Scriptie/masterproef: Master's Thesis


Modern web applications all use JavaScript code. These scripts might be included from unknown third-party developers. Included scripts have ac- cess to the application its sensitive resources and might introduce security vulnerabilities. Access control techniques like SOP (Same-Origin Policy) or CSP (Content Security Policy) are used to enhance the security of a web application. The former only allows an included script to interact with web application if it comes from the same origin. The latter expresses security policies that state from which trusted sources a page can download resources from. However, these techniques can be bypassed and have weaknesses. To increase the security of web applications, these techniques should be comple- mented with application-level solutions.
There are application-level security mechanisms which are entirely written in JavaScript by means of meta programming. Because they are written in JavaScript, they are subject to attacks. One of the attacks is prototype poi- soning. Prototypes in JavaScript have inheritance, which means that objects inherit properties from their prototypes. Attackers can potentially manip- ulate an object its prototype to change or delete secured properties. This thesis focusses on handling these kinds of attacks without requiring VM mod- ifications while being transparent and tamper-proof.
We explore two strategies to protect application against prototype poisoning attacks. A first solution is to copy secured properties from the prototype to the base object, which prevents manipulation at the prototype level. A second solution is to freeze properties at the prototype level, preventing them from being changed or deleted. We prototype our solution in Guardia, which is an application-level security mechanism that uses security policies to con- trol access to resources.
To validate the correctness of these solutions, we conduct two experiments. One experiment is on a web application that does not use prototypes and is not vulnerable to these attacks. We adjust the source code to include prototypes for this. The other experiment is on another web application that has prototypes in its source code and is vulnerable to these attacks. We check if objects with prototypes that we secure cannot be attacked (i.e are tamper-proof) and if the security policies do not alter the application behaviour (i.e are transparent). We can conclude from these experiments that there is a transparency issue coming from one object but is related to the base Guardia implementation and not to our solution, hence our solution is both tamper-proof and transparent.
Datum Prijssep 2018
BegeleiderElisa Gonzalez Boix (Promotor), Angel Luis Scull Pupo (Advisor) & Jens Nicolay (Advisor)

Citeer dit