Team for Research in
Ubiquitous Secure Technology

Talking to Yourself for Fun and Profit
Lin-Shung Huang, Eric Chen, Adam Barth, Eric Rescoria, Collin Jackson

Citation
Lin-Shung Huang, Eric Chen, Adam Barth, Eric Rescoria, Collin Jackson. "Talking to Yourself for Fun and Profit". Web 2.0 Security and Privacy (W2SP 2011), 2011.

Abstract
Browsers limit how web sites can access the network. Historically, the web platform has limited web sites to HTTP, but HTTP is inefficient for a number of applications—including chat and multiplayer games—for which raw socket access is more appropriate. Java, Flash Player, and HTML5 provide socket APIs to web sites, but we discover, and experimentally verify, attacks that exploit the interaction between these APIs and transparent proxies. At a cost of less than $1 per exploitation, our attacks poison the proxy’s cache, causing all clients of the proxy to receive malicious content supplied by the attacker. We then propose a modification of the HTML5 WebSocket protocol that resists these (and other) attacks. The WebSocket working group has adopted a variant of our proposal.

Electronic downloads

Citation formats  
  • HTML
    Lin-Shung Huang, Eric Chen, Adam Barth, Eric Rescoria,
    Collin Jackson. <a
    href="http://www.truststc.org/pubs/840.html"
    >Talking to Yourself for Fun and Profit</a>, Web
    2.0 Security and Privacy (W2SP 2011), 2011.
  • Plain text
    Lin-Shung Huang, Eric Chen, Adam Barth, Eric Rescoria,
    Collin Jackson. "Talking to Yourself for Fun and
    Profit". Web 2.0 Security and Privacy (W2SP 2011), 2011.
  • BibTeX
    @inproceedings{HuangChenBarthRescoriaJackson11_TalkingToYourselfForFunProfit,
        author = {Lin-Shung Huang and Eric Chen and Adam Barth and
                  Eric Rescoria and Collin Jackson},
        title = {Talking to Yourself for Fun and Profit},
        booktitle = {Web 2.0 Security and Privacy (W2SP 2011)},
        year = {2011},
        abstract = {Browsers limit how web sites can access the
                  network. Historically, the web platform has
                  limited web sites to HTTP, but HTTP is inefficient
                  for a number of applications—including chat and
                  multiplayer games—for which raw socket access is
                  more appropriate. Java, Flash Player, and HTML5
                  provide socket APIs to web sites, but we discover,
                  and experimentally verify, attacks that exploit
                  the interaction between these APIs and transparent
                  proxies. At a cost of less than $1 per
                  exploitation, our attacks poison the proxy’s
                  cache, causing all clients of the proxy to receive
                  malicious content supplied by the attacker. We
                  then propose a modification of the HTML5 WebSocket
                  protocol that resists these (and other) attacks.
                  The WebSocket working group has adopted a variant
                  of our proposal. },
        URL = {http://www.truststc.org/pubs/840.html}
    }
    

Posted by Mary Stewart on 4 Apr 2012.
For additional information, see the Publications FAQ or contact webmaster at www truststc org.

Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright.