BrowserShield: vulnerability-driven filtering of dynamic HTML
作者: Opher Dubrovsky , Saher Esmeir , John Dunagan , Helen J. Wang , Charles Reis
关键词: Exploit 、 Web page 、 Programming language 、 Scripting language 、 Dynamic web page 、 Static web page 、 Dynamic HTML 、 Client-side scripting 、 Computer science 、 Web content
摘要: Vulnerability-driven filtering of network data can offer a fast and easy-to-deploy alternative or intermediary to software patching, as exemplified in Shield [43]. In this paper, we take Shield's vision new domain, inspecting cleansing not just static content, but also dynamic content. The content target is the HTML web pages, which have become popular vector for attacks. key challenge that it undecidable statically determine whether an embedded script will exploit browser at run-time. We avoid undecidability problem by rewriting pages any scripts into safe equivalents, inserting checks so done rewritten contain logic recursively applying run-time dynamically generated modified based on known vulnerabilities. built evaluated BrowserShield, system performs instrumentation scripts, admits policies customized actions like vulnerability-driven filtering.
acm.org
sci-hub.st 参考文章(30)
Eric A. Brewer, David Wagner, Ian Goldberg, Randi Thomas, A secure environment for untrusted helper applications confining the Wily Hacker usenix security symposium. pp. 1- 1 ,(1996)
Brad Karp, Hyang-Ah Kim, Autograph: toward automated, distributed worm signature detection usenix security symposium. pp. 19- 19 ,(2004)
David Mazières, Eric Freudenthal, Michael J. Freedman, Democratizing content publication with coral networked systems design and implementation. pp. 18- 18 ,(2004)
Tal Garfinkel, Traps and Pitfalls: Practical Problems in System Call Interposition Based Security Tools. network and distributed system security symposium. ,(2003)
Ilya Bagrak, Gautam Altekar, Paul Burstein, Andrew Schultz, OPUS: online patches and updates for security usenix security symposium. pp. 19- 19 ,(2005)
David Martin, Andrew Schulman, Deanonymizing Users of the SafeWeb Anonymizing Service usenix security symposium. pp. 123- 137 ,(2002)
Cristian Estan, George Varghese, Stefan Savage, Sumeet Singh, Automated worm fingerprinting operating systems design and implementation. pp. 4- 4 ,(2004)
Tal Garfinkel, Mendel Rosenblum, Ben Pfaff, Ostia: A Delegating Architecture for Secure System Call Interposition. network and distributed system security symposium. ,(2004)
Alec Wolman, Dennis Lee, Geoff Voelker, Wayne Wong, Brad Chen, Ted Romer, Hank Levy, Brian Bershad, Instrumentation and optimization of Win32/intel executables using Etch usenix windows nt workshop. pp. 1- 1 ,(1997)
J. McHugh, W.L. Fithen, W.A. Arbaugh, Windows of vulnerability: a case study analysis IEEE Computer. ,vol. 33, pp. 52- 59 ,(2000) , 10.1109/2.889093