Protecting Private Web Content from Embedded Scripts

Yuchen Zhou and David Evans

University of Virginia

European Symposium On Research In Computer Security (ESORICS 11')

  • Introduction

    The project idea is to allow web developers to limit the power of third party scripts embedded directly into the page. As more and more Analytics/Gadget/Ads are incorporated into the host page without using an <iframe> tag, they always have full access to host page information, and these might contain user's private information that should never be revealed to a third party.

    We modified Google Chromium (open source version of Chrome) to add new attributes and functionality. With the newly introduced 'RACL', 'WACL' and 'WorldID' the developers can easily 'sandbox' the 3rd-party scripts. One of the most important contributions compared to previous work is that we can automatically learn very-fine grained access control policy. The paper of this work: "Protecting Private Web Content from Embedded Scripts" is accepted into ESORICS (European Symposium on Research in Computer Security) 11'.

    An overview of the automatic policy learner

    To make develop access control policies easier, we propose a proxy-based automatic policy generator. As shown in the figure above, the proxy resends each outgoing request without authentication cookies. The proxy collects the differences between two responses and mark them as private nodes.

  • Paper

    A copy of our ESORICS paper can be found at here.

  • Code

    Warning: these instructions were accurate as of 2011 and some of these may not work currently. If you encounter any problems, please contact me for further instructions.

    The modifications to Chromium browser can be viewed and downloaded , and here. The prototype implementation of our policy learner (implemented using GreasySpoon ICAP server) can be downloaded .

    Because the limited space of Github, we cannot upload all Chromium source code to Github. To compile the modified version of Chromium, you first need to checkout Chromium revision 57642, see this page for more information. You may need to use gclient sync --revision src@#### to get the correct version.

    What you need to do then is:

    1) Compile and link Chromium r57642 to an executable state. See this page for further information. Currently we only provide Windows version of modified Chromium browser, however Linux build only need minor tweaks and is essentially the same.

    2) After you can run unmodified Chromium, copy all source file downloaded from chrome_bindings repository to $CHROMIUM$\src\chrome\Debug\obj\global_intermediate\webcore\bindings(This directory will not exist if you don't compile Chromium first! Source code in this directory is auto-generated by Chromium.); If you are not asked for overwrite, you are doing something wrong.

    3) Copy all source file downloaded from chromium_webkit_bindings repository to $CHROMIUM$\src\chrome\Debug\obj\global_intermediate\webkit. If you are not asked for overwrite, you are doing something wrong.

    4) Copy all source file downloaded from Chromium_on_windows repository to $CHROMIUM$\src\third_party\WebKit\WebCore\bindings. If you are not asked for overwrite, you are doing something wrong.

    5) Compile and run again. You should experience no problems. If you would like to try the release version, download the bindings from here and redo step 2.