Malware Attacker:
Attacker escapes browser isolation mechanisms and runs separately under control of OS
Browsers may contain exploitable bugs
often enable remote code execution by web site
even if browsersd were bug-free, still lots of vulnerabilities on the web
XSS, SQLi, CSRF, …
Web Threat Models
Malware Attacker, Network Attacker, Web Attacker
Basic Execution Model
1. Loads content
2. Renders
Processes HTML and scripts to display the page. May involve images, subframes, etc.
3. Response to event
Frame Security
windows may contain frames from different sources
Frame:Rigid division as part of frameset
iFrame: floating inline frame
readCookie, writeCookie
Browsing Context
-A frame with its DOM
-A web worker, which does not have a DOM
Modern structuring mechanisms
-HTML5 iframe sandbox
-content security policy
-cross-origin resource sharing
-HTML5 web workers
-sub resource integrity