BrowserShield
- 1 September 2007
- journal article
- Published by Association for Computing Machinery (ACM) in ACM Transactions on the Web
- Vol. 1 (3), 11
- https://doi.org/10.1145/1281480.1281481
Abstract
Vulnerability-driven filtering of network data can offer a fast and easy-to-deploy alternative or intermediary to software patching, as exemplified in Shield [Wang et al. 2004]. In this article, we take Shield's vision to a new domain, inspecting and cleansing not just static content, but also dynamic content. The dynamic content we target is the dynamic HTML in Web pages, which have become a popular vector for attacks. The key challenge in filtering dynamic HTML is that it is undecidable to statically determine whether an embedded script will exploit the browser at runtime. We avoid this undecidability problem by rewriting web pages and any embedded scripts into safe equivalents, inserting checks so that the filtering is done at runtime. The rewritten pages contain logic for recursively applying runtime checks to dynamically generated or modified web content, based on known vulnerabilities. We have built and evaluated BrowserShield , a general framework that performs this dynamic instrumentation of embedded scripts, and that admits policies for customized runtime actions like vulnerability-driven filtering. We also explore other applications on top of BrowserShield.Keywords
This publication has 14 references indexed in Scilit:
- Defeating script injection attacks with browser-enforced embedded policiesPublished by Association for Computing Machinery (ACM) ,2007
- JavaScript instrumentation for browser securityPublished by Association for Computing Machinery (ACM) ,2007
- Detecting past and present intrusions through vulnerability-specific predicatesPublished by Association for Computing Machinery (ACM) ,2005
- ShieldPublished by Association for Computing Machinery (ACM) ,2004
- Windows of vulnerability: a case study analysisComputer, 2000
- Design and implementation of a distributed virtual machine for networked computersPublished by Association for Computing Machinery (ACM) ,1999
- SASI enforcement of security policiesPublished by Association for Computing Machinery (ACM) ,1999
- The structure and performance of interpretersPublished by Association for Computing Machinery (ACM) ,1996
- Efficient software-based fault isolationPublished by Association for Computing Machinery (ACM) ,1993
- Interposition agentsPublished by Association for Computing Machinery (ACM) ,1993