Carnegie Mellon University
Browse

Tainted Secure Multi-Execution to Restrict Attacker Influence

Download (1.14 MB)
Version 2 2023-09-07, 20:37
Version 1 2023-03-22, 20:54
report
posted on 2023-09-07, 20:37 authored by McKenna McCallMcKenna McCall, Abhishek Bichhawat, Limin JiaLimin Jia

Attackers can steal sensitive user information from web pages via third-party scripts. Prior work shows that secure multi-execution (SME) with declassification is useful for mitigating such attacks, but that attackers can leverage dynamic web features to declassify more than intended. The proposed solution of disallowing events from dynamic web elements to be declassified is too restrictive to be practical; websites that declassify events from dynamic elements cannot function correctly.


In this paper, we present SmeT, a new information flow monitor based on SME which uses taint tracking within each execution to remember what has been influenced by an attacker. The resulting monitor is more permissive than what was proposed by prior work and satisfies both knowledge- and influence-based definitions of security for confidentiality and integrity policies (respectively). We also show that robust declassification follows from our influence-based security condition, for free. Finally, we examine the performance impact of monitoring attacker influence with SME by implementing  SmeT on top of Featherweight Firefox.

History

Usage metrics

    Licence

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC