Protecting Private Web Content from Embedded Scripts

Yuchen Zhou and David Evans

Last updated: September 1st, 2011

Not implemented

An overview of our browser defense mechanism.

Not implemented

An overview of our automatic policy learner.

• Introduction
The project idea is to allow web developers to limit the power of third party scripts embedded directly into the page. As more and more Analytics/Gadget/Ads are incorporated into the host page without using an <iframe> tag, they always have full access to host page information, and these might contain user's private information that should never be revealed to a third party.

We modified Google Chromium (open source version of Chrome) to add new attributes and functionality. With the newly introduced 'RACL', 'WACL' and 'WorldID' the developers can easily 'sandbox' the 3rd-party scripts. One of the most important contributions compared to previous work is that we can automatically learn very-fine grained access control policy. The paper of this work: "Protecting Private Web Content from Embedded Scripts" is accepted into ESORICS (European Symposium on Research in Computer Security) 11'.
• Publication
A copy of our ESORICS paper can be found at .
• Poster/WIP
At USENIX 11' we have a poster "Unifying Data Policies Across the Client and Server ", a PDF copy can be found .
This poster dicusses how to automatically generate the policies if we can modify the server side. GuardRails is developed by researchers in our group; it is an extension to Ruby on Rails framework that helps the developers to write secure code with minimum effort. With the help of GuardRails, the developers only need to specify private field once; GuardRails' built-in taint-tracking system will propagate the policy and make sure all private data usage is protected.
• Code
The modifications to Chromium browser can be viewed and downloaded , and here. The prototype implementation of our policy learner (implemented using GreasySpoon ICAP server) can be downloaded .

Because the limited space of Github, we cannot upload all Chromium source code to Github. To compile the modified version of Chromium, you first need to checkout Chromium revision 57642, see this page for more information. You may need to use gclient sync --revision src@#### to get the correct version.

What you need to do then is:

1) Compile and link Chromium r57642 to an executable state. See this page for further information. Currently we only provide Windows version of modified Chromium browser, however Linux build only need minor tweaks and is essentially the same.

2) After you can run unmodified Chromium, copy all source file downloaded from chrome_bindings repository to $CHROMIUM$\src\chrome\Debug\obj\global_intermediate\webcore\bindings(This directory will not exist if you don't compile Chromium first! Source code in this directory is auto-generated by Chromium.); If you are not asked for overwrite, you are doing something wrong.

3) Copy all source file downloaded from chromium_webkit_bindings repository to $CHROMIUM$\src\chrome\Debug\obj\global_intermediate\webkit. If you are not asked for overwrite, you are doing something wrong.

4) Copy all source file downloaded from Chromium_on_windows repository to $CHROMIUM$\src\third_party\WebKit\WebCore\bindings. If you are not asked for overwrite, you are doing something wrong.

5) Compile and run again. You should experience no problems. If you would like to try the release version, download the bindings from here and redo step 2.
• Questions?
Email me: yuchen at virginia dot edu. Feel free to ask any questions you may have.
• People