- Overview
- Symposium Organizers
- Registration Information
- Registration Discounts
- At a Glance
- Calendar
- Technical Sessions
- Birds-of-a-Feather Sessions
- Poster Session
- Sponsorship
- Workshops
- Activities
- Hotel and Travel Information
- Services
- Students
- Questions
- Help Promote!
- Flyer PDF
- For Participants
- Call for Papers
- Past Symposia
sponsors
usenix conference policies
Eradicating DNS Rebinding with the Extended Same-origin Policy
Martin Johns and Sebastian Lekies, SAP Research; Ben Stock, Friedrich-Alexander-Universität Erlangen-Nürnberg
The Web’s principal security policy is the Same-Origin Policy (SOP), which enforces origin-based isolation of mutually distrusting Web applications. Since the early days, the SOP was repeatedly undermined with variants of the DNS Rebinding attack, allowing untrusted script code to gain illegitimate access to protected network resources. To counter these attacks, the browser vendors introduced countermeasures, such as DNS Pinning, to mitigate the attack. In this paper, we present a novel DNS Rebinding attack method leveraging the HTML5 Application Cache. Our attack allows reliable DNS Rebinding attacks, circumventing all currently deployed browser-based defense measures. Furthermore, we analyze the fundamental problem which allows DNS Rebinding to work in the first place: The SOP’s main purpose is to ensure security boundaries of Web servers. However, the Web servers themselves are only indirectly involved in the corresponding security decision. Instead, the SOP relies on information obtained from the domain name system, which is not necessarily controlled by the Web server’s owners. This mismatch is exploited by DNS Rebinding. Based on this insight, we propose a light-weight extension to the SOP which takes Web server provided information into account. We successfully implemented our extended SOP for the Chromium Web browser and report on our implementation’s interoperability and security properties.
Open Access Media
USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.
author = {Martin Johns and Sebastian Lekies and Ben Stock},
title = {Eradicating {DNS} Rebinding with the Extended Same-origin Policy},
booktitle = {22nd USENIX Security Symposium (USENIX Security 13)},
year = {2013},
isbn = {978-1-931971-03-4},
address = {Washington, D.C.},
pages = {621--636},
url = {https://www.usenix.org/conference/usenixsecurity13/technical-sessions/presentation/johns},
publisher = {USENIX Association},
month = aug
}
connect with us