The "Web/Local" Boundary Is Fuzzy - A Security Study of Chrome's Process-based Sandboxing
Offered By: Association for Computing Machinery (ACM) via YouTube
Course Description
Overview
Explore a security study on Chrome's process-based sandboxing presented at the 23rd ACM Conference on Computer and Communications Security. Delve into the fuzzy boundary between web and local content, examining concrete attacks, Same-Origin Policies (SOPs), memory partitioning, and browser memory safety. Learn about fingerprinting techniques, data-oriented attacks, and Google's IFrame isolation. Gain insights from researchers at the National University of Singapore and Microsoft Research as they discuss the implications of these security vulnerabilities and potential solutions. Conclude with a Q&A session to further understand the complexities of web browser security.
Syllabus
Introduction
WebLocal Boundary
Fuzzy WebLocal Boundary
Concrete Attacks
SOPs
Can we skip SOPs
Memory Partitioning
Fingerprinting
DataOriented Attacks
Browser Memory Safety
Google IFrame Isolation
Conclusion
Questions
Taught by
ACM CCS
Related Courses
Peeling the Onion's User Experience Layer - Examining Naturalistic Use of the Tor BrowserAssociation for Computing Machinery (ACM) via YouTube DeepCorr - Strong Flow Correlation Attacks on Tor Using Deep Learning
Association for Computing Machinery (ACM) via YouTube SandScout - Automatic Detection of Flaws in iOS Sandbox Profiles
Association for Computing Machinery (ACM) via YouTube Game of Decoys - Optimal Decoy Routing Through Game Theory
Association for Computing Machinery (ACM) via YouTube PREDATOR - Proactive Recognition and Elimination of Domain Abuse at Time-Of-Registration
Association for Computing Machinery (ACM) via YouTube