Architectural Vulnerabilities in Plug-and-Play Systems

Plug-and-play architectures enhance systems’ extensibility by providing a framework that enables additional functionalities to be added or removed from the system at their runtime. Such frameworks are often implemented through a set of well-defined interfaces that form the extension points for the pluggable functionalities. However, the plug-ins can increase the applications attack surface or introduce untrusted behavior into the system. Designing a secure plug-and-play architecture is critical and non-trivial as the features provided by plug-ins are not known in advance. In this paper, we conduct an in-depth study of seven systems with plug-and-play architectures. In total, we have analyzed 3,183 vulnerabilities from Chromium, Thunderbird, Firefox, Pidgin, WordPress, Apache OfBiz, and OpenMRS whose core architecture is based on a plug-and-play approach. We have also identified the common security vulnerabilities related to the plug-and-play architectures, and mechanisms to mitigate them by following a grounded theory approach. We found a total of 303 vulnerabilities that are rooted in extensibility design decisions. We also observed that these plugin-related vulnerabilities were caused by 15 different types of problems. We present these 15 types of security issues observed in the case studies and the design mechanisms that could prevent such vulnerabilities. Finally, as a result of this study, we have used formal modeling in order to guide developers of plug and play systems in verifying that their architectures are free of many of these types of security issues

Ingeniería de artefactos de aumentación web basada en crowdsourcing

Esta tesis doctoral propone, desde un punto de vista ingenieril, el involucramiento de todos los actores (usuarios finales, desarrolladores, dueños de sitios webs) en el proceso de construcción de los artefactos de Aumentación Web por usuarios finales. Esto es, a través de un proceso basado en el crowdsourcing de sus actividades, se provee a la masa de usuarios la posibilidad de delegar a la propia masa, distintas actividades que abarcan desde la elicitación y la definición de los requerimientos de aumentación, hasta la construcción, el testeo, la distribución y el mantenimiento de los artefactos de Aumentación Web obtenidos; en el marco de un proceso que provee la integración de los actores y fundamentalmente, de los artefactos de aumentación con los sitios webs aumentados. Este proceso fue denominado CrowdMock. CrowdMock involucra activamente tanto a los dueños de los sitios webs, como a los desarrolladores y a los usuarios finales de los artefactos de aumentación. La masa de usuarios podrá descubrir y definir sus propios requerimientos, haciendo uso de herramientas provistas para ese objetivo, al tiempo que los usuarios con habilidades de programación (los desarrolladores), podrán completar las definiciones iniciales de los artefactos de aumentación que son originalmente derivadas de los requerimientos. Los dueños de los sitios webs, tendrán oportunidad de certificar/aprobar estos artefactos de aumentación, para finalmente distribuirlos a todos los usuarios que navegan dichos sitios, proveyéndoles la oportunidad de ejecutarlos e incluso involucrarse activamente en su mantenimiento en relación a las referencias DEOI (DOM Element Of Interest) que pudieran fallar durante su uso.Facultad de Informátic

Configurable and Sound Static Analysis of JavaScript: Techniques and Applications

JavaScript is widespread. Web developers use JavaScript to enrich user experience via dynamic content ranging from scripts to enhance a web page's appearance, to full-blown web applications, to extending the functionality of web browsers in the form of browser addons. Desktop developers use JavaScript, e.g., for OS applications in Windows 8. JavaScript's growing prominence means that secure, correct, and fast JavaScript code is becoming ever more critical. Static analysis traditionally plays a large role in providing these characteristics: it can be used for security auditing, error-checking, debugging, optimization, and program refactoring, among other uses. Thus, a sound, precise static analysis platform for JavaScript can be of enormous advantage.In this thesis, we present our work on creating a sound, precise, configurable and fast static analysis for JavaScript called JSAI that we have made openly available to the research community. JSAI is both a practical tool for JavaScript static analysis and also a research platform for experimenting with static analysis techniques. JSAI showcases a number of novel techniques to soundly compute a combination of type inference, pointer analysis, control-flow analysis, string analysis, and integer and boolean constant propagation for JavaScript programs. It also provides a unique method for modularly configuring analysis precision that is based on fundamental new insights into the theory of static analysis. We describe precision-increasing techniques for the analysis using type refinement; and performance-increasing techniques for the analysis based on parallelization of JSAI. As an example use-case for JSAI, we discuss a novel security analysis for JavaScript-based browser addon vetting

An Analysis of the Mozilla Jetpack Extension Framework

Abstract. The Jetpack framework is Mozilla’s newly-introduced extension development technology. Motivated primarily by the need to improve how scriptable extensions (also called addons in Firefox parlance) are developed, the Jetpack framework structures addons as a collection of modules. Modules are isolated from each other, and communicate with other modules via cleanly-defined interfaces. Jetpack also recommends that each module satisfy the principle of least authority (POLA). The overall goal of the Jetpack framework is to ensure that the effects of any vulnerabilities are contained within a module. Its modular structure also facilitates code reuse across addons. In this paper, we study the extent to which the Jetpack framework achieves its goals. Specifically, we use static analysis to study capability leaks in Jetpack modules and addons. We implemented Beacon, a static analysis tool to identify the leaks and used it to analyze 77 core modules from the Jetpack framework and another 359 Jetpack addons. In total, Beacon analyzed over 600 Jetpack modules and detected 12 capability leaks in 4 core modules and another 24 capability leaks in 7 Jetpack addons. Beacon also detected 10 over-privileged core modules. We have shared the details with Mozilla who have acknowledged our findings.