Haviv Cohen, M.Sc. Thesis Seminar
Advisor: Prof. Roy Friedman, Dr. Nethanel Gelernter
There are many types of security vulnerabilities and exploits that utilize them, and most of them are well studied. Yet, a family of severe security exploits called Universal Cross-Site Scripting (UXSS) has been hardly explored and the foundation required to study them has not been formulated. In this thesis, we focus on this family of exploits.
A UXSS exploit enables the attacker to execute a controlled script in the context of any cross-origin service. UXSS exploits focus solely on the browser implementation and thus bypass any XSS protection implemented in the service's server-side. Compared to other well-studied exploits, there is neither classification nor basic knowledge about what makes UXSS exploits possible. Because of this, the mitigation techniques implemented in browsers against these exploits are ineffective and inaccurate.
In this thesis, we map the factors that influence the existence of UXSS exploits and achieve a better understanding of them. Analyzing UXSS exploits can be challenging and time-consuming. But, using the results of this research, this process becomes more efficient and much easier. Moreover, we used it to evaluate Site Isolation, which is Chrome's main mitigation against UXSS exploits. As a result, This research builds the foundations for handling UXSS exploits and other logical browser vulnerabilities.