protecting browsers from extension vulnerabilities
DESCRIPTION
NDSS 2010 Adam Barth, University of California, Berkeley Adrienne Porter Felt , University of California, Berkeley Prateek Saxena , University of California, Berkeley Aaron Boodman , Google,Inc . Protecting Browsers from Extension Vulnerabilities. 張逸文. Outline. Introduction - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Protecting Browsers from Extension Vulnerabilities](https://reader036.vdocuments.site/reader036/viewer/2022062501/5681682f550346895dddd467/html5/thumbnails/1.jpg)
張逸文
PROTECTING BROWSERS FROM EXTENSION VULNERABILITIES
NDSS 2010Adam Barth, University of California, BerkeleyAdrienne Porter Felt , University of California, BerkeleyPrateek Saxena , University of California, BerkeleyAaron Boodman, Google,Inc.
![Page 2: Protecting Browsers from Extension Vulnerabilities](https://reader036.vdocuments.site/reader036/viewer/2022062501/5681682f550346895dddd467/html5/thumbnails/2.jpg)
2 OUTLINE
Introduction
Firefox Extension System
Google Chrome Extension System
Performance
Conclusion
![Page 3: Protecting Browsers from Extension Vulnerabilities](https://reader036.vdocuments.site/reader036/viewer/2022062501/5681682f550346895dddd467/html5/thumbnails/3.jpg)
3 OUTLINE
Introduction
Extensions
Benign-but-buggy Extensions
Firefox Extension System
Google Chrome Extension System
Performance
Conclusion
![Page 4: Protecting Browsers from Extension Vulnerabilities](https://reader036.vdocuments.site/reader036/viewer/2022062501/5681682f550346895dddd467/html5/thumbnails/4.jpg)
4 INTRODUCTION
1/3 of Firefox users run at least 1 extension
Extend, modify and control browser behavior
Provide rich functionality and add features
Browser extensions differ from browser plug-ins
Extensions -- 使用瀏覽器的擴充介面,用來加強或增加瀏覽器功能的小程式 Plug-ins -- 使用 Netscape提供的 NPAPI為介面,提供跨瀏覽器協力支援的程式。
![Page 5: Protecting Browsers from Extension Vulnerabilities](https://reader036.vdocuments.site/reader036/viewer/2022062501/5681682f550346895dddd467/html5/thumbnails/5.jpg)
5 INTRODUCTION
Benign-but-buggy extensions
Extensions aren’t written by security experts
Extensions interact extensively with web sites
Firefox extensions run with the browser’s full privileges
An attacker can usurp the extension’s broad privileges
![Page 6: Protecting Browsers from Extension Vulnerabilities](https://reader036.vdocuments.site/reader036/viewer/2022062501/5681682f550346895dddd467/html5/thumbnails/6.jpg)
6 INTRODUCTION
Attacking Example
R. S. Liverani and N. Freeman, “Abusing Firefox Extensions”, Defcon17, July 2009
install a remote desktop server on the user’s machine
![Page 7: Protecting Browsers from Extension Vulnerabilities](https://reader036.vdocuments.site/reader036/viewer/2022062501/5681682f550346895dddd467/html5/thumbnails/7.jpg)
7 OUTLINE
Introduction
Firefox Extension System
Attacks on Extensions
Limiting Firefox Extension Privileges
Google Chrome Extension System
Performance
Conclusion
![Page 8: Protecting Browsers from Extension Vulnerabilities](https://reader036.vdocuments.site/reader036/viewer/2022062501/5681682f550346895dddd467/html5/thumbnails/8.jpg)
8FIREFOX EXTENSION
SYSTEM
Attacks on Extensions
1. Cross-site Scripting
2. Replacing Native APIs
3. JavaScript Capability Leaks
4. Mixed Content
Firefox extensions
High privilege
Rich interaction with distrusted web content
![Page 9: Protecting Browsers from Extension Vulnerabilities](https://reader036.vdocuments.site/reader036/viewer/2022062501/5681682f550346895dddd467/html5/thumbnails/9.jpg)
9FIREFOX EXTENSION
SYSTEM
Limiting Firefox Extension Privileges ??
Review 25 Firefox extensions from the 13 categories
Behavior: How much privilege does an extension need?
Implementation: How much privilege does an extension receive?
![Page 10: Protecting Browsers from Extension Vulnerabilities](https://reader036.vdocuments.site/reader036/viewer/2022062501/5681682f550346895dddd467/html5/thumbnails/10.jpg)
10FIREFOX EXTENSION
SYSTEM
Firefox Security Severity Ratings:
Critical
High
Medium
Low
None
![Page 11: Protecting Browsers from Extension Vulnerabilities](https://reader036.vdocuments.site/reader036/viewer/2022062501/5681682f550346895dddd467/html5/thumbnails/11.jpg)
11FIREFOX EXTENSION
SYSTEM
Result
Only 3 need critical privileges
The other 22 extensions exhibit a privilege gap
![Page 12: Protecting Browsers from Extension Vulnerabilities](https://reader036.vdocuments.site/reader036/viewer/2022062501/5681682f550346895dddd467/html5/thumbnails/12.jpg)
12FIREFOX EXTENSION
SYSTEM
Use the same interfaces
![Page 13: Protecting Browsers from Extension Vulnerabilities](https://reader036.vdocuments.site/reader036/viewer/2022062501/5681682f550346895dddd467/html5/thumbnails/13.jpg)
13FIREFOX EXTENSION
SYSTEM
![Page 14: Protecting Browsers from Extension Vulnerabilities](https://reader036.vdocuments.site/reader036/viewer/2022062501/5681682f550346895dddd467/html5/thumbnails/14.jpg)
14 OUTLINE
Introduction
Firefox Extension System
Google Chrome Extension System
Least privilege
Privilege separation
Strong isolation
Performance
Conclusion
![Page 15: Protecting Browsers from Extension Vulnerabilities](https://reader036.vdocuments.site/reader036/viewer/2022062501/5681682f550346895dddd467/html5/thumbnails/15.jpg)
15GOOGLE CHROME
EXTENSION SYSTEM
Least privilege Explicitly requested in the extension’s manifest Developers define privileges in manifest
Execute Arbitrary Code
Web Site Access
API Access
![Page 16: Protecting Browsers from Extension Vulnerabilities](https://reader036.vdocuments.site/reader036/viewer/2022062501/5681682f550346895dddd467/html5/thumbnails/16.jpg)
16GOOGLE CHROME
EXTENSION SYSTEM
![Page 17: Protecting Browsers from Extension Vulnerabilities](https://reader036.vdocuments.site/reader036/viewer/2022062501/5681682f550346895dddd467/html5/thumbnails/17.jpg)
17GOOGLE CHROME
EXTENSION SYSTEM
Privilege separation
![Page 18: Protecting Browsers from Extension Vulnerabilities](https://reader036.vdocuments.site/reader036/viewer/2022062501/5681682f550346895dddd467/html5/thumbnails/18.jpg)
18GOOGLE CHROME
EXTENSION SYSTEM
Isolation Mechanisms
Extension identity -- a public key in the extension’s URL
Process Isolation -- run in different processes
Isolated Worlds -- own JavaScript objects
![Page 19: Protecting Browsers from Extension Vulnerabilities](https://reader036.vdocuments.site/reader036/viewer/2022062501/5681682f550346895dddd467/html5/thumbnails/19.jpg)
19GOOGLE CHROME
EXTENSION SYSTEM
![Page 20: Protecting Browsers from Extension Vulnerabilities](https://reader036.vdocuments.site/reader036/viewer/2022062501/5681682f550346895dddd467/html5/thumbnails/20.jpg)
20 OUTLINE
Introduction
Firefox Extension System
Google Chrome Extension System
Performance
Conclusion
![Page 21: Protecting Browsers from Extension Vulnerabilities](https://reader036.vdocuments.site/reader036/viewer/2022062501/5681682f550346895dddd467/html5/thumbnails/21.jpg)
21 PERFORMANCE
Inter-component communication Round-trip latency between content script & extension
core: 0.8 ms
Isolated Worlds Mechanism
Add 33.3% overhead
![Page 22: Protecting Browsers from Extension Vulnerabilities](https://reader036.vdocuments.site/reader036/viewer/2022062501/5681682f550346895dddd467/html5/thumbnails/22.jpg)
22 OUTLINE
Introduction
Firefox Extension System
Google Chrome Extension System
Performance
Conclusion
![Page 23: Protecting Browsers from Extension Vulnerabilities](https://reader036.vdocuments.site/reader036/viewer/2022062501/5681682f550346895dddd467/html5/thumbnails/23.jpg)
23 CONCLUSION
Firefox extension system
Extensions are over-privileged
API needs to be tamed for least privilege
New extension system for Google Chrome
Developer encouraged to request few privileges
Extensions have a reduced attack surface
![Page 24: Protecting Browsers from Extension Vulnerabilities](https://reader036.vdocuments.site/reader036/viewer/2022062501/5681682f550346895dddd467/html5/thumbnails/24.jpg)
24 動動腦 ~
一日,私塾裡大家都在讀經…只有家家東張西望
老師問家家 :妳為什麼不念呢 ?
因為家家有本難念的經