Context-Sensitive Auto-Sanitization in Web Templating Languages Using Type Qualifiers
In Proceedings of the ACM Conference on Computer and Communications Security (CCS) 2011
@Misc{saxena10kudzu,
author = {Mike Samuel and Prateek Saxena and Dawn Song},
title = {Context-Sensitive Auto-Sanitization in Web Templating Languages Using Type Qualifiers},
booktitle = {Proceedings of the ACM Conference on Computer and Communications Security (CCS), 2011}
}
Abstract
Scripting vulnerabilities, such as cross-site scripting (XSS), plague
web applications today. Most research on defense techniques has
focused on securing existing legacy applications written in
general-purpose languages, such as Java and PHP. However, recent and
emerging applications have widely adopted web templating frameworks
that have received little attention in research. Web templating
frameworks offer an ideal opportunity to ensure safety against
scripting attacks by secure construction, but most of today's
frameworks fall short of achieving this goal. We propose a principled
type-qualifier based mechanism that can be bolted onto existing web
templating frame- works. Our solution permits rich expressiveness in
the tem- plating language while achieving backwards compatibility,
per- formance and formal security through a context-sensitive auto-
sanitization (CSAS) engine. To demonstrate its practicality, we
implement our mechanism in Google Closure Templates, a commercially
used open-source templating framework that is used in GMail, Google
Docs and other applications. Our approach is fast, precise and
retrofits to existing commer- cially deployed template code without
requiring any changes or annotations.
Source Code and Related Links
Google
Closure Templates now has an implementation of the primitive
called contextual (or context-sensitive) auto-sanitization. There
are
other related
implementations of contextual auto-sanitization presently
underway.