Establishing browser security guarantees through formal shim verification

Proceedings of the 21st USENIX Security Symposium

Volumn , Issue , 2012, Pages 113-128

  Jang, Dongseok ^a   Tatlock, Zachary ^a   Lerner, Sorin ^a  

^a UNIVERSITY OF CALIFORNIA   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

SPECIFICATIONS;

BROWSER SECURITY; NON INTERFERENCE; PRIVATE DATA; SECURITY PROPERTIES; UNDERLYING SYSTEMS;

WEB BROWSERS;

EID: 84901643478     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (44)

1. http://gallium.inria.fr/~dargaye/mlcompcert.html.
2. Chrome security hall of fame. http://dev.chromium.org/Home/chromium-security/hall-of-fame.
3. Public suffix list. http://publicsuffix.org/.
4. Pwn2own. http://en.wikipedia.org/wiki/Pwn2Own.
5. AKHAWE, D., BARTH, A., LAMY, P. E., MITCHELL, J., AND SONG, D. Towards a formal foundation of web security. In Proceedings of CSF 2010 (July 2010), M. Backes and A. Myers, Eds., IEEE Computer Society, pp. 290–304.
6. ANSEL, J., MARCHENKO, P., ERLINGSSON, Ú., TAYLOR, E., CHEN, B., SCHUFF, D. L., SEHR, D., BIFFLE, C., AND YEE, B. Language-independent sandboxing of just-in-time compilation and self-modifying code. In PLDI (2011), pp. 355–366.
7. BALL, T., MAJUMDAR, R., MILLSTEIN, T., AND RAJAMANI, S. K. Automatic predicate abstraction of C programs. In Proceedings of the ACM SIGPLAN 2001 Conference on Programming Language Design and Implementation (Snowbird, Utah, June 2001).
8. BARTH, A., JACKSON, C., AND MITCHELL, J. C. Robust defenses for cross-site request forgery. In ACM Conference on Computer and Communications Security (2008), pp. 75–88.
9. BARTH, A., JACKSON, C., AND MITCHELL, J. C. Robust defenses for cross-site request forgery. In To appear at the 15th ACM Conference on Computer and Communications Security (CCS 2008) (2008).
10. BARTH, A., JACKSON, C., REIS, C., AND THE GOOGLE CHROME TEAM. The security architecture of the Chromium browser. Tech. rep., Google, 2008.
11. BOHANNON, A., PIERCE, B. C., SJÖBERG, V., WEIRICH, S., AND ZDANCEWIC, S. Reactive noninterference. In Proceedings of the 16th ACM conference on Computer and communications security (2009).
12. CHEN, E. Y., BAU, J., REIS, C., BARTH, A., AND JACKSON, C. App isolation: get the security of multiple browsers with just one. In Proceedings of the 18th ACM conference on Computer and communications security (2011).
13. CHEN, S., MESEGUER, J., SASSE, R., WANG, H. J., AND MIN WANG, Y. A systematic approach to uncover security flaws in GUI logic. In IEEE Symposium on Security and Privacy (2007).
14. CHUGH, R., MEISTER, J. A., JHALA, R., AND LERNER, S. Staged information flow for javascript. In PLDI (2009).
15. COOK, B., PODELSKI, A., AND RYBALCHENKO, A. Terminator: Beyond safety. In CAV (2006).
16. DAS, M., LERNER, S., AND SEIGLE, M. ESP: Path-sensitive program verification in polynomial time. In PLDI (2002).
17. GRIER, C., TANG, S., AND KING, S. T. Secure web browsing with the OP web browser. In IEEE Symposium on Security and Privacy (2008).
18. HENZINGER, T. A., JHALA, R., MAJUMDAR, R., AND SUTRE, G. Lazy abstraction. In POPL (2002).
19. HOWELL, J., JACKSON, C., WANG, H. J., AND FAN, X. MashupOS: operating system abstractions for client mashups. In HotOS (2007).
20. HUANG, L.-S., WEINBERG, Z., EVANS, C., AND JACKSON, C. Protecting browsers from cross-origin css attacks. In ACM Conference on Computer and Communications Security (2010), pp. 619–629.
21. JACKSON, C., AND BARTH, A. Beware of finer-grained origins. In In Web 2.0 Security and Privacy (W2SP 2008) (May 2008).
22. JACKSON, C., BARTH, A., BORTZ, A., SHAO, W., AND BONEH, D. Protecting browsers from dns rebinding attacks. In ACM Conference on Computer and Communications Security (2007), pp. 421–431.
23. JANG, D., JHALA, R., LERNER, S., AND SHACHAM, H. An empirical study of privacy-violating information flows in JavaScript Web applications. In Proceedings of the ACM Conference Computer and Communications Security (CCS) (2010).
24. JANG, D., TATLOCK, Z., AND LERNER, S. Establishing browser security guarantees through formal shim verification. Tech. rep., UC San Diego, 2012.
25. JANG, D., VENKATARAMAN, A., SAWKA, G. M., AND SHACHAM, H. Analyzing the cross-domain policies of flash applications. In In Web 2.0 Security and Privacy (W2SP 2011) (May 2011).
26. JIM, T., SWAMY, N., AND HICKS, M. Defeating script injection attacks with browser-enforced embedded policies. In WWW (2007), pp. 601–610.
27. KLEIN, G., ELPHINSTONE, K., HEISER, G., ANDRONICK, J., COCK, D., DERRIN, P., ELKADUWE, D., ENGELHARDT, K., KOLANSKI, R., NORRISH, M., SEWELL, T., TUCH, H., AND WINWOOD, S. seL4: formal verification of an OS kernel. In SOSP (2009).
28. LEROY, X. Formal certification of a compiler back-end, or: programming a compiler with a proof assistant. In PLDI (2006).
29. MALECHA, G., MORRISETT, G., SHINNAR, A., AND WISNESKY, R. Toward a verified relational database management system. In POPL (2010).
30. MALECHA, G., MORRISETT, G., AND WISNESKY, R. Trace-based verification of imperative programs with I/O. J. Symb. Comput. 46 (February 2011), 95–118.
31. MICKENS, J., AND DHAWAN, M. Atlantis: robust, extensible execution environments for web applications. In SOSP (2011), pp. 217–231.
32. MORRISETT, G., TAN, G., TASSAROTTI, J., TRISTAN, J.-B., AND GAN, E. Rocksalt: Better, faster, stronger sfi for the x86. In PLDI (2012).
33. NANEVSKI, A., MORRISETT, G., AND BIRKEDAL, L. Polymorphism and separation in Hoare type theory. In ICFP (2006).
34. NANEVSKI, A., MORRISETT, G., SHINNAR, A., GOVEREAU, P., AND BIRKEDAL, L. Ynot: Dependent types for imperative programs. In ICFP (2008).
35. PROVOS, N., FRIEDL, M., AND HONEYMAN, P. Preventing privilege escalation. In Proceedings of the 12th conference on USENIX Security Symposium - Volume 12 (2003), USENIX Association.
36. RATANAWORABHAN, P., LIVSHITS, V. B., AND ZORN, B. G. Nozzle: A defense against heap-spraying code injection attacks. In USENIX Security Symposium (2009), pp. 169–186.
37. RUDERMAN, J. The same origin policy, 2001. http://www.mozilla.org/projects/security/ components/same-origin.html.
38. SAXENA, P., AKHAWE, D., HANNA, S., MAO, F., MCCAMANT, S., AND SONG, D. A symbolic execution framework for javascript. In IEEE Symposium on Security and Privacy (2010), pp. 513–528.
39. SINGH, K., MOSHCHUK, A., WANG, H. J., AND LEE, W. On the incoherencies in web browser access control policies. In IEEE Symposium on Security and Privacy (2010), pp. 463–478.
40. STAMM, S., STERNE, B., AND MARKHAM, G. Reining in the web with content security policy. In Proceedings of the 19th international conference on World wide web (2010), WWW’10, pp. 921–930.
41. TANG, S., MAI, H., AND KING, S. T. Trust and protection in the illinois browser operating system. In OSDI (2010), pp. 17–32.
42. WANG, H. J., GRIER, C., MOSHCHUK, A., KING, S. T., CHOUDHURY, P., AND VENTER, H. The multi-principal OS construction of the gazelle web browser. Tech. Rep. MSR-TR-2009-16, MSR, 2009.
43. YANG, X., CHEN, Y., EIDE, E., AND REGEHR, J. Finding and understanding bugs in C compilers. In PLDI (2011).
44. YU, D., CHANDER, A., ISLAM, N., AND SERIKOV, I. Javascript instrumentation for browser security. In POPL (2007), pp. 237–249.