Using replicated execution for a more secure and reliable browser
Download
1 / 26

Using Replicated Execution for a More Secure and Reliable Browser - PowerPoint PPT Presentation


  • 126 Views
  • Uploaded on

Using Replicated Execution for a More Secure and Reliable Browser. Authors: Hui Xue, Nathan Dautenhahn, Samuel T. King University of Illinois at Urbana Champaign Source: NDSS '12 Reporter: MinHao WU. https://netfiles.uiuc.edu/huixue2/www/cocktail.pptx. Outline. Example

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Using Replicated Execution for a More Secure and Reliable Browser' - alina


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Using replicated execution for a more secure and reliable browser

Using Replicated Execution for a More Secure and Reliable Browser

Authors: Hui Xue, Nathan Dautenhahn, Samuel T. King

University of Illinois at Urbana Champaign

Source: NDSS '12

Reporter: MinHao WU

https://netfiles.uiuc.edu/huixue2/www/cocktail.pptx


Outline
Outline Browser

  • Example

  • Introduction

  • Design

  • Implementation

  • Evaluation

  • Conclusion


Browsers are not safe
Browsers Are Not Safe Browser

  • Browsers are plagued with vulnerabilities

    • Internet Explorer: 59 new vulnerabilities in 2010

    • Firefox: 100 new vulnerabilities in 2010

    • Safari: 119 new vulnerabilities in 2010

    • Chrome: 191 new vulnerabilities in 2010


Firefox browser exploit example
Firefox Browser Exploit Example Browser

  • Firefox 3.0.x malicious popup by CVE-2009-3076


Opera exploit fails
Opera: Exploit Fails Browser

  • Opera shows no popup


Reason browser specific vulnerabilities
Reason: Browser Specific Vulnerabilities Browser

  • Different browsers different code bases

  • The same bug often only in one browser



How cocktail works example
How Cocktail Works: Example Browser

Proxy

HTTP GET

a.com/img.png

click

“a.com”

server

request

img.png

HTTP GET

a.com/img.png

click

click


How cocktail works example1
How Cocktail Works: Example Browser

Proxy

HTTP GET

a.com/img.png

responseimg.png

responseimg.png

responseimg.png

click

“a.com”

server

request

img.png

Qt DISPLAY

HTTP GET

a.com/img.png

click

responseimg.png

click

HTTP GET


Withstanding false positive attack
Withstanding False Positive/Attack Browser

Proxy

HTTP GET

a.com/img.png

responseimg.png

responseimg.png

click

“a.com”

server

request

img.png

Qt DISPLAY

HTTP GET

HTTP GET

a.com/img.png

click

responseimg.png

click

a.com/question.png


Observation opportunistic n version programming
Observation:Opportunistic N-Version Programming Browser

Different code base

+

DOM

Same specification “roughly” followed


How to compare different browsers
How to Compare Different Browsers? Browser

  • States to compare: display + network

    • Display: vision based page layout abstraction

  • Interaction with server

  • Client side non-determinism


Challenge interaction with server
Challenge: Interaction with Server Browser

  • Pages from server can be different

A

“a.com”

server

B

C


Solution
Solution Browser

  • Avoid major changes to browser

    • Browsers self-update is easy

    • Open source is not required

  • Solution: proxy replication

    • Replicate incoming network data with proxy

      • HTTPS handling: Man-in-the-middle


Solution proxy replication
Solution: Proxy Replication Browser

  • One browser as seen by server

Page A

a.com

server

Page A

Proxy

Page A

Page A


Challenge client side non determinism
Challenge: Client Side Non-determinism Browser

  • Same page content, different execution result

<html>

<script>

randomId = Math.random();

url = “doubleclick.com?ad=” + randomId;

</script>

</html>


Client non determinism summary
Client Non-determinism Summary Browser

  • Script related randomness

  • Browser specific behaviors

    • E.g., Opera community


Solution1
Solution Browser

  • Extension modifies script execution

    • Overwrites Math, Date, window.opera

  • Browser configuration change

    • Disable Opera community

    • Adjust browser locale

Cocktail

Extension

Firefox

Cocktail

Extension

Chrome

Cocktail

Extension

Opera


False positive
False Positive Browser

  • Browsers treat malformed URL differently

<iframesrc="

http://www.adfusion.com/Adfusion.PartnerSite/ca

tegoryhtml.aspx?userfeedguid=948fbed8-69ae-4659

-b3c1-b9863e5ab24e&clicktag=http://ads.bluelith

ium.com/clk?2,13%...%2Flrec%2F,&CB={REQUES

TID}

width="300" height="250" scrolling="no"

frameborder="0" marginheight="0"

marginwidth="0”

></iframe>

Missing

"


Why cocktail is more secure
Why Cocktail Is More Secure Browser

  • Voting == Security

  • Withstand some F.P.

    • Only need 2 to proceed

  • Ext. to eliminatenon-determinism

  • Looks like a good oneActs like a good one It is one uncompromisedbrowser

Voting

Proxy

Ckt

Ext

Ckt

Ext

Ckt

Ext

DISPLAY



  • The UI component is responsible for providing the interface between the user and Cocktail, routing user input to each replica, and voting on the display states of each replica.

  • The replica component maintains each browser replica, which all run in sandboxed environments.

  • The network component is responsible for handling network requests from the replicas and voting on network requests.


  • UI replication between the user and Cocktail, routing user input to each replica, and voting on the display states of each replica.

    • Recorder and re-player: Extension

    • Passing UI events across browsers: Proxy

  • UI Display capturing and voting

    • ImageMagick and OpenCV

  • Proxy

    • OpenSSL for MITM


Evaluation
Evaluation between the user and Cocktail, routing user input to each replica, and voting on the display states of each replica.


Evaluation1
Evaluation between the user and Cocktail, routing user input to each replica, and voting on the display states of each replica.

  • Security analysis

    • User interaction: CVE-2009-3076

    • Heap overflow: CVE-2009-2477

    • DOS attack: Firefox 3.0.4 DOS, April 2009

    • Same origin policy bypassing: CVE-2007-0981

  • Performance

    • 30% slower comparing to Firefox


Conclusion
Conclusion between the user and Cocktail, routing user input to each replica, and voting on the display states of each replica.

  • Mixing different browsers for better security

    • Practical N-Version programming for browsers

    • Cocktail mirrors all inputs across the different browser replicas and votes on all outputs to withstand attacks

    • Our results showed that added little overhead to the page load latency times for the web sites we tested.


ad