SS'08 Proceedings of the 17th conference on Security symposium
Hi-index | 0.00 |
Drive-by downloads, which result in the unauthorized installation of code through the browser and into the victim host, have become one of the dominant means through which mass infections now occur. We present BLADE (B lock A ll D rive-by download E xploits), a browserindependent system that seeks to eliminate the drive-by threat. BLADE prudently assumes that the legitimate download of any executable must result from explicit user consent. BLADE transparently redirects every browser download into a non-executable safe zone on disk, unless it is associated with a programmatically inferred user-consent event. BLADE thwarts the necessary underlying transaction on which all drive-by downloads rely, therefore it requires no prior knowledge of the exploit methods, and is not subject to circumvention by obfuscations or zero-day threats.