Using replicated execution for a more secure and reliable browser
This presentation is the property of its rightful owner.
Sponsored Links
1 / 26

Using Replicated Execution for a More Secure and Reliable Browser PowerPoint PPT Presentation


  • 95 Views
  • Uploaded on
  • Presentation posted in: General

Using Replicated Execution for a More Secure and Reliable Browser. Authors: Hui Xue, Nathan Dautenhahn, Samuel T. King University of Illinois at Urbana Champaign Source: NDSS '12 Reporter: MinHao WU. https://netfiles.uiuc.edu/huixue2/www/cocktail.pptx. Outline. Example

Download Presentation

Using Replicated Execution for a More Secure and Reliable Browser

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Using replicated execution for a more secure and reliable browser

Using Replicated Execution for a More Secure and Reliable Browser

Authors: Hui Xue, Nathan Dautenhahn, Samuel T. King

University of Illinois at Urbana Champaign

Source: NDSS '12

Reporter: MinHao WU

https://netfiles.uiuc.edu/huixue2/www/cocktail.pptx


Outline

Outline

  • Example

  • Introduction

  • Design

  • Implementation

  • Evaluation

  • Conclusion


Browsers are not safe

Browsers Are Not Safe

  • Browsers are plagued with vulnerabilities

    • Internet Explorer: 59 new vulnerabilities in 2010

    • Firefox: 100 new vulnerabilities in 2010

    • Safari: 119 new vulnerabilities in 2010

    • Chrome: 191 new vulnerabilities in 2010


Firefox browser exploit example

Firefox Browser Exploit Example

  • Firefox 3.0.x malicious popup by CVE-2009-3076


Opera exploit fails

Opera: Exploit Fails

  • Opera shows no popup


Reason browser specific vulnerabilities

Reason: Browser Specific Vulnerabilities

  • Different browsers different code bases

  • The same bug often only in one browser


Cocktail mixing browsers for better security

Cocktail: Mixing Browsers For Better Security


How cocktail works example

How Cocktail Works: Example

Proxy

HTTP GET

a.com/img.png

click

“a.com”

server

request

img.png

HTTP GET

a.com/img.png

click

click


How cocktail works example1

How Cocktail Works: Example

Proxy

HTTP GET

a.com/img.png

responseimg.png

responseimg.png

responseimg.png

click

“a.com”

server

request

img.png

Qt DISPLAY

HTTP GET

a.com/img.png

click

responseimg.png

click

HTTP GET


Withstanding false positive attack

Withstanding False Positive/Attack

Proxy

HTTP GET

a.com/img.png

responseimg.png

responseimg.png

click

“a.com”

server

request

img.png

Qt DISPLAY

HTTP GET

HTTP GET

a.com/img.png

click

responseimg.png

click

a.com/question.png


Observation opportunistic n version programming

Observation:Opportunistic N-Version Programming

Different code base

+

DOM

Same specification “roughly” followed


How to compare different browsers

How to Compare Different Browsers?

  • States to compare: display + network

    • Display: vision based page layout abstraction

  • Interaction with server

  • Client side non-determinism


Challenge interaction with server

Challenge: Interaction with Server

  • Pages from server can be different

A

“a.com”

server

B

C


Solution

Solution

  • Avoid major changes to browser

    • Browsers self-update is easy

    • Open source is not required

  • Solution: proxy replication

    • Replicate incoming network data with proxy

      • HTTPS handling: Man-in-the-middle


Solution proxy replication

Solution: Proxy Replication

  • One browser as seen by server

Page A

a.com

server

Page A

Proxy

Page A

Page A


Challenge client side non determinism

Challenge: Client Side Non-determinism

  • Same page content, different execution result

<html>

<script>

randomId = Math.random();

url = “doubleclick.com?ad=” + randomId;

</script>

</html>


Client non determinism summary

Client Non-determinism Summary

  • Script related randomness

  • Browser specific behaviors

    • E.g., Opera community


Solution1

Solution

  • Extension modifies script execution

    • Overwrites Math, Date, window.opera

  • Browser configuration change

    • Disable Opera community

    • Adjust browser locale

Cocktail

Extension

Firefox

Cocktail

Extension

Chrome

Cocktail

Extension

Opera


False positive

False Positive

  • Browsers treat malformed URL differently

<iframesrc="

http://www.adfusion.com/Adfusion.PartnerSite/ca

tegoryhtml.aspx?userfeedguid=948fbed8-69ae-4659

-b3c1-b9863e5ab24e&clicktag=http://ads.bluelith

ium.com/clk?2,13%...%2Flrec%2F,&CB={REQUES

TID}

width="300" height="250" scrolling="no"

frameborder="0" marginheight="0"

marginwidth="0”

></iframe>

Missing

"


Why cocktail is more secure

Why Cocktail Is More Secure

  • Voting == Security

  • Withstand some F.P.

    • Only need 2 to proceed

  • Ext. to eliminatenon-determinism

  • Looks like a good oneActs like a good one It is one uncompromisedbrowser

Voting

Proxy

Ckt

Ext

Ckt

Ext

Ckt

Ext

DISPLAY


Implementation

Implementation


Using replicated execution for a more secure and reliable browser

  • The UI component is responsible for providing the interface between the user and Cocktail, routing user input to each replica, and voting on the display states of each replica.

  • The replica component maintains each browser replica, which all run in sandboxed environments.

  • The network component is responsible for handling network requests from the replicas and voting on network requests.


Using replicated execution for a more secure and reliable browser

  • UI replication

    • Recorder and re-player: Extension

    • Passing UI events across browsers: Proxy

  • UI Display capturing and voting

    • ImageMagick and OpenCV

  • Proxy

    • OpenSSL for MITM


Evaluation

Evaluation


Evaluation1

Evaluation

  • Security analysis

    • User interaction: CVE-2009-3076

    • Heap overflow: CVE-2009-2477

    • DOS attack: Firefox 3.0.4 DOS, April 2009

    • Same origin policy bypassing: CVE-2007-0981

  • Performance

    • 30% slower comparing to Firefox


Conclusion

Conclusion

  • Mixing different browsers for better security

    • Practical N-Version programming for browsers

    • Cocktail mirrors all inputs across the different browser replicas and votes on all outputs to withstand attacks

    • Our results showed that added little overhead to the page load latency times for the web sites we tested.


  • Login