Light-Weight Transparent Defense Against Browser Cross-Frame Attacks Using Script Accenting

The browsers’ isolation mechanisms are critical to users’ safety and privacy on the web. Achieving proper isolations, however, is very difficult at both the policy-specification level and the implementation level. This paper is focused on the implementations of browser isolation mechanisms. As a concrete example, we discuss the enforcement of the well-defined cross-frame isolation policy, which is supposed to prohibit a script from one Internet domain to access objects in a frame of another domain. Historical data show that even for such a seemingly simple policy, the current implementations of the enforcement mechanisms are surprisingly error-prone, and have been exploited on most major browser products. In this paper, we proposed the script accenting technique as a light-weight transparent defense against the cross-frame attacks. The basic idea is to introduce domain-specific “accents” to the scripts and the object names so that two frames cannot communicate/interfere if they have different accents. The mechanism has been prototyped on Internet Explorer. Our evaluations showed that all known cross-frame attacks were defeated, and the proposed mechanism is fully transparent to existing web applications. The end-to-end measurement about user’s browsing experience did not show any noticeable slowdown.