The "Web/Local" Boundary Is Fuzzy - A Security Study of Chrome's Process-based Sandboxing
Association for Computing Machinery (ACM) via YouTube
Overview
Explore a security study on Chrome's process-based sandboxing presented at the 23rd ACM Conference on Computer and Communications Security. Delve into the fuzzy boundary between web and local content, examining concrete attacks, Same-Origin Policies (SOPs), memory partitioning, and browser memory safety. Learn about fingerprinting techniques, data-oriented attacks, and Google's IFrame isolation. Gain insights from researchers at the National University of Singapore and Microsoft Research as they discuss the implications of these security vulnerabilities and potential solutions. Conclude with a Q&A session to further understand the complexities of web browser security.
Syllabus
Introduction
WebLocal Boundary
Fuzzy WebLocal Boundary
Concrete Attacks
SOPs
Can we skip SOPs
Memory Partitioning
Fingerprinting
DataOriented Attacks
Browser Memory Safety
Google IFrame Isolation
Conclusion
Questions
Taught by
ACM CCS