Abstract
Web 2.0 platforms are ubiquitously used to share content and personal information, which makes them an inviting and vulnerable target of hackers and phishers alike. In this paper, we discuss an emerging class of attacks, namely content repurposing attacks, which specifically targets sites that host user uploaded content on Web 2.0 sites. This latent threat is poorly addressed, if at all, by current protection systems, both at the remote sites and at the client ends. We design and develop an approach that protects from content repurposing attacks at the client end. As we show through a detailed evaluation, our solution promptly detects and stops various types of attacks and adds no overhead to the user’s local machine or browser where it resides. Further, our approach is light-weight and does not invasively monitor all the user interactions with the browser, providing an effective protection against these new and powerful attacks.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Askarov, A., Sabelfeld, A.: Secure implementation of cryptographic protocols: A case study of mutual distrust. In: di Vimercati, S.d.C., Syverson, P.F., Gollmann, D. (eds.) ESORICS 2005. LNCS, vol. 3679, pp. 197–221. Springer, Heidelberg (2005)
Auger, R., et al.: Threat classification - denial of service, http://www.Webappsec.org/projects/threat/classes/denial_of_service.shtml
Bailey, M.: Foreground Security.Superior Security. Visible Results - Flash Origin Policy Issues, http://foregroundsecurity.com/MyBlog/flash-origin-policy-issues.html
Brandis, R.: Exploring below the surface of the gifar iceberg. Whitepaper (February 2009)
CNET. Cnet Antivirus Software, http://download.cnet.com/windows/antivirus-software/?sort=editorsRating+asc-tag=mncol;pm
CNET. Top 10 Anti Spyware Software, http://www.top10list.com/top,10,spyware,software/top-ten-spyware-protection.asp
Dhawan, M., Ganapathy, V.: Analyzing Information Flow in JavaScript-based Browser Extensions. In: ACSAC 2009: Proceedings of the 2009 Annual Computer Security Applications Conference (December 2009)
Document object model (dom) level 2 events specification. W3C Specifications (November 2000), http://www.w3.org/TR/DOM-Level-2-Events/
Grossman, J.: Top ten Web hacking techniques of 2008 (official) (February 2009)
Gu, G., Zhang, J., Lee, W.: Botsniffer: Detecting botnet command and control channels in network traffic. In: 15th Annual Network and Distributed System Security Symposium, NDSS 2008 (February 2008)
Guha, A., Krishnamurthi, S., Jim, T.: Using static analysis for ajax intrusion detection. In: WWW 2009: Proceedings of the 18th international conference on World wide Web. ACM, New York (2009)
Haldar, V., Chandra, D., Franz, M.: Semantic remote attestation - a virtual machine directed approach to trusted computing. In: Third virtual Machine Research and Technology Symposium. USENIX (2004)
Hicks, B., Ahmadizadeh, K., McDaniel, P.: From languages to systems: Understanding practical application development in security-typed languages. In: 22nd Annual Computer Security Applications Conference (2006)
Inferno’s blog on application security. Easy server side fix for the gifar security issue (January 2009) http://securethoughts.com/2009/01/easy-server-side-fix-for-the-gifar-security-issue/
John, B.E., Vera, A., Matessa, M., Freed, M., Remington, R.: Automating CPM-Goms. In: Computing Human Interaction (2002)
Jackson, C., Bortz, A., Boneh, D., Mitchell, J.C.: Protecting browser state from web privacy attacks. In: Proceedings of the 15th ACM World Wide Web Conference (2006)
Karlof, C., Shanka, U., Tygar, J.D., Wagner, D.: Dynamic pharming attacks and locked same-origin policies for web browsers. In: 14th ACM Conference on Computer and Communications Security (2007)
Keizer, G.: Typical Windows user patches every 5 days Computer World, http://www.computerworld.com/s/article/9165738/Typical_Windows_user_patches_every_5_days
Kiciman, E., Livshits, B.: Ajaxscope: A platform for remotely monitoring the client-side behavior of Web 2.0 applications. In: ACM SOSP Symposium on Operating Systems Principles (2007)
MacVittie, L.: The Web 2.0 botnet: Twisting twitter and automated collaboration, http://devcentral.f5.com/Weblogs/macvittie/archive/2009/04/13/the-Web-2.0-botnet-twisting-twitter-and-automated-collaboration.aspx
McCune, J.M., Jaeger, T., Berger, S., Caceres, R., Sailer, R.: Shamon: A system for distributed mandatory access control. In: Computer Security Applications Conference (2006)
Mills, E.: Cnet news. Researchers warn of malware hidden in.zip files (April 2010), http://news.cnet.com/8301-27080_3-20002542-245.html
nsIFile - Mozilla development center. Developer’s Guide (May 2009)
Reis, C., Dunagan, J., Wang, H.J., Dubrovsky, O., Esmeir, S.: Browsershield: Vulnerability-driven filtering of dynamic html. In: USENIX OSDI Symposium on Operating Systems Design and Implementation (2006)
Rios, B.: Billy (bk) Rios, Thoughts on security in an uncivilized world. Blog, http://xs-sniper.com/blog/ (Last Accessed: February, 2010)
Ritter, F.E., Baxter, G.J., Jones, G., Young, R.M.: Supporting cognitive models as users. ACM Transactions on Computer-Human Interaction 7 (2000)
Giffin, J., Sharif, M., Singh, K., Lee, W.: Understanding precision in host based intrusion detection. In: Kruegel, C., Lippmann, R., Clark, A. (eds.) RAID 2007. LNCS, vol. 4637, pp. 21–41. Springer, Heidelberg (2007)
Ur, B.E., Ganapathy, V.: Evaluating attack amplification in online social networks. In: W2SP 2009: 2009 Web 2.0 Security and Privacy Workshop (May 2009)
Wayner, P.: Mimic Functions. Cryptologia XVI(3) (1992)
Wayner, P.: Disappearing cryptography. In: Information Hiding: Steganography & Watermarking, 3rd edn. MK/Morgan Kaufmann Publishers, San Francisco (2009)
Yu, D., Chander, A., Islam, N., Serikov, I.: JavaScript instrumentation for browser security. In: ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (2007)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Sundareswaran, S., Squicciarini, A.C. (2010). DeCore: Detecting Content Repurposing Attacks on Clients’ Systems. In: Jajodia, S., Zhou, J. (eds) Security and Privacy in Communication Networks. SecureComm 2010. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 50. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-16161-2_12
Download citation
DOI: https://doi.org/10.1007/978-3-642-16161-2_12
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-16160-5
Online ISBN: 978-3-642-16161-2
eBook Packages: Computer ScienceComputer Science (R0)