CISPA
Browse
cispa_all_3164.pdf (517.62 kB)

PMForce: Systematically Analyzing PostMessage Handlers at Scale

Download (517.62 kB)
conference contribution
posted on 2023-11-29, 18:13 authored by Marius Steffens, Ben StockBen Stock
The Web has become a platform in which sites rely on intricate interactions that span across the boundaries of origins. While the Same-Origin Policy prevents direct data exchange with documents from other origins, the postMessage API offers one relaxation that allows developers to exchange data across these boundaries. While prior manual analysis could show the presence of issues within postMessage handlers, unfortunately, a steep increase in postMessage usage makes any manual approach intractable.To deal with this increased work load, we set out to automatically find issues in postMessage handlers that allow an attacker to execute code in the vulnerable sites, alter client-side state, or leak sensitive information. To achieve this goal, we present an automated analysis framework running inside the browser, which uses selective forced execution paired with lightweight dynamic taint tracking to find traces in the analyzed handlers that end in sinks allowing for code-execution or state alterations. We use path constraints extracted from the program traces and augment them with Exploit Templates, i.e., additional constraints, ascertaining that a valid assignment that solves all these constraints produces a code-invoking or state-manipulating behavior. Based on these constraints, we use Z3 to generate postMessages aimed at triggering the insecure functionality to prove exploitability, and validate our findings at scale. We use this framework to conduct the most comprehensive experiment studying the security issues of postMessage handlers found throughout the top 100,000 most influential sites yet, which allows us to find potentially exploitable data flows in 252 unique handlers out of which 111 were automatically exploitable.

History

Preferred Citation

Marius Steffens and Ben Stock. PMForce: Systematically Analyzing PostMessage Handlers at Scale. In: ACM Conference on Computer and Communications Security (CCS). 2020.

Primary Research Area

  • Empirical and Behavioral Security

Secondary Research Area

  • Threat Detection and Defenses

Name of Conference

ACM Conference on Computer and Communications Security (CCS)

Legacy Posted Date

2020-07-29

Open Access Type

  • Unknown

BibTeX

@inproceedings{cispa_all_3164, title = "PMForce: Systematically Analyzing PostMessage Handlers at Scale", author = "Steffens, Marius and Stock, Ben", booktitle="{ACM Conference on Computer and Communications Security (CCS)}", year="2020", }

Usage metrics

    Categories

    No categories selected

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC