Upload
paulos
View
71
Download
0
Tags:
Embed Size (px)
DESCRIPTION
Rozzle : De- Cloaking Internet Malware. Clemens Kolbitsch , Christian Seifert , Benjamin Livshits and Benjamin Zorn Microsoft Research Technical Report Presentation by David Ferreras. The P roblem. - PowerPoint PPT Presentation
Citation preview
Rozzle: De-Cloaking Internet Malware
Clemens Kolbitsch, Christian Seifert , Benjamin Livshits and Benjamin Zorn
Microsoft Research Technical Report
Presentation by David Ferreras
The Problem
• The browser is exposed to malicious content that affect millions of URLs using JavaScript
• Web-based malware tends to target a particular browser, often attacking specific versions of installed plugins. – Environment matching– Fingerprinting– Client-Side cloaking
The Problem
The Problem
The Solution Proposed
• Rozzle: Multi-execution JavaScript implementation– execute both possibilities whenever it encounters
control flow branching that is dependent on the environment
The Solution Proposed
The Solution Proposed (Details)
• Symbolic Values: All environment-specific values start out as symbolic in Rozzle
• Branching on symbolic values • Looping on symbolic values• Creates a heap of values
Results
Limitations
• Server-side cloaking• Breaking existing code• Identifying that Rozzle is enabled could be
used construct denial-of service attack on Rozzle-enabled browsers.
Any questions?