Paper Info
Title
Poster: a path-cutting approach to blocking XSS worms in social web networks
Abstract
Worms exploiting JavaScript XSS vulnerabilities rampantly infect millions of webpages, while drawing the ire of helpless users. To date, users across all of the popular social networks, including FaceBook, MySpace, Orkut and Twitters, have been vulnerable to XSS worms. We propose PathCutter as a new approach to severing the self-propagation path of JavaScript worms. PathCutter works by blocking two critical steps in the propagation path of an XSS worm: (i) DOM access to different views at the client-side and (ii) unauthorized HTTP request to the server. As a result, although an XSS vulnerability is successfully exercised at the client, the XSS worm is prevented from successfully propagating to the would be victim's own social network page. PathCutter is effective against all of the current forms of XSS worms, including those that exploit traditional XSS, DOM-based XSS, and content sniffing XSS vulnerabilities. We demonstrate PathCutter using WordPress and perform a preliminary evaluation on a proof-of-concept JavaScript Worm.
Year
DOI
Venue
2011
10.1145/2046707.2093483
ACM Conference on Computer and Communications Security
Keywords
DocType
Citations 
own social network page,social web network,xss vulnerability,path-cutting approach,proof-of-concept javascript worm,propagation path,traditional xss,javascript worm,javascript xss,dom-based xss,popular social network,xss worm,security,social network,proof of concept,social web
Conference
0
PageRank 
References 
Authors
0.34
4
4
Name
Order
Citations
PageRank
Yinzhi Cao129718.73
Vinod Yegneswaran21971141.25
Phillip A. Porras31959174.93
Yan Chen43842220.64