iceshield detection and mitigation of malicious websites with a frozen dom
Download
Skip this Video
Download Presentation
IceShield : Detection and Mitigation of Malicious Websites with a Frozen DOM

Loading in 2 Seconds...

play fullscreen
1 / 35

IceShield : Detection and Mitigation of Malicious Websites with a Frozen DOM - PowerPoint PPT Presentation


  • 109 Views
  • Uploaded on

IceShield : Detection and Mitigation of Malicious Websites with a Frozen DOM. Mario Heiderich , Tilman Frosch , Thorsten Holz Ruhr-University Bochum, Germany 14 th RAID Symposium (September, 2011). Outline. Introduction Related Work Design Overview System Implementation Evaluation

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'IceShield : Detection and Mitigation of Malicious Websites with a Frozen DOM' - doyle


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
iceshield detection and mitigation of malicious websites with a frozen dom

IceShield: Detection and Mitigation of Malicious Websites with a Frozen DOM

Mario Heiderich, TilmanFrosch, Thorsten Holz

Ruhr-University Bochum, Germany

14th RAID Symposium (September, 2011)

outline
Outline
  • Introduction
  • Related Work
  • Design Overview
  • System Implementation
  • Evaluation
  • Limitations

A Seminar at Advanced Defense Lab

introduction
Introduction
  • There are many different kinds of threats and attack vectors against current browsers.
    • Drive-by-Download attacks
    • Cross-Site Scripting (XSS)
    • Clickjacking

A Seminar at Advanced Defense Lab

a reason
A Reason
  • The root cause of this problem is the fact that an attacker can compromise the integrity of almost all DOM properties of a website by injecting malicious JavaScript code.

A Seminar at Advanced Defense Lab

in this paper
In This Paper
  • We introduce IceShield, a novel approach to perform light-weight instrumentation of JavaScript, detecting a diverse set of attacks against the DOM tree.

A Seminar at Advanced Defense Lab

related work
Related Work

A Seminar at Advanced Defense Lab

design overview
Design Overview
  • We assume that almost every JavaScript based attack will have to use native methods at some point in order to prepare necessary data structures.
    • Heap spray
    • JIT spray

A Seminar at Advanced Defense Lab

challenge
Challenge
  • An attacker can render any signature based malware detection lacking advanced de-obfuscation routines useless.

A Seminar at Advanced Defense Lab

basic idea
Basic Idea
  • We do not rely on any form of static code analysis.
  • We instrument objects and functions dynamically, and providing an execution context in which we can analyze their behavior.

A Seminar at Advanced Defense Lab

system implementation
System Implementation
  • Our heuristics are based on a manual analysis of current attacks, and we tried to generalize the heuristics such that they are capable of detecting a wide variety of attacks.

A Seminar at Advanced Defense Lab

current heuristics
Current Heuristics
  • External domain injection
    • ,