[9-1]Security and privacy implications of the multi-component nature of Software-as-a-Service
Date:2011-08-30
Title: Security and privacy implications of the multi-component nature of Software-as-a-Service
Speaker: Dr. Shuo Chen, Microsoft Research Redmond
Time: 3:00pm, September 1st (Thursday), 2011.
Venue: Lecture Room, Level 3, Building No. 5, State Key Laboratory of Computer Science, Institute of Software, Chinese Academy of Sciences
Abstract:
The essence of Software-as-a-Service is that an application is distributed between a browser and one-or-more web servers, which is a multi-component system across the Internet. In this talk, I will discuss two of our recent papers, showing that the web industry needs more disciplined programming practices to deal with security and privacy challenges due to the multi-component nature. The first paper (to appear in Oakland’11) is about logic bugs in web service integrations. Specifically, we studied merchant websites that accept payments through third-party cashiers (e.g., PayPal, Amazon Payments and Google Checkout). We found that leading merchant applications and popular online stores contain serious logic flaws that allow a malicious shopper to purchase at an arbitrarily low price, shop for free after paying for one item, or even avoid payment. We reported these bugs to developers. Most of them have been fixed. Besides bug finding, we used a verification tool to study the complexity of a representative merchant logic. The second paper (in Oakland’10) shows that, despite encryption, side-channel leaks are a realistic and serious threat to user privacy. We found that surprisingly detailed sensitive information is being leaked out from a number of high-profile web applications in healthcare, taxation, investment and web search: an eavesdropper can infer the illnesses/medications/surgeries of the user, her family income and investment secrets, despite HTTPS protection; a stranger on the street can glean enterprise employees' web search queries, despite WPA/WPA2 Wi-Fi encryption. The root causes of the problem are some fundamental characteristics of web 2.0 applications: stateful communication, low entropy input, and significant traffic distinctions. We further conducted an analysis to demonstrate the challenges of mitigating such a threat. The URLs of the two papers are:
http://research.microsoft.com/pubs/145858/caas-oakland-final.pdf
http://research.microsoft.com/pubs/119060/WebAppSideChannel-final.pdf
Bio:
Shuo Chen is a researcher at Microsoft Research Redmond. His current research focus is on system security and privacy. He likes to study real-world operational systems to understand their security challenges and flaws. His recent projects include browser security, web privacy/security and memory-based security problems. He frequently serves on the program committees for the Oakland Conference,ACM CCS, WWW, etc。Shuo obtained his Ph.D. degree in computer science under the guidance of Prof. Ravi Iyer from University of Illinois at Urbana-Champaign. He obtained his master's and bachelor's degree from Tsinghua University and Peking University, both in computer science.