Cross-Origin JavaScript Capability Leaks: Detection, Exploitation, and Defense
Cached
Download Links
- [www.adambarth.com]
- [www.adambarth.org]
- [www.usenix.org]
- [www.eecs.berkeley.edu]
- [nslab.kaist.ac.kr]
- [www.usenix.org]
- [www.cs.berkeley.edu]
- [www.cs.berkeley.edu]
- [www.usenix.org]
- [www.usenix.org]
- [www.usenix.org]
- [www.usenix.org]
- [static.usenix.org]
- [static.usenix.org]
- [www.joelweinberger.us:443]
- [pdg.lbl.gov]
| Citations: | 27 - 4 self |
BibTeX
@MISC{Barth_cross-originjavascript,
author = {Adam Barth and Joel Weinberger and Dawn Song},
title = {Cross-Origin JavaScript Capability Leaks: Detection, Exploitation, and Defense},
year = {}
}
Share
 |
 |
 |
 |
||
OpenURL
Abstract
We identify a class of Web browser implementation vulnerabilities, cross-origin JavaScript capability leaks, which occur when the browser leaks a JavaScript pointer from one security origin to another. We devise an algorithm for detecting these vulnerabilities by monitoring the “points-to ” relation of the JavaScript heap. Our algorithm finds a number of new vulnerabilities in the opensource WebKit browser engine used by Safari. We propose an approach to mitigate this class of vulnerabilities by adding access control checks to browser JavaScript engines. These access control checks are backwardscompatible because they do not alter semantics of the Web platform. Through an application of the inline cache, we implement these checks with an overhead of 1–2 % on industry-standard benchmarks. 1
Keyphrases
cross-origin javascript capability leak implementation vulnerability javascript pointer industry-standard benchmark points-to relation javascript heap access control new vulnerability javascript engine web platform security origin inline cache opensource webkit browser engine access control check
