1 / 24

Protecting Browsers from Extension Vulnerabilities

NDSS 2010 Adam Barth, University of California, Berkeley Adrienne Porter Felt , University of California, Berkeley Prateek Saxena , University of California, Berkeley Aaron Boodman , Google,Inc . Protecting Browsers from Extension Vulnerabilities. 張逸文. Outline. Introduction

idana
Download Presentation

Protecting Browsers from Extension Vulnerabilities

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. NDSS2010 Adam Barth, University of California, Berkeley Adrienne Porter Felt , University of California, Berkeley PrateekSaxena , University of California, Berkeley Aaron Boodman, Google,Inc. Protecting Browsers from Extension Vulnerabilities 張逸文

  2. Outline • Introduction • Firefox Extension System • Google Chrome Extension System • Performance • Conclusion

  3. Outline • Introduction • Extensions • Benign-but-buggy Extensions • Firefox Extension System • Google Chrome Extension System • Performance • Conclusion

  4. Introduction • 1/3 of Firefox users run at least 1 extension • Extend, modify and control browser behavior • Provide rich functionality and add features • Browser extensions differ from browser plug-ins • Extensions -- 使用瀏覽器的擴充介面,用來加強或增加瀏覽器功能的小程式 • Plug-ins -- 使用Netscape提供的NPAPI為介面,提供跨瀏覽器協力支援的程式。

  5. Introduction • Benign-but-buggy extensions • Extensions aren’t written by security experts • Extensions interact extensively with web sites • Firefox extensions run with the browser’s full privileges • An attacker can usurp the extension’s broad privileges

  6. Introduction • Attacking Example • R. S. Liverani and N. Freeman, “Abusing Firefox Extensions”, Defcon17, July 2009 • install a remote desktop server on the user’s machine

  7. Outline • Introduction • Firefox Extension System • Attacks on Extensions • Limiting Firefox Extension Privileges • Google Chrome Extension System • Performance • Conclusion

  8. Firefox Extension System • Attacks on Extensions • Cross-site Scripting • Replacing Native APIs • JavaScript Capability Leaks • Mixed Content • Firefoxextensions • Highprivilege • Richinteractionwithdistrustedwebcontent

  9. Firefox Extension System • Limiting Firefox Extension Privileges ?? • Review 25 Firefox extensionsfromthe13categories • Behavior: How much privilege does an extension need? • Implementation: How much privilege does an extension receive?

  10. Firefox Extension System • FirefoxSecuritySeverityRatings: • Critical • High • Medium • Low • None

  11. Firefox Extension System • Result • Only 3 need critical privileges • The other 22 extensions exhibit a privilege gap

  12. Firefox Extension System • Use the same interfaces

  13. Firefox Extension System

  14. Outline • Introduction • Firefox Extension System • Google Chrome Extension System • Least privilege • Privilege separation • Strong isolation • Performance • Conclusion

  15. Google Chrome Extension System • Least privilege • Explicitly requested in the extension’s manifest • Developers define privileges in manifest • Execute Arbitrary Code • Web Site Access • API Access

  16. Google Chrome Extension System

  17. Google Chrome Extension System • Privilege separation

  18. Google Chrome Extension System • Isolation Mechanisms • Extension identity -- a public key in the extension’s URL • Process Isolation -- run in different processes • IsolatedWorlds--ownJavaScriptobjects

  19. Google Chrome Extension System

  20. Outline • Introduction • Firefox Extension System • Google Chrome Extension System • Performance • Conclusion

  21. performance • Inter-component communication • Round-trip latency between content script & extension core: 0.8 ms • Isolated Worlds Mechanism • Add 33.3% overhead

  22. Outline • Introduction • Firefox Extension System • Google Chrome Extension System • Performance • Conclusion

  23. conclusion • Firefox extension system • Extensions are over-privileged • API needs to be tamed for least privilege • New extension system for Google Chrome • Developer encouraged to request few privileges • Extensions have a reduced attack surface

  24. 動動腦~ 一日,私塾裡大家都在讀經… 只有家家東張西望 老師問家家:妳為什麼不念呢? 因為家家有本難念的經

More Related