Rethinking Security of Web-Based System Applications

Abstract

Many modern desktop and mobile platforms, including Ubuntu, Google Chrome, Windows, and Firefox OS, support so called Web-based system applications that run outside the Web browser and enjoy direct access to native objects such as files, camera, and ge-olocation. We show that the access-control models of these plat-forms are (a) incompatible and (b) prone to unintended delega-tion of native-access rights: when applications request native ac-cess for their own code, they unintentionally enable it for untrusted third-party code, too. This enables malicious ads and other third-party content to steal users ’ OAuth authentication credentials, ac-cess camera on their devices, etc. We then design, implement, and evaluate POWERGATE, a new access-control mechanism for Web-based system applications. It solves two key problems plaguing all existing platforms: security and consistency. First, unlike the existing platforms, POWERGATE correctly protects native objects from unauthorized access. Second, POWERGATE provides uniform access-control semantics across all platforms and is 100 % backward compatible. POWERGATE en-ables application developers to write well-defined native-object ac-cess policies with explicit principals such as “application’s own lo-cal code ” and “third-party Web code, ” is easy to configure, and incurs negligible performance overhead