Scribd
Upload
59 views

Module 5.4: Browser Isolation

This document discusses browser isolation through the use of frames and iframes. It explains that frames can isolate content from different sources by providing separate origins. Each frame has its own origin defined by the protocol, host, and port. A frame can only access data from its own origin for network requests, reading/writing the DOM, and storage like cookies. The document outlines the goals and mechanisms of the browser security policy for isolating frames, including same-origin policy and cross-origin communication techniques like postMessage.

Uploaded by

Harpreet Singh
Copyright
© © All Rights Reserved
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
59 views

Module 5.4: Browser Isolation

This document discusses browser isolation through the use of frames and iframes. It explains that frames can isolate content from different sources by providing separate origins. Each frame has its own origin defined by the protocol, host, and port. A frame can only access data from its own origin for network requests, reading/writing the DOM, and storage like cookies. The document outlines the goals and mechanisms of the browser security policy for isolating frames, including same-origin policy and cross-origin communication techniques like postMessage.

Uploaded by

Harpreet Singh
Copyright
© © All Rights Reserved
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 21

Module 5.

4: Browser Isolation
Frame and iFrame
Window may contain frames from different sources
Frame: rigid division as part of frameset
iFrame: floating inline frame
iFrame example
<iframe src="hello.html" width=450 height=100>
If you can see this, your browser doesn't understand IFRAME.
</iframe>

Why use frames?


Delegate screen area to content from another source
Browser provides isolation based on frames
Parent may work even if frame is broken

http://www.w3schools.com/tags/tryit.asp?
Windows Interact

3
Analogy
Operating system Web browser
Primitives
Primitives Document object model
System calls Frames
Processes Cookies / localStorage
Disk Principals: Origins
Principals: Users Mandatory access control
Discretionary access Vulnerabilities
control Cross-site scripting
Vulnerabilities Cross-site request forgery
Buffer overflow Cache history attacks
Root exploit
Policy Goals
Safe to visit an evil web site

Safe to visit two pages at the same time


Address bar
distinguishes them

Allow safe delegation


Browser security
mechanism
A B A
A

Each frame of a page has an origin


Origin = protocol://host:port
Frame can access its own origin
Network access, Read/write DOM, Storage (cookies)
Frame cannot access data associated with a different origin
Components of browser security policy
Frame-Frame relationships
canScript(A,B)
Can Frame A execute a script that manipulates
arbitrary/nontrivial DOM elements of Frame B?
canNavigate(A,B)
Can Frame A change the origin of content for Frame B?
Frame-principal relationships
readCookie(A,S), writeCookie(A,S)
Can Frame A read/write cookies from site S?
See https://code.google.com/p/browsersec/wiki/Part1
https://code.google.com/p/browsersec/wiki/Part2
Library import excluded
from SOP
<script src=https://seal.verisign.com/getseal?host_name=a.com></script>

VeriSign

Script has privileges of imported page, NOT source server.


Can script other pages in this origin, load more scripts
Other forms of importing
Domain Relaxation
www.facebook.com chat.facebook.com

www.facebook.com
www.facebook.com
facebook.com facebook.com
chat.facebook.com

Origin: scheme, host, (port), hasSetDomain


Try document.domain = document.domain
Site A Site B
Additional mechanisms

Site A context Site B context

Cross-origin network requests

Access-Control-Allow-Origin: <list of domains>

Access-Control-Allow-Origin: *

Cross-origin client side communication

Client-side messaging via navigation (old browsers)

postMessage (modern browsers)


COMMUNICATION
window.postMessage
API for inter-frame communication
Supported in standard browsers

A network-like channel between frames


Add a contact

Share contacts
postMessage syntax
frames[0].postMessage("Attack at dawn!",
"http://b.com/");

window.addEventListener("message", function (e) {


if (e.origin == "http://a.com") {
... e.data ... }
}, false);

Attack at dawn!

Facebook
Facebook
Anecdote
Anecdote
Why include targetOrigin?
What goes wrong?
frames[0].postMessage("Attack at dawn!");

Messages sent to frames, not


principals
When would this happen?

21
NAVIGATION

22
A Guninski Attack

awglogin

window.open("https://attacker.com/", "awglogin");
What should the policy be?

Sibling
Frame Bust
Child
Descendant

24
Legacy Browser Behavior
Browser Policy
IE 6 (default) Permissive
IE 6 (option) Child
IE7 (no Flash) Descendant
IE7 (with Flash) Permissive
Firefox 2 Window
Safari 3 Permissive
Opera 9 Window
HTML 5 Child
Window Policy Anomaly
top.frames[1].location = "http://www.attacker.com/...";
top.frames[2].location = "http://www.attacker.com/...";
...
Legacy Browser Behavior
Browser Policy
IE 6 (default) Permissive
IE 6 (option) Child
IE7 (no Flash) Descendant
IE7 (with Flash) Permissive
Firefox 2 Window
Safari 3 Permissive
Opera 9 Window
HTML 5 Child
Adoption of Descendant
Policy
Browser Policy
IE7 (no Flash) Descendant
IE7 (with Flash) Descendant
Firefox 3 Descendant
Safari 3 Descendant
Opera 9 (many policies)
HTML 5 Descendant

You might also like