Detecting and preventing activex API-Misuse vulnerabilities in internet explorer

Authors:
Ting Dai;Sai Sathyanarayan;Roland H. C. Yap;Zhenkai Liang
Affiliations:
School of Computing, National University of Singapore, Singapore;School of Computing, National University of Singapore, Singapore;School of Computing, National University of Singapore, Singapore;School of Computing, National University of Singapore, Singapore
Venue:
ICICS'12 Proceedings of the 14th international conference on Information and Communications Security
Year:
2012

Citing 9
Cited 0

Enforceable security policies

ACM Transactions on Information and System Security (TISSEC)
MOPS: an infrastructure for examining security properties of software

Proceedings of the 9th ACM conference on Computer and communications security
Two Formal Analys s of Attack Graphs

CSFW '02 Proceedings of the 15th IEEE workshop on Computer Security Foundations
Automated Generation and Analysis of Attack Graphs

SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Backtracking intrusions

ACM Transactions on Computer Systems (TOCS)
Pin: building customized program analysis tools with dynamic instrumentation

Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation
A Layered Architecture for Detecting Malicious Behaviors

RAID '08 Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection
Preventing drive-by download via inter-module communication monitoring

ASIACCS '10 Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security
Comprehending module dependencies and sharing

Proceedings of the 32nd ACM/IEEE International Conference on Software Engineering - Volume 2

Quantified Score

Hi-index	0.00

Visualization

Abstract

ActiveX is used to build reusable software components in Microsoft Windows. It is widely used by many Windows applications, such as Internet Explorer and Microsoft Office. As general-purpose components, ActiveX controls expose methods to applications, which may be used in ways unexpected by the ActiveX designer, leading to malicious activities. We call such misuse of ActiveX methods - ActiveX API misuse vulnerabilities. In this paper, we present a solution which identifies and prevents API misuse of ActiveX controls in Internet Explorer. We construct models to represent normal functionality of ActiveX methods, and identify ActiveX API misuse by identifying the methods that can reach dangerous (system) APIs. We then develop a technique for Internet Explorer to prevent the use of dangerous ActiveX methods. We evaluated our approach on six real-world ActiveX controls. We are able to identify and prevent ActiveX API misuse in these controls. Our approach is effective in detecting ActiveX API misuse and has negligible overhead for preventing attacks.