Mechanized Discovery of Malicious Attack and Providing Security using Frame Breaking in WoT
Abstract
This paper highlights the detection unit which detects the malicious components in a web page that redirect users to external links. The mitigation unit provides interception of user clicks and give educated warnings to users who can then choose to continue or not. This is viewed as a social engineering attack which exploits peoples' ignorance against web attacks. In the most extreme cases, this vulnerability can cause an unsuspecting user to have their account compromised with a single click. The concept of Frame-breaking Options header is known to be a good measurement against those so called malicious attack Although there are protections available for click jacking, the web applications implementing these mitigations are far and in between. The "frame-breaking" functionality which prevents other web pages from framing the site you wish to defend. This will discuss two methods of implementing frame-breaking: first is X-Frame-Options headers (used if the browser supports the functionality); and second is javascript frame-breaking code. To implement this protection, you need to add the X-Frame-Options HTTP Response header to any page that you want to protect from being clickjacked via framebreaking.
Keywords
Full Text:
PDFReferences
Hansen.RClickjacking.ha.ckers.org/blog/20080915/clickjacking. Last Accessed July 31st, 2013
Mahemoff.M. Explaining the “Don’t Click” Clickjacking Tweet bomb. http://softwareas.com/explaining-the-dont-click-clickjacking-tweetbomb,2 2009.
Zalewski.M.Browsersecurityhandbook.http//code.google.com/p/browsersec/wiki/Part2#Arbitrary_page_mashups_(UI_redressing).2010
Niemietz.M “UI Redressing: Attacks and Countermeasures Revisited”.In Conference, 2011.
Jesse.O ,Lundeen.R, Travis.R, "New Ways I’m Going to Hack Your Web App. Black hat AD, 2011.
Bursztein.E, Boneh.D, Gourdin.B, Rydstedt.G,, “Framing Attacks on Smart Phones and Dumb Routers: Tap-jacking and Geo-localization Attacks”. Proceedings of the 4th USENIX conference on Offensive Technologies.USENIX Association, 2010.
E. Lawrence. IE8 Security Part VII: Clickjacking Defenses. http://blogs.msdn.com/b/ie/archive/2009/01/27/ie8-security-part-vii-Clickjacking-defenses.aspx, 2009.
Bursztein.E, Boneh.D, Jackson.E and Rydstedt.G,. “Busting frame Busting: a study of clickjacking vulnerabilities” at popular sites. In 2010.
Huang, L. S., Jackson, C. Moshchuk, A., ., Schechter, S., & Wang, H. J “Clickjacking: Attacks and Defenses”, 2012. Usenix Security Symposium, 2012.
Balduzzi.M, Balzarotti.D, Egele.M, Kirda.E, , and Kruegel.C. "A Solution for the automated detection of clickjacking attacks." In Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security, pp. 135-144. ACM, 2010.
Refbacks
- There are currently no refbacks.
This work is licensed under a Creative Commons Attribution 3.0 License.