jsproxy: safety from javascript benjamin prosnitz, tang yi, yinzhi cao
TRANSCRIPT
![Page 1: JSProxy: Safety from Javascript Benjamin Prosnitz, Tang Yi, Yinzhi Cao](https://reader035.vdocuments.mx/reader035/viewer/2022062801/56649e725503460f94b70bd6/html5/thumbnails/1.jpg)
JSProxy: Safety from JavascriptBenjamin Prosnitz,Tang Yi,Yinzhi Cao
![Page 2: JSProxy: Safety from Javascript Benjamin Prosnitz, Tang Yi, Yinzhi Cao](https://reader035.vdocuments.mx/reader035/viewer/2022062801/56649e725503460f94b70bd6/html5/thumbnails/2.jpg)
Motivation
•Most web attacks today are performed through JavaScript▫Vulnerabilities in the execution engine▫Invocations of vulnerable plug-in code
![Page 3: JSProxy: Safety from Javascript Benjamin Prosnitz, Tang Yi, Yinzhi Cao](https://reader035.vdocuments.mx/reader035/viewer/2022062801/56649e725503460f94b70bd6/html5/thumbnails/3.jpg)
Goals
•Run Javascript code remotely in a way that▫Does not require client modification▫Is high performance▫Maintains original functionality
•Test whether the JavaScript code performs an attack
•Filter code when it can be done safely
Fu
ture
![Page 4: JSProxy: Safety from Javascript Benjamin Prosnitz, Tang Yi, Yinzhi Cao](https://reader035.vdocuments.mx/reader035/viewer/2022062801/56649e725503460f94b70bd6/html5/thumbnails/4.jpg)
Running Javascript Remotely
•Modify pages viewed by client▫Replace original scripts with remote calls
(AJAX)•Repeat the user’s actions on the server•Send changes made by scripts that should
be visible to the user back to client
![Page 5: JSProxy: Safety from Javascript Benjamin Prosnitz, Tang Yi, Yinzhi Cao](https://reader035.vdocuments.mx/reader035/viewer/2022062801/56649e725503460f94b70bd6/html5/thumbnails/5.jpg)
Diagram of System
Web Serve
r
Proxy
Proxy Interfac
e
Modification Engine
Session Manager
Interface
Javascript ExecutionEngine
(modified browser)
User
![Page 6: JSProxy: Safety from Javascript Benjamin Prosnitz, Tang Yi, Yinzhi Cao](https://reader035.vdocuments.mx/reader035/viewer/2022062801/56649e725503460f94b70bd6/html5/thumbnails/6.jpg)
Timeline of Events
t
Client
Proxy
Server
Requestfor page
Original Page
Modified Page
Button Pressed
remote_call()
Inject buttonpress
Changesto page
Changesto page(it is reallyasynchronous)
![Page 7: JSProxy: Safety from Javascript Benjamin Prosnitz, Tang Yi, Yinzhi Cao](https://reader035.vdocuments.mx/reader035/viewer/2022062801/56649e725503460f94b70bd6/html5/thumbnails/7.jpg)
DEMO: Page Modification
•Uses Mozilla Gecko engine•Searches for javascript and replaces it
with calls (which will eventually be remote calls)
•Suggest a URL to download and modify!
![Page 8: JSProxy: Safety from Javascript Benjamin Prosnitz, Tang Yi, Yinzhi Cao](https://reader035.vdocuments.mx/reader035/viewer/2022062801/56649e725503460f94b70bd6/html5/thumbnails/8.jpg)
Performance of Page Modification
CDF of Processing Time
![Page 9: JSProxy: Safety from Javascript Benjamin Prosnitz, Tang Yi, Yinzhi Cao](https://reader035.vdocuments.mx/reader035/viewer/2022062801/56649e725503460f94b70bd6/html5/thumbnails/9.jpg)
Performance of Page ModificationStrong correlation between Page Size and Processing Time
![Page 10: JSProxy: Safety from Javascript Benjamin Prosnitz, Tang Yi, Yinzhi Cao](https://reader035.vdocuments.mx/reader035/viewer/2022062801/56649e725503460f94b70bd6/html5/thumbnails/10.jpg)
Performance of Page Modification
Processing Time is not clearly correlated with Number of Scripts
![Page 11: JSProxy: Safety from Javascript Benjamin Prosnitz, Tang Yi, Yinzhi Cao](https://reader035.vdocuments.mx/reader035/viewer/2022062801/56649e725503460f94b70bd6/html5/thumbnails/11.jpg)
Interface and Session Management•Client-server interface using
Javascript/AJAX and FastCGI/C++ (not being demoed today)
•Session manager which▫Identifies sessions that are alive and dead▫Redirects calls to the correct browser
session▫Closes browser sessions which have ended
![Page 12: JSProxy: Safety from Javascript Benjamin Prosnitz, Tang Yi, Yinzhi Cao](https://reader035.vdocuments.mx/reader035/viewer/2022062801/56649e725503460f94b70bd6/html5/thumbnails/12.jpg)
DEMO: Executing Javascript on Proxy•Browser on Proxy is Webkit-based•Remote execution of Javascript code
would occur when user performs an action
![Page 13: JSProxy: Safety from Javascript Benjamin Prosnitz, Tang Yi, Yinzhi Cao](https://reader035.vdocuments.mx/reader035/viewer/2022062801/56649e725503460f94b70bd6/html5/thumbnails/13.jpg)
DEMO: User-Visible Change Detection•Also based on Webkit•Can detect approximately 8 different
changes now▫.innerHTML changes▫alert()▫print()▫close()▫…
![Page 14: JSProxy: Safety from Javascript Benjamin Prosnitz, Tang Yi, Yinzhi Cao](https://reader035.vdocuments.mx/reader035/viewer/2022062801/56649e725503460f94b70bd6/html5/thumbnails/14.jpg)
Where is state (cookies,etc.) kept?•On both client and proxy
▫Proxy needs it to have javascript (esp. AJAX) work as expected
▫Client needs it to submit forms, display the data, etc.
![Page 15: JSProxy: Safety from Javascript Benjamin Prosnitz, Tang Yi, Yinzhi Cao](https://reader035.vdocuments.mx/reader035/viewer/2022062801/56649e725503460f94b70bd6/html5/thumbnails/15.jpg)
Future Work: Remote Execution•Create session manager•Finalize interface•Detect and fix cases that it doesn’t work
with
![Page 16: JSProxy: Safety from Javascript Benjamin Prosnitz, Tang Yi, Yinzhi Cao](https://reader035.vdocuments.mx/reader035/viewer/2022062801/56649e725503460f94b70bd6/html5/thumbnails/16.jpg)
Future Work: The Filter
•Acquire or implement a virtual-machine based vulnerability detector
•Determine how to safely identify which pages to run remotely
•Implement a mechanism to transparently switch between remote and local page execution
![Page 17: JSProxy: Safety from Javascript Benjamin Prosnitz, Tang Yi, Yinzhi Cao](https://reader035.vdocuments.mx/reader035/viewer/2022062801/56649e725503460f94b70bd6/html5/thumbnails/17.jpg)
Conclusion
•Work on our system is in progress and will continue next quarter
•Key components of the remote execution system are currently functional and work well
•The remainder of the remote execution system can likely be finished soon
![Page 18: JSProxy: Safety from Javascript Benjamin Prosnitz, Tang Yi, Yinzhi Cao](https://reader035.vdocuments.mx/reader035/viewer/2022062801/56649e725503460f94b70bd6/html5/thumbnails/18.jpg)
Q&A?