Proceedings 2022 Workshop on Measurements, Attacks, and Defenses for the Web最新文献

insecure:// Vulnerability Analysis of URI Scheme Handling in Android Mobile Browsers Android移动浏览器URI方案处理漏洞分析

Proceedings 2022 Workshop on Measurements, Attacks, and Defenses for the Web Pub Date : 1900-01-01 DOI: 10.14722/madweb.2022.23003

Abdulla Aldoseri, David F. Oswald

{"title":"insecure:// Vulnerability Analysis of URI Scheme Handling in Android Mobile Browsers","authors":"Abdulla Aldoseri, David F. Oswald","doi":"10.14722/madweb.2022.23003","DOIUrl":"https://doi.org/10.14722/madweb.2022.23003","url":null,"abstract":"—Uniform Resource Identiﬁer (URI) schemes instruct browsers to conduct speciﬁc actions depending on the requested scheme. Previous research has addressed numerous issues with web URI schemes (e.g., http: and https:) both for desktop and mobile browsers. Less attention has been paid to local schemes (e.g., data: and ﬁle:), speciﬁcally for mobile browsers. In this work, we examined the implementation of such schemes in Android OS browsers, analysing the top-15 mobile browsers. As a result, we discovered three vulnerability types that affect several major browsers (including Google Chrome, Opera and Samsung Inter-net). First, we demonstrate an URI sanitisation issue that leads to a cross-site scripting attack via the JavaScript scheme. The problem affects Chromium browsers including Chrome, Opera, Edge, and Vivaldi. Second, we found a display issue in Samsung Internet that allows abusing data URIs to impersonate origins and protocols, posing a threat in the context of phishing attacks. Finally, we discover a privilege escalation issue in Samsung’s Android OS, leading to full read and write access to the internal storage without user consent and bypassing the Android storage permission. While this issue was originally discovered in the ﬁle scheme of the Samsung browser, utilising a combination of static and dynamic analysis, we traced the problem back to an authorization issue in Knox Sensitive Data Protection SDK. We then show that any app can abuse this SDK to obtain full access to the internal storage without appropriate permission on Samsung devices running Android 10. We responsibly disclosed the vulnerabilities presented in this paper to the affected vendors, leading to four CVEs and security patches in Chrome, Opera and Samsung Internet browser.","PeriodicalId":424703,"journal":{"name":"Proceedings 2022 Workshop on Measurements, Attacks, and Defenses for the Web","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129192486","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 1

What the Fork? Finding and Analyzing Malware in GitHub Forks 什么叉子?查找和分析GitHub分叉中的恶意软件

Proceedings 2022 Workshop on Measurements, Attacks, and Defenses for the Web Pub Date : 1900-01-01 DOI: 10.14722/madweb.2022.23001

Alan Cao, Brendan Dolan-Gavitt

{"title":"What the Fork? Finding and Analyzing Malware in GitHub Forks","authors":"Alan Cao, Brendan Dolan-Gavitt","doi":"10.14722/madweb.2022.23001","DOIUrl":"https://doi.org/10.14722/madweb.2022.23001","url":null,"abstract":"static Abstract —On GitHub, open-source developers use the fork feature to create server-side clones and implement code changes separately before creating pull requests. However, such fork repositories can be abused to store and distribute malware, particularly malware that stealthily mines cryptocurrencies. In this paper, we present an analysis of this emerging attack vector and a system for catching malware in GitHub fork repositories with minimal human effort called Fork Integrity Analysis , implemented through a detection infrastructure called Fork Sentry. By automatically detecting and reverse engineering interesting artifacts extracted from a given repository’s forks, we can generate alerts for suspicious artifacts, and provide a means for takedown by GitHub Trust & Safety. We demonstrate the efficacy of our techniques by scanning 68,879 forks of 35 popular cryptocurrency repositories, leading to the discovery of 26 forked repositories that were hosting malware, and report them to GitHub with seven successful takedowns so far. Our detection infrastructure allows not only for the triaging and alerting of suspicious forks, but also provides continuous monitoring for later potential malicious forks. The code and collected data from Fork Sentry will be released as an open-source project.","PeriodicalId":424703,"journal":{"name":"Proceedings 2022 Workshop on Measurements, Attacks, and Defenses for the Web","volume":"16 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114478996","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 7

P4DDPI: Securing P4-Programmable Data Plane Networks via DNS Deep Packet Inspection P4DDPI:通过DNS深度包检测保护p4可编程数据平面网络

Proceedings 2022 Workshop on Measurements, Attacks, and Defenses for the Web Pub Date : 1900-01-01 DOI: 10.14722/madweb.2022.23012

Ali AlSabeh, Elie F. Kfoury, J. Crichigno, E. Bou-Harb

{"title":"P4DDPI: Securing P4-Programmable Data Plane Networks via DNS Deep Packet Inspection","authors":"Ali AlSabeh, Elie F. Kfoury, J. Crichigno, E. Bou-Harb","doi":"10.14722/madweb.2022.23012","DOIUrl":"https://doi.org/10.14722/madweb.2022.23012","url":null,"abstract":"—One of the main roles of the Domain Name System (DNS) is to map domain names to IP addresses. Despite the importance of this function, DNS traffic often passes without being analyzed, thus making the DNS a center of attacks that keep evolving and growing. Software-based mitigation ap- proaches and dedicated state-of-the-art firewalls c a n become a bottleneck and are subject to saturation attacks, especially in high-speed networks. The emerging P4-programmable data plane can implement a variety of network security mitigation approaches at high-speed rates without disrupting legitimate traffic.This paper describes a system that relies on programmable switches and their stateful processing capabilities to parse and analyze DNS traffic solely in the data plane , and subsequently apply security policies on domains according to the network administrator. In particular, Deep Packet Inspection (DPI) is leveraged to extract the domain name consisting of any number of labels and hence, apply filtering rules (e.g., blocking malicious domains). Evaluation results show that the proposed approach can parse more domain labels than any state-of-the-art P4-based approach. Additionally, a significant performance gain is attained when comparing it to a traditional software firewall -pfsense-, in terms of throughput, delay, and packet loss. The resources occupied by the implemented P4 program are minimal, which allows for more security functionalities to be added.","PeriodicalId":424703,"journal":{"name":"Proceedings 2022 Workshop on Measurements, Attacks, and Defenses for the Web","volume":"24 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126940386","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 6

Log4shell: Redefining the Web Attack Surface Log4shell:重新定义Web攻击面

Proceedings 2022 Workshop on Measurements, Attacks, and Defenses for the Web Pub Date : 1900-01-01 DOI: 10.14722/madweb.2022.23010

D. Everson, Long Cheng, Zhenkai Zhang

引用次数: 6

What Storage? An Empirical Analysis of Web Storage in the Wild 存储什么?野外网络存储的实证分析

Proceedings 2022 Workshop on Measurements, Attacks, and Defenses for the Web Pub Date : 1900-01-01 DOI: 10.14722/madweb.2022.23005

Zubair Ahmad, Samuele Casarin, Stefano Calzavara

引用次数: 0

Characterizing the Adoption of Security.txt Files and their Applications to Vulnerability Notification Security.txt文件的特性及其在漏洞通知中的应用

Proceedings 2022 Workshop on Measurements, Attacks, and Defenses for the Web Pub Date : 1900-01-01 DOI: 10.14722/madweb.2022.23014

W. Findlay, A. Abdou

{"title":"Characterizing the Adoption of Security.txt Files and their Applications to Vulnerability Notification","authors":"W. Findlay, A. Abdou","doi":"10.14722/madweb.2022.23014","DOIUrl":"https://doi.org/10.14722/madweb.2022.23014","url":null,"abstract":"—While security researchers are adept at discovering vulnerabilities and measuring their impact, disclosing vulnerabilities to affected stakeholders has traditionally been difficult. Beyond public notices such as CVEs, there have traditionally been few appropriate channels through which to directly communicate the nature and scope of a vulnerability to those directly impacted by it. Security.txt is a relatively new proposed standard that hopes to change this by defining a canonical file format and URI through which organizations can provide contact information for vulnerability disclosure. However, despite its favourable characteristics, limited studies have systematically analyzed how effective Security.txt might be for a widespread vulnerability notification c ampaign. I n t his p aper, w e p resent a large-scale study of Security.txt’s adoption over the top 1M popular domains according to the Tranco list. We measure specific f eatures of Security.txt files such as contact information, preferred language, and RFC version compliance. We then analyze these results to better understand how suitable the current Security.txt standard is for facilitating a large-scale vulnerability notification campaign, and make recommendations for improving future version of the standard.","PeriodicalId":424703,"journal":{"name":"Proceedings 2022 Workshop on Measurements, Attacks, and Defenses for the Web","volume":"6 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126887301","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 2