0sec08 - 0.6
0sec 2008
a private security event for friends
| Speakers | |
|---|---|
|
Saumil Shah |
| Schedule | |
|---|---|
| Day | 2 |
| Room | Talk |
| Start time | 19:00 |
| Duration | 01:00 |
| Info | |
| ID | 13 |
| Event type | Lecture |
| Track | Talks |
| Language | English |
Teflon
A new model for Browser security
Browser exploits have taken centre stage as the next wave of practical exploitation of systems. Browsers are quite different in design and offer great flexibility as compared to other binaries, be they client binaries or server binaries. Why have mechanisms such as stack space randomization, non-execute flags, compiler generated protection mechanisms, etc. not been successful in thwarting browser exploits? The answer lies within the design and functionality of browsers in general. This talk touches upon the fundamentals of browser exploitation and how certain concepts can be leveraged to prevent practical exploitation of browsers.
This presentation begins with an examination of the fundamental architecture of a browser and its components to get a proper understanding of the full attack surface. The focus then moves to key concepts that are leveraged in practical exploitation of browsers. A few examples of popular browser exploits and an example "0-day" exploit shall be demonstrated. The talk also goes to show how the next generation of Javascript delivered exploits render current defense mechanisms useless. Antivirus programs and malware scanners are already being proved ineffective and cannot continue to identify and stop browser exploits in the future. The talk then moves on to new proposed defense mechanisms that attack the very principles that browser exploits depend on. We shall now introduce and demonstrate a few tools built on these defense principles and apply them against the exploits demonstrated. The talk shall then end with questions from the audience and some thoughts on how these tools can be further extended.
A vast majority of open attack vectors in today's exploit scene are browser based exploits. New browser based vulnerabilities are being reported every week, if not more frequently. Exploit delivery tools such as MPack largely focus on browser based exploits to expand the botnets. It is high time that we think about different approaches to defending against browser based attacks. I believe the methods I am exploring can make a difference.
The talk introduces a tool codenamed "Teflon" which implements the security model I propose.