Talking to Strangers Without Taking Their Candy:
Isolating Proxied Content

Adrienne Felt, Pieter Hooimeijer, David Evans, Westley Weimer.
First International Workshop on Social Network Systems, Glasgow, Scotland, April 2008. (PDF, 6 pages)

Abstract

Social networks are increasingly supporting external content integration with platforms such as OpenSocial and the Facebook API. These platforms let users embed third-party applications in their profiles and are a popular example of a mashup. Content integration is often accomplished by proxying the third-party content or importing third-party scripts. However, these methods introduce serious risks of user impersonation and data exposure. Modern browsers provide no mechanism to differentiate between trusted and untrusted embedded content. As a result, content providers are forced to trust third-party scripts or ensure user safety by means of server-side code sanitization. We demonstrate the difficulties of server-side code filtering — and the ramifications of its failure — with an example from the Facebook Platform. We then propose browser modifications that would distinguish between trusted and untrusted content and enforce their separation.

Paper

Full paper (6 pages): [PDF]

Links

The Facebook Chronicles (provides details on the cross-site scripting vulnerability described in Section 3 of the paper)

Related white paper: Adrienne Felt, Defacing Facebook: A Security Case Study [PDF], August 2007.

In a related project, we are also exploring Privacy Protection for Social Networking APIs.