Yinzhi Cao, Zhichun Li, Vaibhav Rastogi, Yan Chen, Xitao Wen
{"title":"Virtual browser: a virtualized browser to sandbox third-party JavaScripts with enhanced security","authors":"Yinzhi Cao, Zhichun Li, Vaibhav Rastogi, Yan Chen, Xitao Wen","doi":"10.1145/2414456.2414460","DOIUrl":null,"url":null,"abstract":"Third party JavaScripts not only offer much richer features to the web and its applications but also introduce new threats. These scripts cannot be completely trusted and executed with the privileges given to host web sites. Due to incomplete virtualization and lack of tracking all the data flows, all existing approaches without native sandbox support can secure only a subset of third party JavaScripts, and they are vulnerable to attacks encoded in non-standard HTML/-JavaScript (browser quirks) as these approaches will parse third party JavaScripts independently at server side without considering client-side non-standard parsing quirks. At the same time, native sandboxes are vulnerable to attacks based on unknown native JavaScript engine bugs.\n In this paper, we propose Virtual Browser, a full browser-level virtualized environment within existing browsers for executing untrusted third party code. Our approach supports more complete JavaScript language features including those hard-to-secure functions, such as with and eval. Since Virtual Browser does not rely on native browser parsing behavior, there is no possibility of attacks being executed through browser quirks. Moreover, given the third-party Javascripts are running in Virtual Browser instead of native browsers, it is harder for the attackers to exploit unknown vulnerabilities in the native JavaScript engine. In our design, we first completely isolate Virtual Browser from the native browser components and then introduce communication by adding data flows carefully examined for security. The evaluation of the Virtual Browser prototype shows that our execution speed is the same as Microsoft Web Sandbox[5], a state of the art runtime web-level sandbox. In addition, Virtual Browser is more secure and supports more complete JavaScript for third party JavaScript development.","PeriodicalId":72308,"journal":{"name":"Asia CCS '22 : proceedings of the 2022 ACM Asia Conference on Computer and Communications Security : May 30-June 3, 2022, Nagasaki, Japan. ACM Asia Conference on Computer and Communications Security (17th : 2022 : Nagasaki-shi, Japan ; ...","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2012-05-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"25","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Asia CCS '22 : proceedings of the 2022 ACM Asia Conference on Computer and Communications Security : May 30-June 3, 2022, Nagasaki, Japan. ACM Asia Conference on Computer and Communications Security (17th : 2022 : Nagasaki-shi, Japan ; ...","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2414456.2414460","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 25
Abstract
Third party JavaScripts not only offer much richer features to the web and its applications but also introduce new threats. These scripts cannot be completely trusted and executed with the privileges given to host web sites. Due to incomplete virtualization and lack of tracking all the data flows, all existing approaches without native sandbox support can secure only a subset of third party JavaScripts, and they are vulnerable to attacks encoded in non-standard HTML/-JavaScript (browser quirks) as these approaches will parse third party JavaScripts independently at server side without considering client-side non-standard parsing quirks. At the same time, native sandboxes are vulnerable to attacks based on unknown native JavaScript engine bugs.
In this paper, we propose Virtual Browser, a full browser-level virtualized environment within existing browsers for executing untrusted third party code. Our approach supports more complete JavaScript language features including those hard-to-secure functions, such as with and eval. Since Virtual Browser does not rely on native browser parsing behavior, there is no possibility of attacks being executed through browser quirks. Moreover, given the third-party Javascripts are running in Virtual Browser instead of native browsers, it is harder for the attackers to exploit unknown vulnerabilities in the native JavaScript engine. In our design, we first completely isolate Virtual Browser from the native browser components and then introduce communication by adding data flows carefully examined for security. The evaluation of the Virtual Browser prototype shows that our execution speed is the same as Microsoft Web Sandbox[5], a state of the art runtime web-level sandbox. In addition, Virtual Browser is more secure and supports more complete JavaScript for third party JavaScript development.
第三方javascript不仅为web及其应用程序提供了更丰富的功能,而且还带来了新的威胁。这些脚本不能完全被信任,也不能用给予主机网站的特权来执行。由于不完整的虚拟化和缺乏对所有数据流的跟踪,所有没有原生沙箱支持的现有方法只能保护第三方javascript的一个子集,并且它们很容易受到以非标准HTML/-JavaScript编码的攻击(浏览器特性),因为这些方法将在服务器端独立解析第三方javascript,而不考虑客户端非标准解析特性。同时,本地沙箱容易受到基于未知本地JavaScript引擎漏洞的攻击。在本文中,我们提出了虚拟浏览器,这是一个在现有浏览器中执行不受信任的第三方代码的完整浏览器级虚拟化环境。我们的方法支持更完整的JavaScript语言特性,包括那些难以保护的函数,比如with和eval。由于虚拟浏览器不依赖于本地浏览器解析行为,因此不存在通过浏览器怪癖执行攻击的可能性。此外,由于第三方JavaScript在虚拟浏览器而不是本地浏览器中运行,攻击者很难利用本地JavaScript引擎中的未知漏洞。在我们的设计中,我们首先将虚拟浏览器与本地浏览器组件完全隔离,然后通过添加经过安全检查的数据流引入通信。对虚拟浏览器原型的评估表明,我们的执行速度与Microsoft Web Sandbox[5]相同,这是一种最先进的运行时Web级沙盒。此外,虚拟浏览器更安全,并支持更完整的JavaScript用于第三方JavaScript开发。