Abstract
ActiveX is used to build reusable software components in Microsoft Windows. It is widely used by many Windows applications, such as Internet Explorer and Microsoft Office. As general-purpose components, ActiveX controls expose methods to applications, which may be used in ways unexpected by the ActiveX designer, leading to malicious activities. We call such misuse of ActiveX methods - ActiveX API misuse vulnerabilities. In this paper, we present a solution which identifies and prevents API misuse of ActiveX controls in Internet Explorer. We construct models to represent normal functionality of ActiveX methods, and identify ActiveX API misuse by identifying the methods that can reach dangerous (system) APIs. We then develop a technique for Internet Explorer to prevent the use of dangerous ActiveX methods. We evaluated our approach on six real-world ActiveX controls. We are able to identify and prevent ActiveX API misuse in these controls. Our approach is effective in detecting ActiveX API misuse and has negligible overhead for preventing attacks.
This work has been supported by a DRTech grant R-394-000-054-232.
Chapter PDF
Similar content being viewed by others
References
Luk, C., Cohn, R., Muth, R., Patil, H., Klauser, A., Lowney, G., Wallace, S., Reddi, V., Hazelwood, K.: Pin: Building Customized Program Analysis Tools with Dynamic Instrumentation. In: ACM SIGPLAN Conf. on Programming Language Design and Implementation, pp. 190–200 (2005)
Wu, Y., Yap, R., Ramnath, R.: Comprehending Module Dependencies and Sharing. In: ACM/IEEE Intl. Conf. on Software Engineering, pp. 89–98 (2010)
Dormann, W., Plakosh, D.: Vulnerability Detection in ActiveX Controls through Automated Fuzz Testing (2008), http://www.cert.org/archive/pdf/dranzer.pdf
Song, C., Zhuge, J., Han, X., Ye, Z.: Preventing Drive-by Download via Inter-Module Communication Monitoring. In: ACM Symp. on Information, Computer and Communications Security, pp. 124–134 (2010)
King, S., Chen, P.: Backtracking Intrusions. ACM Trans. on Computer Systems 23(1), 51–76 (2005)
Martignoni, L., Stinson, E., Fredrikson, M., Jha, S., Mitchell, J.: A Layered Architecture for Detecting Malicious Behaviors. In: Lippmann, R., Kirda, E., Trachtenberg, A. (eds.) RAID 2008. LNCS, vol. 5230, pp. 78–97. Springer, Heidelberg (2008)
Schneider, F.: Enforceable Security Policies. ACM Trans. on Information and System Security 3(1), 30–50 (2000)
Chen, H., Wagner, D.: MOPS: an Infrastructure for Examining Security Properties of Software. In: ACM Conf. on Computer and Communications Security, pp. 235–244 (2002)
Sheyner, O., Haines, J., Jha, S., Lippmann, R., Wing, J.: Automated Generation and Analysis of Attack Graphs. In: IEEE Symp. on Security and Privacy, pp. 273–284 (2002)
Jha, S., Sheyner, O., Wing, J.: Two Formal Analyses of Attack Graphs. In: IEEE Computer Security Foundations Workshop, pp. 49–63 (2002)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Dai, T., Sathyanarayan, S., Yap, R.H.C., Liang, Z. (2012). Detecting and Preventing ActiveX API-Misuse Vulnerabilities in Internet Explorer. In: Chim, T.W., Yuen, T.H. (eds) Information and Communications Security. ICICS 2012. Lecture Notes in Computer Science, vol 7618. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-34129-8_35
Download citation
DOI: https://doi.org/10.1007/978-3-642-34129-8_35
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-34128-1
Online ISBN: 978-3-642-34129-8
eBook Packages: Computer ScienceComputer Science (R0)