the postman always rings twice: attacking and defending postmessage in html5websites
DESCRIPTION
The Postman Always Rings Twice: Attacking and Defending postMessage in HTML5Websites. Sooel Son and Vitaly Shmatikov The University of Texas at Austin 20 th NDSS Symposium (February 2013). Introduction. Web browsers isolate content by on its origin . same origin policy - PowerPoint PPT PresentationTRANSCRIPT
The Postman Always Rings Twice:Attacking and Defending
postMessage in HTML5WebsitesSooel Son and Vitaly ShmatikovThe University of Texas at Austin
20th NDSS Symposium(February 2013)
A Seminar at Advanced Defense Lab 2
IntroductionO Web browsers isolate content by on its origin.
O same origin policy
O Popular sites often include third-party content.O advertisementsO buttons for social recommendationsO …
O They need to communicate with each other.
2013/3/25
A Seminar at Advanced Defense Lab 3
HTML5O HTML5 includes the postMessage
facility that enables a script to send a message to a window regardless of their respective origins. [link]
2013/3/25
A Seminar at Advanced Defense Lab 4
postMessageO Sender (may be invoked by third-
party script)O window.postMessage(message, targetOrigin [, transfer ])
O Browser use targetOrigin to verify window
2013/3/25
A Seminar at Advanced Defense Lab 5
Message EventO The event listener may be registered
by third-party scriptO Some message event object members
O dataO origin
O The sender’s originO source
O It represents the WindowProxy of the browsing context of the Window object from which the message came
2013/3/25
A Seminar at Advanced Defense Lab 6
Two Problems about postMessage
O Senders need to specify targetOriginO Barth et al. USENIX Security 2008
O Recievers need to verify event.originO This paper
2013/3/25