling rich security policies to be enforced. The model is designed to help external reviewers check these security properties. Privilege separation of web applications is accomplished by using an object-capability language and interfaces that expose limited, explicitly specified privileges to web application components. This approach restricts what each component of the application can do and quarantines buggy or compromised application code. This also provides a better way to safely integrate third-party, less trusted code into a web application. We have implemented a prototype of this model, based upon the Java Servlet framework, and used it to build a web mail application. Our experience with this example suggests that the approach is viable and helpful at establishing application-level security properties.
Malicious Interface Design: Exploiting the User
Gregory Conti, Edward Sobiesk
In an ideal world, interface design is the art and science of helping users accomplish tasks in a timely, efficient, and pleasurable manner. This paper studies the inverse situation, the vast emergence of deliberately constructed malicious interfaces that violate design best practices in order to accomplish goals counter to those of the user. This has become a commonplace occurrence both on and off the desktop, particularly on the web. The objective of this paper is to formally define this problem, including construction of a taxonomy of malicious interface techniques and an analysis of their impact on users. Findings are also presented on the self-reported tolerance and expectation levels of users with regard to malicious interfaces as well as on the effectiveness and ease of use of existing countermeasures. Our results were accomplished through significant compilation of malicious interface techniques based on review of thousands of web sites and by conducting three original surveys. Ultimately, this paper concludes that malicious interfaces are an ubiquitous problem that demands intervention by the security and human computer interaction communities in order to reduce the negative impact on the global user population and to call for a cultural shift in the advertising design community.
Detection and Analysis of Drive-by-Download Attacks and Malicious JavaScript Code
Marco Cova, Christopher Kruegel, Giovanni Vigna
JavaScript is a browser scripting language that allows developers to create sophisticated client-side interfaces for web applications. However, JavaScript code is also used to carry out attacks against the user’s browser and its extensions. These attacks usually result in the download of additional malware that takes complete control of the victim’s platform, and are, therefore, called “drive-by downloads.” Unfortunately, the dynamic nature of the JavaScript language and its tight integration with the browser make it difficult to detect and block malicious JavaScript code. This paper presents a novel approach to the detection and analysis of malicious JavaScript code. Our approach combines anomaly detection with emulation to automatically identify malicious JavaScript code and to support its analysis. We developed a system that uses a number of features and machine-learning techniques to establish the characteristics of normal JavaScript code. Then, during detection, the system is able to identify anomalous JavaScript code by emulating its behavior and comparing it to the established profiles. In addition to identifying malicious code, the system is able to support the analysis of obfuscated code and to generate detection signatures for signature-based systems. The system has been made publicly available and has been used by thousands of analysts.
.
