Thursday 3:30–5:00 PM
Chair, Kristen Lefevre
Fine-Grained Privilege Separation for Web Applications
Akshay Krishnamurthy, Adrian Mettler, David Wagner
We present a web application programming model that simplifies reasoning about security considerations and verifying security properties of web applications. In our model, applications can easily be divided into privilege-separated components, enabling rich security policies to be enforced. The model is designed to help external reviewers check these security properties. Privilege separation of web applications is accomplished by using an object-capability language and interfaces that expose limited, explicitly specified privileges to web application components. This approach restricts what each component of the application can do and quarantines buggy or compromised application code. This also provides a better way to safely integrate third-party, less trusted code into a web application. We have implemented a prototype of this model, based upon the Java Servlet framework, and used it to build a web mail application. Our experience with this example suggests that the approach is viable and helpful at establishing application-level security properties.
Malicious Interface Design: Exploiting the User
Gregory Conti, Edward Sobiesk
In an ideal world, interface design is the art and science of helping users accomplish tasks in a timely, efficient, and pleasurable manner. This paper studies the inverse situation, the vast emergence of deliberately constructed malicious interfaces that violate design best practices in order to accomplish goals counter to those of the user. This has become a commonplace occurrence both on and off the desktop, particularly on the web. The objective of this paper is to formally define this problem, including construction of a taxonomy of malicious interface techniques and an analysis of their impact on users. Findings are also presented on the self-reported tolerance and expectation levels of users with regard to malicious interfaces as well as on the effectiveness and ease of use of existing countermeasures. Our results were accomplished through significant compilation of malicious interface techniques based on review of thousands of web sites and by conducting three original surveys. Ultimately, this paper concludes that malicious interfaces are an ubiquitous problem that demands intervention by the security and human computer interaction communities in order to reduce the negative impact on the global user population and to call for a cultural shift in the advertising design community.
Marco Cova, Christopher Kruegel, Giovanni Vigna