Abstract

The Web that we use today relies on a stack of legacy protocols and languages that have evolved over the past few decades under conflicting requirements of flexibility and security. Thus, the high-level security goals of Web applications, such as the confidentiality of user data processed by a website, actually depend on many assumptions on the various protocols involved in the process. Hence, it is equally possible for an attacker to steal this data by exploiting a flaw in the TLS cryptographic protocol, in the browser’s security isolation between websites, or in the authorization logic of the application. The problem can be mitigated by abstracting all the underlying security goals at each layer to consider protocols in isolation: however, we found a large number of abstraction-breaking, cross-layer attacks that demonstrate the limits of this approach in practice. Trying to model these attacks brings to light the need to consider specific interactions between TLS , PKIX/X.509 and HTTP on the network, along with JavaScript and its HTML5 environment in the browser. Moreover, there tends to be a significant gap between the expected security abstractions and the actual guarantees provided by implementations: for our research to have any impact, it is important to stay as close as possible to the code that is really executed. In this talk, I will present some of our efforts towards building practical tools for the compositional security evaluation of Web applications.