Spy Shield Preserving Privacy from Spy Addons Zhuowei

Spy. Shield: Preserving Privacy from Spy Add-ons Zhuowei Li, Xiao. Feng Wang and Jong Youl Choi Indiana University at Bloomington Dr. Xiao. Feng Wang ©

You are being WATCHED! § Spyware on the loose Ø Webroot said 89 percent of the computers it scanned INFECTED WITH SPYWARE With 30 PICIECES PER MACHINE! Dr. Xiao. Feng Wang ©

What are we going to do? § Single-layer defense is always fragile Defense in Depth Detection Contain Dr. Xiao. Feng Wang © Prevention

Spyware containment § Protect sensitive information under spyware surveillance § Complementary to spyware prevention and detection Dr. Xiao. Feng Wang ©

Spy add-on COM Interfaces BHO Dr. Xiao. Feng Wang ©

Spy. Shield BHO Dr. Xiao. Feng Wang ©

Spy. Shield BHO Dr. Xiao. Feng Wang ©

Related work § Surveillance containment Ø Bump in the Ether; Spy. Block Not for containing spy add-ons § Privilege separation Ø Prevent privilege escalations Not for control of information leaks § Sandboxing and information flow security Spy. Shield enforces access control to add-on interfaces Dr. Xiao. Feng Wang ©

Contributions § General protection against spy add-ons § Potential for fine-grained access control § Resilience to attacks § Small overheads § Ease of use Dr. Xiao. Feng Wang ©

Design § Access-control proxy enforces security policies § Proxy guardian protects the proxy Dr. Xiao. Feng Wang ©

Access-control proxy § Objective: permit or deny add-ons’ access to host data § Event-driven add-ons: Ø Steal information once an event happens Ø Proxy: block the events according to security policies § Non-event-driven add-ons Ø Poll add-on interfaces Ø Proxy: control all interfaces spy add-ons might use § Direct memory access Ø Proxy: separate untrusted add-ons from the host control the channels for Inter-process communication Dr. Xiao. Feng Wang ©

Untrusted add-ons § Trusted add-ons are from known vendors § If don’t know, then don’t trust § Use hash values to classify add-ons Dr. Xiao. Feng Wang ©

Security policies § Limit untrusted add-ons’ access to host when sensitive data are being processed Ø For example, the bank balance is displayed § Sensitive zones Dr. Xiao. Feng Wang ©

Policy setting Dr. Xiao. Feng Wang ©

Proxy guardian § Protect the proxy from being attacked § Use system call interposition § Protect data Ø Database of the hash values for trusted add-ons Ø Policies § Protect proxy processes Dr. Xiao. Feng Wang ©

Implementation (1) § We implemented an access control proxy for IE plug-ins § COM interfaces interposed: Dr. Xiao. Feng Wang ©

Implementation (2) § Proxy guardian interposed the following system calls: Dr. Xiao. Feng Wang ©

Evaluations § Setting: Ø Pentium 3. 2 GHz and 1 GB memory and Windows XP § Effectiveness test Ø Traffic differential analysis [Net. Spy] Ø Dangerous behavior blocked § Performance test Ø Latency for Inter-process communication Ø Processing time of function invocations Ø Web navigation Dr. Xiao. Feng Wang ©

Effectiveness (1) Dr. Xiao. Feng Wang ©

Effectiveness (2) § Differential analysis Dr. Xiao. Feng Wang ©

Effectiveness (3) § Block malicious activities Dr. Xiao. Feng Wang ©

Performance (1) § Overhead for IPC Ø 1327 times! § However, IPC only takes a SMALL portion of transaction processing time Dr. Xiao. Feng Wang ©

Performance (2) § § Function invocation time Web navigation: Ø 80% functionalities of google toolbar and 8/9 of Yahoo! Toolbar § Memory costs: Ø From 11 MB to 15 MB Ø However, an additional new window only cost an extra 0. 1 to 0. 5 MB Dr. Xiao. Feng Wang ©

Limitations § Limitations of the design Ø Only for protecting add-ons Ø Not for defending against kernel-level spyware § Limitations of implementation Ø Apply same policies to the whole window object How about frames? Ø Only wrap the COM interfaces for the plug-ins used in exp Dr. Xiao. Feng Wang ©

Conclusion and future work § Spy. Shield offers effective containment against Spy add-ons § Future work: develop policy model and techniques for containing standalone spyware Dr. Xiao. Feng Wang ©