Alhambra: A System for Creating, Enforcing, and Testing Browser Security Policies

摘要

Alhambra is a browser-based system designed to enforce and test web browser security policies. At the core of Alhambra is a policy-enhanced browser supporting fine-grain security policies that restrict web page contents and execution. Alhambra requires no server-side modifications or additions to the web application. Policies can restrict the construction of the document as well as the execution of JavaScript using access control rules and a taint-tracking engine. Using the Alhambra browser, we present two security policies that we have built using our architecture, both designed to prevent cross-site scripting. The first policy uses a taint-tracking engine to prevent cross-site scripting attacks that exploit bugs in the client-side of the web applications. The second one uses browsing history to create policies that restrict the contents of documents and prevent the inclusion of malicious content.Using Alhambra we analyze the impact of policies on the compatibility of web pages. To test compatibility, Alhambra supports revisiting user-generated browsing sessions and comparing multiple security policies in parallel to quickly and automatically evaluate security policies. To compare security policies for identical pages we have also developed useful comparison metrics that quantify differences between identical pages executed with different security policies. Not only do we show that our policies are effective with minimal compatibility cost, we also demonstrate that Alhambra can enforce strong security policies and provide quantitative evaluation of the differences introduced by security policies.