Tongbo Luo

Touchjacking attacks on web in android, iOS, and windows phone

To make it easy for applications to interact with the Web, most mobile platforms, including Android, iOS, and Windows Phone, provide a mechanism that allows applications to embed a small but powerful browser component inside. This mechanism is called WebView in Android (it is called different names in other platforms). WebView implements a number of APIs that can be used by applications to interact with the web contents inside WebView. It has been pointed out by the previous work that malicious applications can use these APIs to attack the web contents inside WebView. Proposals are made by the previous work to fix the problems of those APIs. We have discovered that by fixing those APIs, WebView is still not secure. This is because the previous work only focuses on the APIs specifically designed for WebView; they have overlooked the APIs that WebView inherits from its super classes. These APIs are designed for the general-purposed user interface (UI) components, and they seem to pose no risk to those components; however, the combination of these APIs with the Web has led to new risks. We have identified several attacks based on these APIs. Our attacks are called Touchjacking attacks. They treat WebView as a blackbox, i.e., they do not use the APIs that are designed specifically for WebView; instead, they only use the inherited APIs. Through these APIs, malicious applications can attack the web contents inside WebView. The impact of the attacks is quite significant, as all the platforms that we have studied, including Android, iOS, and Windows Phone, are vulnerable to these attacks.

Bureaucratic protocols for secure two-party sorting, selection, and permuting

In this paper, we introduce a framework for secure two-party (S2P) computations, which we call bureaucratic computing, and we demonstrate its efficiency by designing practical S2P computations for sorting, selection, and random permutation. In a nutshell, the main idea behind bureaucratic computing is to design data-oblivious algorithms that push all knowledge and influence of input values down to small black-box circuits, which are simulated using Yaos garbled paradigm. The practical benefit of this approach is that it maintains the zero-knowledge features of secure two-party computations while avoiding the significant computational overheads that come from trying to apply Yaos garbled paradigm to anything other than simple two-input functions.

Contego: capability-based access control for web browsers

Over the last two decades, the Web has significantly transformed our lives. Along with the increased activities on the Web come the attacks. A recent report shows that 83% of web sites have had at least one serious vulnerability. As the Web becomes more and more sophisticated, the number of vulnerable sites is unlikely to decrease. A fundamental cause of these vulnerabilities is the inadequacy of the browsers access control model in dealing with the features in todays Web. We need better access control models for browsers. Todays web pages behave more and more like a system, with dynamic elements interacting with one another within each web page. A well-designed access control model is needed to mediate these interactions to ensure security. The capability-based access control model has many properties that are desirable for the Web. This paper designs a capability-based access control model for web browsers. We demonstrate how such a model can be beneficial to the Web, and how common vulnerabilities can be easily prevented using this model. We have implemented this model in the Google Chrome browser.

Contego: Capability-Based Access Control for Web Browsers (Short Paper)

Over the last two decades, the Web has significantly transformed our lives. Along with the increased activities on the Web come the attacks. A recent report shows that 83% of web sites have had at least one serious vulnerability. As the Web becomes more and more sophisticated, the number of vulnerable sites is unlikely to decrease. A fundamental cause of these vulnerabilities is the inadequacy of the browsers access control model in dealing with the features in todays Web. We need better access control models for browsers. Todays web pages behave more and more like a system, with dynamic ele- ments interacting with one another within each web page. A well-designed ac- cess control model is needed to mediate these interactions to ensure security. The capability-based access control model has many properties that are desirable for the Web. This paper designs a capability-based access control model for web browsers. We demonstrate how such a model can be beneficial to the Web, and how common vulnerabilities can be easily prevented using this model. We have implemented this model in the Google Chrome browser.

Position paper: why are there so many vulnerabilities in web applications?

As the Web has become more and more ubiquitous, the number of attacks on web applications have increased substantially. According to a recent report, over 80 percent of web applications have had at least one serious vulnerability. This percentage is alarmingly higher than traditional applications. Something must be fundamentally wrong in the web infrastructure. Based on our research, we have formulated the following position: when choosing the stateless framework for the Web, we ignored a number of security properties that are essential to applications. As a result, the Trusted Computing Base(TCB) of the Web has significant weaknesses. To build secure stateful applications on top of a weakened TCB, developers have to implement extra protection logic in their web applications, making development difficult and error prone, and thereby causing a number of security problems in web applications. In this paper, we will present evidence, justification, and in-depth analysis to support this position.

SCUTA: a server-side access control system for web applications

The Web is playing a very important role in our lives, and is becoming an essential element of the computing infrastructure. Unfortunately, its importance makes it the preferred target of attacks. Web-based vulnerabilities now outnumber traditional computer security concerns. A recent study shows that over 80 percent of web sites have had at least one serious vulnerability. We believe that the Webs problems, to a large degree, are caused by the inadequacy of its underlying access control systems. To reduce the number of vulnerabilities, it is essential to provide web applications with better access control models that can adequately address the protection needs of the current Web. As a part of the efforts to develop a better access control system for the Web, we focus on the server-side access control in this paper. We introduce a new concept called subsession, based on which, we have developed a ringbased access control system (called Scuta) for web servers. Scuta provides a fine-grained and backward-compatible access control mechanism for web applications. We have implemented Scuta in PHP, and have conducted comprehensive case studies to evaluate its benefits.

Mediums: visual integrity preserving framework

The UI redressing attack and its variations have spread across several platforms, from web browsers to mobile systems. We study the fundamental problem underneath such attacks, and formulate a generic model called the container threat model. We believe that the attacks are caused by the systems failure to preserve visual integrity. From this angle, we study the existing countermeasures and propose a generic approach, Mediums framework, to develop a Trusted Display Base (TDB) to address this type of problems. We use the side channel to convey the lost visual information to users. From the access control perspective, we use the dynamic binding policy model to allow the server to enforce different restrictions based on different client-side scenarios.