Asia CCS '22 : proceedings of the 2022 ACM Asia Conference on Computer and Communications Security : May 30-June 3, 2022, Nagasaki, Japan. ACM Asia Conference on Computer and Communications Security (17th : 2022 : Nagasaki-shi, Japan ; ...最新文献
Due to the high popularity of Cross-Site Scripting (XSS) attacks, most major browsers now include or support filters to protect against reflected XSS attacks. Internet Explorer and Google Chrome provide built-in filters, while Firefox supports extensions that provide this functionality. However, these filters all have limitations.
{"title":"Protection, usability and improvements in reflected XSS filters","authors":"Riccardo Pelizzi, R. Sekar","doi":"10.1145/2414456.2414458","DOIUrl":"https://doi.org/10.1145/2414456.2414458","url":null,"abstract":"Due to the high popularity of Cross-Site Scripting (XSS) attacks, most major browsers now include or support filters to protect against reflected XSS attacks. Internet Explorer and Google Chrome provide built-in filters, while Firefox supports extensions that provide this functionality. However, these filters all have limitations.","PeriodicalId":72308,"journal":{"name":"Asia CCS '22 : proceedings of the 2022 ACM Asia Conference on Computer and Communications Security : May 30-June 3, 2022, Nagasaki, Japan. ACM Asia Conference on Computer and Communications Security (17th : 2022 : Nagasaki-shi, Japan ; ...","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2012-05-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"87791022","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Deduplication is a technique used to reduce the amount of storage needed by service providers. It is based on the intuition that several users may want (for different reasons) to store the same content. Hence, storing a single copy of these files is sufficient. Albeit simple in theory, the implementation of this concept introduces many security risks. In this paper we address the most severe one: an adversary (who possesses only a fraction of the original file, or even just partially colluding with a rightful owner) claiming to possess such a file. The paper's contributions are manifold: first, we introduce a novel Proof of Ownership (POW) scheme that has all features of the state-of-the-art solution while incurring only a fraction of the overhead experienced by the competitor; second, the security of the proposed mechanisms relies on information theoretical (combinatoric) rather than computational assumptions; we also propose viable optimization techniques that further improve the scheme's performance. Finally, the quality of our proposal is supported by extensive benchmarking.
{"title":"Boosting efficiency and security in proof of ownership for deduplication","authors":"R. D. Pietro, A. Sorniotti","doi":"10.1145/2414456.2414504","DOIUrl":"https://doi.org/10.1145/2414456.2414504","url":null,"abstract":"Deduplication is a technique used to reduce the amount of storage needed by service providers. It is based on the intuition that several users may want (for different reasons) to store the same content. Hence, storing a single copy of these files is sufficient. Albeit simple in theory, the implementation of this concept introduces many security risks. In this paper we address the most severe one: an adversary (who possesses only a fraction of the original file, or even just partially colluding with a rightful owner) claiming to possess such a file. The paper's contributions are manifold: first, we introduce a novel Proof of Ownership (POW) scheme that has all features of the state-of-the-art solution while incurring only a fraction of the overhead experienced by the competitor; second, the security of the proposed mechanisms relies on information theoretical (combinatoric) rather than computational assumptions; we also propose viable optimization techniques that further improve the scheme's performance. Finally, the quality of our proposal is supported by extensive benchmarking.","PeriodicalId":72308,"journal":{"name":"Asia CCS '22 : proceedings of the 2022 ACM Asia Conference on Computer and Communications Security : May 30-June 3, 2022, Nagasaki, Japan. ACM Asia Conference on Computer and Communications Security (17th : 2022 : Nagasaki-shi, Japan ; ...","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2012-05-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"81316811","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
We introduce the notion of forgery-resilience for digital signature schemes, a new paradigm exhibiting desirable legislative properties. It evolves around the idea that, for any message, there can only be a unique valid signature, and exponentially many acceptable signatures, all but one of them being spurious. This primitive enables a judge to verify whether an alleged forged signature is indeed a forgery. In particular, the scheme considers an adversary who has access to a signing oracle and an oracle that solves a "hard" problem, and who tries to produce a signature that appears to be acceptable from a verifier's point of view. However, a judge can tell apart such a spurious signature from a legitimate signature. This property is referred to as validatibility. Moreover, the scheme provides undeniability against malicious signers who try to fabricate spurious signatures and deny them later by showing that they are not valid. Last but not least, trustability refers to the inability of a malicious judge trying to forge a valid signature. This notion for signature schemes improves upon the notion of fail-stop signatures in different ways. For example, it is possible to sign more than one messages with forgery-resilient signatures and once a forgery is found, the credibility of a previously signed signature is not under question. A concrete instance of a forgery-resilient signature scheme is constructed based on the hardness of extracting roots of higher residues, which we show to be equivalent to the factoring assumption. In particular, using collision-free accumulators, we present a tight reduction from malicious signers to adversaries against the factoring problem. Meanwhile, a secure pseudorandom function ensures that no polynomially-bounded cheating verifier, who can still solve hard problems, is able to forge valid signatures. Security against malicious judges is based on the RSA assumption.
{"title":"Forgery-resilience for digital signature schemes","authors":"Atefeh Mashatan, Khaled Ouafi","doi":"10.1145/2414456.2414469","DOIUrl":"https://doi.org/10.1145/2414456.2414469","url":null,"abstract":"We introduce the notion of forgery-resilience for digital signature schemes, a new paradigm exhibiting desirable legislative properties. It evolves around the idea that, for any message, there can only be a unique valid signature, and exponentially many acceptable signatures, all but one of them being spurious.\u0000 This primitive enables a judge to verify whether an alleged forged signature is indeed a forgery. In particular, the scheme considers an adversary who has access to a signing oracle and an oracle that solves a \"hard\" problem, and who tries to produce a signature that appears to be acceptable from a verifier's point of view. However, a judge can tell apart such a spurious signature from a legitimate signature. This property is referred to as validatibility. Moreover, the scheme provides undeniability against malicious signers who try to fabricate spurious signatures and deny them later by showing that they are not valid. Last but not least, trustability refers to the inability of a malicious judge trying to forge a valid signature.\u0000 This notion for signature schemes improves upon the notion of fail-stop signatures in different ways. For example, it is possible to sign more than one messages with forgery-resilient signatures and once a forgery is found, the credibility of a previously signed signature is not under question.\u0000 A concrete instance of a forgery-resilient signature scheme is constructed based on the hardness of extracting roots of higher residues, which we show to be equivalent to the factoring assumption. In particular, using collision-free accumulators, we present a tight reduction from malicious signers to adversaries against the factoring problem. Meanwhile, a secure pseudorandom function ensures that no polynomially-bounded cheating verifier, who can still solve hard problems, is able to forge valid signatures. Security against malicious judges is based on the RSA assumption.","PeriodicalId":72308,"journal":{"name":"Asia CCS '22 : proceedings of the 2022 ACM Asia Conference on Computer and Communications Security : May 30-June 3, 2022, Nagasaki, Japan. ACM Asia Conference on Computer and Communications Security (17th : 2022 : Nagasaki-shi, Japan ; ...","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2012-05-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"79884747","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Joel Reardon, Claudio Marforio, Srdjan Capkun, D. Basin
Deleting a file from a storage medium serves two purposes: it reclaims storage resources and ensures that any sensitive information contained in the file becomes inaccessible. When done for the latter purpose, it is critical that the file is securely deleted, meaning that its content does not persist on the storage medium after deletion. Secure deletion is the act of deleting data from a storage medium such that the data is afterwards irrecoverable from the storage medium. The time between deleting data and it becoming irrecoverable is called the deletion latency.
{"title":"User-level secure deletion on log-structured file systems","authors":"Joel Reardon, Claudio Marforio, Srdjan Capkun, D. Basin","doi":"10.1145/2414456.2414493","DOIUrl":"https://doi.org/10.1145/2414456.2414493","url":null,"abstract":"Deleting a file from a storage medium serves two purposes: it reclaims storage resources and ensures that any sensitive information contained in the file becomes inaccessible. When done for the latter purpose, it is critical that the file is securely deleted, meaning that its content does not persist on the storage medium after deletion. Secure deletion is the act of deleting data from a storage medium such that the data is afterwards irrecoverable from the storage medium. The time between deleting data and it becoming irrecoverable is called the deletion latency.","PeriodicalId":72308,"journal":{"name":"Asia CCS '22 : proceedings of the 2022 ACM Asia Conference on Computer and Communications Security : May 30-June 3, 2022, Nagasaki, Japan. ACM Asia Conference on Computer and Communications Security (17th : 2022 : Nagasaki-shi, Japan ; ...","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2012-05-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"83829237","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
We take a closer look at keyboard acoustic emanations specifically for the purpose of eavesdropping over random passwords. In this scenario, dictionary and HMM language models are not applicable; the attacker can only utilize the raw acoustic information which has been recorded. We investigate several existing signal processing techniques for our purpose, and introduce a novel technique -- time-frequency decoding -- that improves the detection accuracy compared to previous techniques. We also carefully examine the effect of typing style -- a crucial variable largely ignored by prior research -- on the detection accuracy. Our results show that using the same typing style (hunt and peck) for both training and decoding the data, the best case success rate for detecting correctly the typed key is 64% per character. The results also show that changing the typing style, to touch typing, during the decoding stage reduces the success rate, but using the time-frequency technique, we can still achieve a success rate of around 40% per character. Our work takes the keyboard acoustic attack one step further, bringing it closer to a full-fledged vulnerability under realistic scenarios (different typing styles and random passwords). Our results suggest that while the performance of these attacks degrades under such conditions, it is still possible, utilizing the time-frequency technique, to considerably reduce the exhaustive search complexity of retrieving a random password.
我们仔细研究键盘声发射,专门用于窃听随机密码。在这个场景中,字典和HMM语言模型不适用;攻击者只能利用已记录的原始声学信息。为了达到我们的目的,我们研究了几种现有的信号处理技术,并引入了一种新的技术——时频解码——与以前的技术相比,它提高了检测精度。我们还仔细检查了打字风格对检测准确性的影响——这是一个在很大程度上被先前研究忽略的关键变量。我们的结果表明,使用相同的输入风格(hunt and peck)来训练和解码数据,正确检测输入键的最佳案例成功率为每个字符64%。结果还表明,在解码阶段,将打字风格改为触摸打字会降低成功率,但使用时频技术,我们仍然可以实现每个字符40%左右的成功率。我们的工作将键盘声学攻击向前推进了一步,使其更接近于现实场景下(不同的打字风格和随机密码)的成熟漏洞。我们的研究结果表明,虽然这些攻击的性能在这种条件下会下降,但利用时间-频率技术仍然有可能大大降低检索随机密码的穷举搜索复杂性。
{"title":"A closer look at keyboard acoustic emanations: random passwords, typing styles and decoding techniques","authors":"Tzipora Halevi, Nitesh Saxena","doi":"10.1145/2414456.2414509","DOIUrl":"https://doi.org/10.1145/2414456.2414509","url":null,"abstract":"We take a closer look at keyboard acoustic emanations specifically for the purpose of eavesdropping over random passwords. In this scenario, dictionary and HMM language models are not applicable; the attacker can only utilize the raw acoustic information which has been recorded. We investigate several existing signal processing techniques for our purpose, and introduce a novel technique -- time-frequency decoding -- that improves the detection accuracy compared to previous techniques. We also carefully examine the effect of typing style -- a crucial variable largely ignored by prior research -- on the detection accuracy. Our results show that using the same typing style (hunt and peck) for both training and decoding the data, the best case success rate for detecting correctly the typed key is 64% per character. The results also show that changing the typing style, to touch typing, during the decoding stage reduces the success rate, but using the time-frequency technique, we can still achieve a success rate of around 40% per character.\u0000 Our work takes the keyboard acoustic attack one step further, bringing it closer to a full-fledged vulnerability under realistic scenarios (different typing styles and random passwords). Our results suggest that while the performance of these attacks degrades under such conditions, it is still possible, utilizing the time-frequency technique, to considerably reduce the exhaustive search complexity of retrieving a random password.","PeriodicalId":72308,"journal":{"name":"Asia CCS '22 : proceedings of the 2022 ACM Asia Conference on Computer and Communications Security : May 30-June 3, 2022, Nagasaki, Japan. ACM Asia Conference on Computer and Communications Security (17th : 2022 : Nagasaki-shi, Japan ; ...","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2012-05-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"79529586","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Aziz Mohaisen, Huy Tran, Nicholas Hopper, Yongdae Kim
Many graphs in general, and social graphs in particular, are directed by nature. However, applications built on top of social networks, including Sybil defenses, information routing and dissemination, and anonymous communication require mutual relationships which produce undirected graphs. When undirected graphs are used as testing tools for these applications to bring insight on their usability and potential deployment, directed graphs are converted into undirected graphs by omitting edge directions or by augmenting graphs. Unfortunately, it is unclear how altering these graphs affects the quality of their mixing time. Motivated by the lack of prior work on this problem, we investigate mathematical tools for measuring the mixing time of directed social graphs and its associated error bounds. We use these tools to measure the mixing time of several benchmarking directed graphs and their undirected counterparts. We then measure how this difference impacts two applications built on top of social networks: a Sybil defense mechanism and an anonymous communication system.
{"title":"On the mixing time of directed social graphs and security implications","authors":"Aziz Mohaisen, Huy Tran, Nicholas Hopper, Yongdae Kim","doi":"10.1145/2414456.2414476","DOIUrl":"https://doi.org/10.1145/2414456.2414476","url":null,"abstract":"Many graphs in general, and social graphs in particular, are directed by nature. However, applications built on top of social networks, including Sybil defenses, information routing and dissemination, and anonymous communication require mutual relationships which produce undirected graphs. When undirected graphs are used as testing tools for these applications to bring insight on their usability and potential deployment, directed graphs are converted into undirected graphs by omitting edge directions or by augmenting graphs. Unfortunately, it is unclear how altering these graphs affects the quality of their mixing time. Motivated by the lack of prior work on this problem, we investigate mathematical tools for measuring the mixing time of directed social graphs and its associated error bounds. We use these tools to measure the mixing time of several benchmarking directed graphs and their undirected counterparts. We then measure how this difference impacts two applications built on top of social networks: a Sybil defense mechanism and an anonymous communication system.","PeriodicalId":72308,"journal":{"name":"Asia CCS '22 : proceedings of the 2022 ACM Asia Conference on Computer and Communications Security : May 30-June 3, 2022, Nagasaki, Japan. ACM Asia Conference on Computer and Communications Security (17th : 2022 : Nagasaki-shi, Japan ; ...","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2012-05-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"72955676","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
In this paper, we introduce a new time-memory-data trade-off attack which can perform better than existing ones by Biryukov-Shamir (BS-TMD [1]), Hong-Sarkar (HS-TMD [8]) and Dunkelman-Keller (DK-TMD [5]). Current Estream ciphers are resistant to these attacks because the state size is too big for the BS-TMD attack, while the pre-processing is at least as expensive as exhaustive search for the HS-TMD and DK-TMD attacks.
{"title":"New time-memory-data trade-off attack on the estream finalists and modes of operation of block ciphers","authors":"Khoongming Khoo, C. H. Tan","doi":"10.1145/2414456.2414466","DOIUrl":"https://doi.org/10.1145/2414456.2414466","url":null,"abstract":"In this paper, we introduce a new time-memory-data trade-off attack which can perform better than existing ones by Biryukov-Shamir (BS-TMD [1]), Hong-Sarkar (HS-TMD [8]) and Dunkelman-Keller (DK-TMD [5]). Current Estream ciphers are resistant to these attacks because the state size is too big for the BS-TMD attack, while the pre-processing is at least as expensive as exhaustive search for the HS-TMD and DK-TMD attacks.","PeriodicalId":72308,"journal":{"name":"Asia CCS '22 : proceedings of the 2022 ACM Asia Conference on Computer and Communications Security : May 30-June 3, 2022, Nagasaki, Japan. ACM Asia Conference on Computer and Communications Security (17th : 2022 : Nagasaki-shi, Japan ; ...","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2012-05-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"87413998","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
As protocol narrations are widely used to describe security protocols, efforts have been made to formalize or devise semantics for them. An important, but largely neglected, question is whether or not the formalism faithfully accounts for the attacker's view. Several attempts have been made in the literature to recover the attacker's view. They, however, are rather restricted in scope and quite complex. This greatly impedes the ability of protocol verification tools to detect intricate attacks. In this paper, we establish a faithful view of the attacker based on rigorous, yet intuitive, interpretations of exchanged messages. This gives us a new way to look at attacks and protocol implementations. Specifically, we identify two types of attacks that can be thawed through adjusting the protocol implementation; and show that such an ideal implementation does not always exist. Overall, the obtained attacker's view provides a path to more secure protocol designs and implementations.
{"title":"Towards the attacker's view of protocol narrations (or, how to compile security protocols)","authors":"Zhiwei Li, Weichao Wang","doi":"10.1145/2414456.2414481","DOIUrl":"https://doi.org/10.1145/2414456.2414481","url":null,"abstract":"As protocol narrations are widely used to describe security protocols, efforts have been made to formalize or devise semantics for them. An important, but largely neglected, question is whether or not the formalism faithfully accounts for the attacker's view. Several attempts have been made in the literature to recover the attacker's view. They, however, are rather restricted in scope and quite complex. This greatly impedes the ability of protocol verification tools to detect intricate attacks.\u0000 In this paper, we establish a faithful view of the attacker based on rigorous, yet intuitive, interpretations of exchanged messages. This gives us a new way to look at attacks and protocol implementations. Specifically, we identify two types of attacks that can be thawed through adjusting the protocol implementation; and show that such an ideal implementation does not always exist. Overall, the obtained attacker's view provides a path to more secure protocol designs and implementations.","PeriodicalId":72308,"journal":{"name":"Asia CCS '22 : proceedings of the 2022 ACM Asia Conference on Computer and Communications Security : May 30-June 3, 2022, Nagasaki, Japan. ACM Asia Conference on Computer and Communications Security (17th : 2022 : Nagasaki-shi, Japan ; ...","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2012-05-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"91465247","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Yinzhi Cao, Zhichun Li, Vaibhav Rastogi, Yan Chen, Xitao Wen
Third party JavaScripts not only offer much richer features to the web and its applications but also introduce new threats. These scripts cannot be completely trusted and executed with the privileges given to host web sites. Due to incomplete virtualization and lack of tracking all the data flows, all existing approaches without native sandbox support can secure only a subset of third party JavaScripts, and they are vulnerable to attacks encoded in non-standard HTML/-JavaScript (browser quirks) as these approaches will parse third party JavaScripts independently at server side without considering client-side non-standard parsing quirks. At the same time, native sandboxes are vulnerable to attacks based on unknown native JavaScript engine bugs. In this paper, we propose Virtual Browser, a full browser-level virtualized environment within existing browsers for executing untrusted third party code. Our approach supports more complete JavaScript language features including those hard-to-secure functions, such as with and eval. Since Virtual Browser does not rely on native browser parsing behavior, there is no possibility of attacks being executed through browser quirks. Moreover, given the third-party Javascripts are running in Virtual Browser instead of native browsers, it is harder for the attackers to exploit unknown vulnerabilities in the native JavaScript engine. In our design, we first completely isolate Virtual Browser from the native browser components and then introduce communication by adding data flows carefully examined for security. The evaluation of the Virtual Browser prototype shows that our execution speed is the same as Microsoft Web Sandbox[5], a state of the art runtime web-level sandbox. In addition, Virtual Browser is more secure and supports more complete JavaScript for third party JavaScript development.
第三方javascript不仅为web及其应用程序提供了更丰富的功能,而且还带来了新的威胁。这些脚本不能完全被信任,也不能用给予主机网站的特权来执行。由于不完整的虚拟化和缺乏对所有数据流的跟踪,所有没有原生沙箱支持的现有方法只能保护第三方javascript的一个子集,并且它们很容易受到以非标准HTML/-JavaScript编码的攻击(浏览器特性),因为这些方法将在服务器端独立解析第三方javascript,而不考虑客户端非标准解析特性。同时,本地沙箱容易受到基于未知本地JavaScript引擎漏洞的攻击。在本文中,我们提出了虚拟浏览器,这是一个在现有浏览器中执行不受信任的第三方代码的完整浏览器级虚拟化环境。我们的方法支持更完整的JavaScript语言特性,包括那些难以保护的函数,比如with和eval。由于虚拟浏览器不依赖于本地浏览器解析行为,因此不存在通过浏览器怪癖执行攻击的可能性。此外,由于第三方JavaScript在虚拟浏览器而不是本地浏览器中运行,攻击者很难利用本地JavaScript引擎中的未知漏洞。在我们的设计中,我们首先将虚拟浏览器与本地浏览器组件完全隔离,然后通过添加经过安全检查的数据流引入通信。对虚拟浏览器原型的评估表明,我们的执行速度与Microsoft Web Sandbox[5]相同,这是一种最先进的运行时Web级沙盒。此外,虚拟浏览器更安全,并支持更完整的JavaScript用于第三方JavaScript开发。
{"title":"Virtual browser: a virtualized browser to sandbox third-party JavaScripts with enhanced security","authors":"Yinzhi Cao, Zhichun Li, Vaibhav Rastogi, Yan Chen, Xitao Wen","doi":"10.1145/2414456.2414460","DOIUrl":"https://doi.org/10.1145/2414456.2414460","url":null,"abstract":"Third party JavaScripts not only offer much richer features to the web and its applications but also introduce new threats. These scripts cannot be completely trusted and executed with the privileges given to host web sites. Due to incomplete virtualization and lack of tracking all the data flows, all existing approaches without native sandbox support can secure only a subset of third party JavaScripts, and they are vulnerable to attacks encoded in non-standard HTML/-JavaScript (browser quirks) as these approaches will parse third party JavaScripts independently at server side without considering client-side non-standard parsing quirks. At the same time, native sandboxes are vulnerable to attacks based on unknown native JavaScript engine bugs.\u0000 In this paper, we propose Virtual Browser, a full browser-level virtualized environment within existing browsers for executing untrusted third party code. Our approach supports more complete JavaScript language features including those hard-to-secure functions, such as with and eval. Since Virtual Browser does not rely on native browser parsing behavior, there is no possibility of attacks being executed through browser quirks. Moreover, given the third-party Javascripts are running in Virtual Browser instead of native browsers, it is harder for the attackers to exploit unknown vulnerabilities in the native JavaScript engine. In our design, we first completely isolate Virtual Browser from the native browser components and then introduce communication by adding data flows carefully examined for security. The evaluation of the Virtual Browser prototype shows that our execution speed is the same as Microsoft Web Sandbox[5], a state of the art runtime web-level sandbox. In addition, Virtual Browser is more secure and supports more complete JavaScript for third party JavaScript development.","PeriodicalId":72308,"journal":{"name":"Asia CCS '22 : proceedings of the 2022 ACM Asia Conference on Computer and Communications Security : May 30-June 3, 2022, Nagasaki, Japan. ACM Asia Conference on Computer and Communications Security (17th : 2022 : Nagasaki-shi, Japan ; ...","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2012-05-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"82323269","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Controlling spam remains a significant challenge. One primary cause of the spam problem is the way in which email addresses are typically used. To provide a fixed address at which they can be reached, most users treat their email IDs as permanent and only abandon them in rare circumstances. As a result, once a user's email address leaks to spammers, it is nearly impossible to entirely prevent them from sending messages to the user's inbox. Users usually has no recourse if they wish to retract the release of an email address to a certain party.
{"title":"Adaptive semi-private email aliases","authors":"Beng Heng Ng, Alexander Crowell, A. Prakash","doi":"10.1145/2414456.2414496","DOIUrl":"https://doi.org/10.1145/2414456.2414496","url":null,"abstract":"Controlling spam remains a significant challenge. One primary cause of the spam problem is the way in which email addresses are typically used. To provide a fixed address at which they can be reached, most users treat their email IDs as permanent and only abandon them in rare circumstances. As a result, once a user's email address leaks to spammers, it is nearly impossible to entirely prevent them from sending messages to the user's inbox. Users usually has no recourse if they wish to retract the release of an email address to a certain party.","PeriodicalId":72308,"journal":{"name":"Asia CCS '22 : proceedings of the 2022 ACM Asia Conference on Computer and Communications Security : May 30-June 3, 2022, Nagasaki, Japan. ACM Asia Conference on Computer and Communications Security (17th : 2022 : Nagasaki-shi, Japan ; ...","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2012-05-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"79366205","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Asia CCS '22 : proceedings of the 2022 ACM Asia Conference on Computer and Communications Security : May 30-June 3, 2022, Nagasaki, Japan. ACM Asia Conference on Computer and Communications Security (17th : 2022 : Nagasaki-shi, Japan ; ...