User-Behavior Based Detection of Infection Onset

A major vector of computer infection is through exploiting software or design flaws in networked applications such as the browser. Malicious code can be fetched and executed on a victim’s machine without the user’s permission, as in drive-by download (DBD) attacks. In this paper, we describe a new tool called DeWare for detecting the onset of infection delivered through vulnerable applications. DeWare explores and enforces causal relationships between computer-related human behaviors and system properties, such as file-system access and process execution. Our tool can be used to provide real time protection of a personal computer, as well as for diagnosing and evaluating untrusted websites for forensic purposes. Besides the concrete DBD detection solution, we also formally define causal relationships between user actions and system events on a host. Identifying and enforcing correct causal relationships have important applications in realizing advanced and secure operating systems. We perform extensive experimental evaluation, including a user study with 21 participants, thousands of legitimate websites (for testing false alarms), as well as 84 malicious websites in the wild. Our results show that DeWare is able to correctly distinguish legitimate download events from unauthorized system events with a low false positive rate (< 1%)

Fine-Grained Access Control for HTML5-Based Mobile Applications in Android

HTML5-based mobile applications are becoming more and more popular because they can run on different platforms. Several newly introduced mobile OS natively support HTML5-based applications. For those that do not provide native sup-port, such as Android, iOS, and Windows Phone, developers can develop HTML5-based applications using middlewares, such as PhoneGap [17]. In these platforms, programs are loaded into a web component, called WebView, which can render HTML5 pages and execute JavaScript code. In order for the program to access the system resources, which are isolated from the content inside WebView due to its sand-box, bridges need to be built between JavaScript and the native code (e.g. Java code in Android). Unfortunately, such bridges break the existing protection that was origi-nally built into WebView. In this paper, we study the potential risks of HTML5-based applications, and investigate how the existing mobile systems ’ access control supports these applications. We fo-cus on Android and the PhoneGap middleware. However, our ideas can be applied to other platforms. Our studies indicate that Android does not provide an adequate access control for this kind of applications. We propose a fine-grained access control mechanism for the bridge in Android system. We have implemented our scheme in Android and have evaluated its effectiveness and performance. 1

How to run POSIX apps in a minimal picoprocess

Abstract We envision a future where Web, mobile, and desktop applications are delivered as isolated, complete software stacks to a minimal, secure client host. This shift imbues app vendors with full autonomy to maintain their apps&apos; integrity. Achieving this goal requires shifting complex behavior out of the client platform and into the vendors&apos; isolated apps. We ported rich, interactive POSIX apps, such as Gimp and Inkscape, to a spartan host platform. We describe this effort in sufficient detail to support reproducibility

How to run POSIX apps in a minimal picoprocess

Abstract We envision a future where Web, mobile, and desktop applications are delivered as isolated, complete software stacks to a minimal, secure client host. This shift imbues app vendors with full autonomy to maintain their apps&apos; integrity. Achieving this goal requires shifting complexity out of the client platform and replacing the required behavior inside the vendors&apos; isolated apps. We ported rich, interactive POSIX apps, such as Gimp and Inkscape, to a spartan host platform. We describe this effort in sufficient detail to support reproducibility

How to run POSIX apps in a minimal picoprocess

Abstract We envision a future where Web, mobile, and desktop applications are delivered as isolated, complete software stacks to a minimal, secure client host. This shift imbues app vendors with full autonomy to maintain their apps&apos; integrity. Achieving this goal requires shifting complex behavior out of the client platform and into the vendors&apos; isolated apps. We ported rich, interactive POSIX apps, such as Gimp and Inkscape, to a spartan host platform. We describe this effort in sufficient detail to support reproducibility

Block-scoped access restriction technique for HTML content in web browsers

Web sites, web browsers, web site authors, web component authors, and end users interact in a complicated environment with many recognized and unrecognized trust relationships. The web browser is the arena in which many important trust relationships interact, thus it bears a considerable burden in protecting the interests and security of web end users as well as web site authors. Existing proposals, draft standards, implemented features, and web application techniques go a long way towards allowing rich and compelling content interactions, but they do not provide for rich, mutually-distrusting content to be safely embedded in a single page. This proposal suggests a declarative policy mechanism that permits untrusted content to be safely embedded in a web site while still retaining some richness. It also suggests a policy integration approach to allow multiple cooperative (but not necessarily trusting) parties to provide components of a policy that combine together in a safe manner. It incorporates techniques including fine-grained and coarse-grained permission dropping and white-listing protections for retained capabilities. Finally, the proposed concepts are applied to a number of real-world CVE vulnerabilities, and it is explained how the proposal does or does not prevent or mitigate the attack. The solution is shown to be effective against cross-style-scripting style attacks, and to not be effective at preventing incoming cross-site request forgery attacks

Speeding Up Mobile Browsers without Infrastructure Support

Mobile browsers are known to be slow. We characterize the performance of mobile browsers and find out that resource loading is the bottleneck. Leveraging an unprecedented set of web usage data collected from 24 iPhone users continuously over one year, we examine the three fundamental, orthogonal approaches to improve resource loading without infrastructure support: caching, prefetching, and speculative loading, which is first proposed and studied in this work. Speculative loading predicts and speculatively loads the subresources needed to open a webpage once its URL is given. We show that while caching and prefetching are highly limited for mobile browsing, speculative loading can be significantly more effective. Empirically, we show that client-only solutions can improve the browser speed by 1.4 seconds on average. We also report the design, realization, and evaluation of speculative loading in a WebKit-based browser called Tempo. On average, Tempo can reduce browser delay by 1 second (~20%)

Mashic compiler: Mashup sandboxing based on inter-frame communication

International audienceMashups are a prevailing kind of web applications integrating external gadget APIs often written in the JavaScript programming language. Writing secure mashups is a challenging task due to the heterogeneity of existing gadget APIs, the privileges granted to gadgets during mashup executions, and JavaScript's highly dynamic environment. We propose a new compiler , called Mashic, for the automatic generation of secure JavaScript-based mashups from existing mashup code. The Mashic compiler can effortlessly be applied to existing mashups based on a wide-range of gadget APIs. It offers security and correct-ness guarantees. Security is achieved via the Same Origin Policy. Correctness is ensured in the presence of benign gadgets, that satisfy confidentiality and integrity constrains with regard to the integrator code. The compiler has been successfully applied to real world mashups based on Google maps, Bing maps, YouTube, and Zwibbler APIs