PathCutter : Severing the Self-Propagation Path of XSS JavaScript Worms in Social

PathCutter : Severing the Self-Propagation Path of XSS JavaScript Worms in Social www.phwiki.com

PathCutter : Severing the Self-Propagation Path of XSS JavaScript Worms in Social

Sirard, Jack, Contributing Writer has reference to this Academic Journal, PHwiki organized this Journal PathCutter: Severing the Self-Propagation Path of XSS JavaScript Worms in Social Web NetworksYinzhi Cao§, Vinod Yegneswaran†, Phillip Porras†, in addition to Yan Chen§§Northwestern Lab as long as Internet in addition to Security Technology, Northwestern University, Evanston, IL †SRI International, Menlo Park, CA1Social web networksPlat as long as ms where people share their perspectives, opinions, thoughts in addition to experiencesOSNs, Blogs, Social bookmarking etc.XSS worm threat is severe.First worm: MySpace Samy (2005)More in addition to more prevalent: Renren, Yamanner, etc.Akin to virus: human need to visit infected pagesCharacteristic: Fast spreadingIn this paper, Target: Prevent XSS worm propagationMethod: View separation & Request authenticationIntroductionNumber of infected clients after 20 hours (Social Networks’ XSS Worms, Faghani et al.)2RoadmapIntroductionBackgroundAttack StepsXSS TaxonomyRelated WorkOur ApproachImplementationEvaluation3

University of Rhode Island RI www.phwiki.com

This Particular University is Related to this Particular Journal

BackgroundStep 1 – Enticement in addition to ExploitationStep 2 – Privilege EscalationStep 3 – ReplicationStep 4 – PropagationDownloadModify benign user’s accountGet infectedBenign UserRepeat ProcessOther Users4XSS AttacksServer-side XSSContentSniffingXSSStored XSSReflected XSSClient-side XSSPlugin XSSDOM-basedXSSFlash XSSJava XSSMySpace Samy WormYamanner WormRenren WormSpaceFlash WormOur ExperimentalWormXSS Taxonomy5Related WorkGroup one: Prevent XSS vulnerabilitiesIncomplete coverage (BluePrint, Plug-in Patches, Barth et al., in addition to Saxena et al.)Group two: Prevent XSS wormsNo early-stage prevention (Spectator in addition to Xu et al.)Not resistant to polymorphic worm (Sun et al.)Our goal: Prevent all the XSS worms with early-stage prevention in addition to resistance to polymorphic worms6

Our ApproachTwo key concepts: (1) request authentication in addition to (2) view separationDownloadSamy’s pageModify benign user’s accountBenign UserAccessWe use request authentication.View separation is always en as long as ced.7For example, blog A, blog B, blog C in addition to so on.Or more fine-grained, different pages in the same blog.Isolating contents from the same originiframe tag with s in addition to box properties in HTML5Pseudodomain encapsulation (mentioned later)View SeparationView OneView Two8Request AuthenticationFor example, requests from blog A does not have permissions to modify blog BIdentifying which view a client-side request is from.Secret tokenReferer headerCheck if the view has the permission9

Our ApproachDownloadView OneModify benign user’s accountBenign UserAccessView one does not have the permission.Isolating views at client side.View TwoIdentify that it is from View One. If we cannot identify, deny.10RoadmapIntroductionBackgroundRelated WorkOur ApproachImplementationImplementation One (Server Modification)Implementation Two (Proxy)EvaluationCase Study of Five Real-world Worms in addition to Two Experimental Worms (only two covered in the talk)Per as long as mance11 Implementation One (Server Modification)Prototype examples: WordPress, ElggDividing views: by blogsPermissions as long as different views: can only modify its own blog.12

View Isolation as long as Server ModificationIsolating views at client side.Pseudodomain encapsulation.isolate.x.comcontent.x.comisolate.x.comcontent.x.comattackercontent.x.comIt cannot break isolate.x.com (different origin).Secret token is required.13 Request Authentication as long as Server ModificationIdentifying requests from client-sideSecret tokenInsertion position: Each request that will modify server-side contents.Checking requests’ permissionChecking position: Database operation. (A narrow interface that each modifying request will go through.)14 Implementation Two (Proxy)Dividing views: by different client-side URLs.Permissions as long as different views: Possible outgoing post URL from those URLs15

View Isolation as long as ProxyIsolating views at client sideThe same as implementation one.Request content.x.com/y.phpisolate.x.com