WPSE: Fortifying Web Protocols via Browser-Side Security Monitoring
This addresses security vulnerabilities in web protocols for web application developers and users, offering a novel method to detect and fix implementation bugs and attacks.
The paper tackles the problem of web protocol security by introducing WPSE, a browser-side security monitor that ensures compliance with protocol flows and protects confidentiality and integrity, identifying security flaws in 61.1% of tested websites and preventing novel attacks like one on Google's SAML 2.0 implementation.
We present WPSE, a browser-side security monitor for web protocols designed to ensure compliance with the intended protocol flow, as well as confidentiality and integrity properties of messages. We formally prove that WPSE is expressive enough to protect web applications from a wide range of protocol implementation bugs and web attacks. We discuss concrete examples of attacks which can be prevented by WPSE on OAuth 2.0 and SAML 2.0, including a novel attack on the Google implementation of SAML 2.0 which we discovered by formalizing the protocol specification in WPSE. Moreover, we use WPSE to carry out an extensive experimental evaluation of OAuth 2.0 in the wild. Out of 90 tested websites, we identify security flaws in 55 websites (61.1%), including new critical vulnerabilities introduced by tracking libraries such as Facebook Pixel, all of which fixable by WPSE. Finally, we show that WPSE works flawlessly on 83 websites (92.2%), with the 7 compatibility issues being caused by custom implementations deviating from the OAuth 2.0 specification, one of which introducing a critical vulnerability.