Residue objects

Shuo Chen, Hong Chen, Manuel Caballero
2010 Proceedings of the 5th European conference on Computer systems - EuroSys '10  
A complex software system typically has a large number of objects in the memory, holding references to each other to implement an object model. Deciding when the objects should be alive/active is non-trivial, but the decisions can be security-critical. This is especially true for web browsers: if certain browser objects do not disappear when the new page is switched in, basic security properties can be compromised, such as visual integrity, document integrity and memory safety. We refer to
more » ... browser objects as residue objects. Serious security vulnerabilities due to residue objects have been sporadically discovered in leading browser products in the past, such as IE, Firefox and Safari. However, this class of vulnerabilities has not been studied in the research literature. Our work is motivated by two questions: (1) what are the challenges imposed by residue objects on the browser's logic correctness; (2) how prevalent can these vulnerabilities be in today's commodity browsers. As an example, we analyze the mechanisms for guarding residue objects in Internet Explorer (IE), and use an enumerative approach to expose and understand new vulnerabilities. Although only the native HTML engine is studied so far, we have already discovered five new vulnerabilities and reported them to IE developers (one of the vulnerabilities has been patched in a Microsoft security update). These vulnerabilities demonstrate a diversity of logic errors in the browser code. Moreover, our study empirically suggests that the actual prevalence of this type of vulnerabilities can be higher than what is perceived today. We also discuss how the browser industry should respond to this class of security problems.
doi:10.1145/1755913.1755942 dblp:conf/eurosys/ChenCC10 fatcat:344hqgejwjbl7fz6o3ps5oc7xu