Web

WEB SECURITY CHALLENGES AND TRENDS

The field of Web security is in constant evolution, both in research and in practical deployment scenarios. At the end of this dissertation, we look into future research challenges within this field, as well as into currently observed trends in the state of practice.

THEORETICAL UNDERPINNINGS OF WEB SECURITY

Due to the complex nature and enormous size of the constantly evolving Web, security research is often of a very practical nature, for example, to understand the different ecosystems within the Web, or to develop and evaluate new mitigation techniques, as illustrated by the previous chapters of this dissertation. However, the prevalence of this practical line of research does not preempt the importance of more theoretical approaches to Web security, which employ formal modeling techniques or rigorous analysis methodologies to propose new, secure-by-design technologies or evaluate the security of currently proposed or deployed systems. Within this doctorate, we have gained experience with both approaches.

From the vast amount of specification text (more than 1,000 A4 pages), we distilled the functional capabilities offered by the specification, how the user is involved in the security model, and what implicit or explicit security and privacy assumptions are made by the specification. Based on this information, we have performed a rigorous threat assessment, focused on the threat models of a Web attacker and a gadget attacker. We have uncovered 51 security issues in total, of which we categorized 6 as severe, which included for example the possibility to tamper with a form using an HTML injection attack, or a violation of the semantic model of the Web by the CORS specification. The others could mainly be attributed to inconsistencies between the specifications, as well as to a lack of precision when specifying security requirements or features. Additionally, the study showed an increasing reliance on origin-based permission models, which not only puts the security responsibility on the user but also clashes with the lack of isolation between integrated scripts inside a page. Based on our experience with both tracks within the theoretical approaches towards Web security, we can make two important observations.

In a first observation, we acknowledge the importance of theoretical approaches for offering strong security guarantees, especially the formal verification of desired security properties and proposed security policies. However, the main challenge in successfully applying these approaches lies in overcoming the discrepancies between the formal model and the actual, practical implementations. Building a formal representation of certain aspects of the Web requires making the necessary abstractions, in order to make the modeling effort both feasible and scalable. Unfortunately, when going from theory to practice, the implementation will need to take care of the details that have been abstracted away, which often results in insecure or incomplete implementations. A common illustration of these difficulties can be found in the formal approaches towards JavaScript security, where some of the less-elegant language features are abstracted away by means of a well-defined subset. While making these abstractions is extremely useful in supporting the theoretical work on JavaScript security, it also represents the difficulty of applying such approaches in the real world.

In a second observation, we would like to stress the research value in performing security analysis on existing systems. The results of such a security analysis can be used to improve the security of these systems or to guide the development of alternative systems. One example is our security analysis of next-generation Web specifications, where amendments to the specifications have been made, based on the threats and issues that have been uncovered. Another example is Google Chrome’s add-on system, which was developed based on the results from an analysis of Mozilla Firefox’s add-on system. A second security analysis of the first add-on architecture of Google Chrome has led to additional security improvements, such as the mandatory enforcement of Content Security Policies on new add-ons.

President

The divine scriptures are God’s beacons to the world. Surely God offered His trust to the heavens and the earth, and the hills, but they shrank from bearing it and were afraid of it. And man undertook it.
Back to top button