the postman always rings twice: attacking and defending postmessage in html5websites
Post on 22-Feb-2016
86 Views
Preview:
DESCRIPTION
TRANSCRIPT
The Postman Always Rings Twice:Attacking and Defending
postMessage in HTML5WebsitesSooel Son and Vitaly ShmatikovThe University of Texas at Austin
20th NDSS Symposium(February 2013)
A Seminar at Advanced Defense Lab 2
IntroductionO Web browsers isolate content by on its origin.
O same origin policy
O Popular sites often include third-party content.O advertisementsO buttons for social recommendationsO …
O They need to communicate with each other.
2013/3/25
A Seminar at Advanced Defense Lab 3
HTML5O HTML5 includes the postMessage
facility that enables a script to send a message to a window regardless of their respective origins. [link]
2013/3/25
A Seminar at Advanced Defense Lab 4
postMessageO Sender (may be invoked by third-
party script)O window.postMessage(message, targetOrigin [, transfer ])
O Browser use targetOrigin to verify window
2013/3/25
A Seminar at Advanced Defense Lab 5
Message EventO The event listener may be registered
by third-party scriptO Some message event object members
O dataO origin
O The sender’s originO source
O It represents the WindowProxy of the browsing context of the Window object from which the message came
2013/3/25
A Seminar at Advanced Defense Lab 6
Two Problems about postMessage
O Senders need to specify targetOriginO Barth et al. USENIX Security 2008
O Recievers need to verify event.originO This paper
2013/3/25
top related