A Framework for Testing Web Applications for Cross-Origin State Inference (COSI) Attacks

Khodayari, Soheil (2019). A Framework for Testing Web Applications for Cross-Origin State Inference (COSI) Attacks. Thesis (Master thesis), E.T.S. de Ingenieros Informáticos (UPM).

Description

Title: A Framework for Testing Web Applications for Cross-Origin State Inference (COSI) Attacks
Author/s:
  • Khodayari, Soheil
Contributor/s:
  • Carro, Manuel
Item Type: Thesis (Master thesis)
Masters title: Ingeniería del Software
Date: 12 June 2019
Subjects:
Freetext Keywords: Cross-origin state inference attacks, cross-site information leakage, browser side-channels
Faculty: E.T.S. de Ingenieros Informáticos (UPM)
Department: Lenguajes y Sistemas Informáticos e Ingeniería del Software
Creative Commons Licenses: Recognition - No derivative works

Full text

[img]
Preview
PDF - Requires a PDF viewer, such as GSview, Xpdf or Adobe Acrobat Reader
Download (923kB) | Preview

Abstract

In a Cross-Origin State Inference (COSI) attack, an attacker convinces a victim into visiting an attack web page, which leverages the cross-origin interaction features of the victim's web browser to infer the victim's state at a target web site. COSI attacks can have serious consequences including determining if the victim has an account or is the administrator of a prohibited target site, or if the victim owns sensitive content hosted at the target site. In this paper, we perform the first systematic study of COSI attacks and present the first tool for detecting them. We study the mechanisms behind 25 COSI attacks, classify them into 10 leak methods and 38 attack classes, identify a novel COSI attack class based on window.postMessage, and design a novel approach for detecting COSI attacks. We implement our detection approach into Basta-COSI, a tool that produces attack web pages that demonstrate the existence of COSI attacks in a given target web site. We apply Basta-COSI to four popular stand-alone web applications (GitHub, GitLab, HotCRP, OpenCart) and five live sites, (linkedin.com, blogger.com, amazon.com, drive.google.com, pinterest.com), fnding COSI attacks against each of them. Finally, we discuss the countermeasures that can be taken by browser vendors and site administrators against COSI attacks.

More information

Item ID: 57151
DC Identifier: http://oa.upm.es/57151/
OAI Identifier: oai:oa.upm.es:57151
Deposited by: Mr. Soheil Khodayari
Deposited on: 04 Nov 2019 07:30
Last Modified: 04 Nov 2019 07:30
  • Logo InvestigaM (UPM)
  • Logo GEOUP4
  • Logo Open Access
  • Open Access
  • Logo Sherpa/Romeo
    Check whether the anglo-saxon journal in which you have published an article allows you to also publish it under open access.
  • Logo Dulcinea
    Check whether the spanish journal in which you have published an article allows you to also publish it under open access.
  • Logo de Recolecta
  • Logo del Observatorio I+D+i UPM
  • Logo de OpenCourseWare UPM