Cross-site framing attacks

Nethanel Gelernter, Yoel Grinstein, Amir Herzberg

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

6 Scopus citations

Abstract

We identify the threat of cross-site framing attacks, which involves planting false evidence that incriminates computer users, without requiring access to their computer. We further show that a variety of framing-evidence can be planted using only modest framing-attacker capabilities. The attacker can plant evidence in both the logs of popular reputable sites and in the computer of the victim, without requiring client-side malware and without leaving traces. To infect the records of several of the most popular sites, we identified operations that are often considered benign and hence not protected from cross-site request forgery (CSRF) attacks. We demonstrate the attacks on the largest search engines: Google, Bing, and Yahoo!, on Youtube and Facebook, and on the e-commerce sites: Amazon, eBay, and Craigslist. To plant pieces of framing evidence on the computer, we abused the vulnerabilities of browsers and weaknesses in the examination procedure done by forensic software. Specifically, we show that it is possible to manipulate the common NTFS file system and to plant files on the hard disk of the victim, without leaving any traces indicating that these files were created via the browser. We validated the effectiveness of the framing evidence with the assistance of law authorities, in addition to using prominent forensic software. This work also discusses tactics for defense against cross-site framing and its applicability to web-services, browsers, and forensic software.

Original languageEnglish
Title of host publicationProceedings - 31st Annual Computer Security Applications Conference, ACSAC 2015
PublisherAssociation for Computing Machinery
Pages161-170
Number of pages10
ISBN (Electronic)9781450336826
DOIs
StatePublished - 7 Dec 2015
Event31st Annual Computer Security Applications Conference, ACSAC 2015 - Los Angeles, United States
Duration: 7 Dec 201511 Dec 2015

Publication series

NameACM International Conference Proceeding Series
Volume7-11-December-2015

Conference

Conference31st Annual Computer Security Applications Conference, ACSAC 2015
Country/TerritoryUnited States
CityLos Angeles
Period7/12/1511/12/15

Bibliographical note

Publisher Copyright:
© 2015 ACM.

Keywords

  • Forensic
  • Framing
  • Security
  • Web attacks

Fingerprint

Dive into the research topics of 'Cross-site framing attacks'. Together they form a unique fingerprint.

Cite this