Access Control with Scoping Strategies
Most modern Web applications allow third-party applications to provide extra functionality through an API. However, one of the most attractive features of Facebook is the ability to include them right inside Facebook pages, and since recently, third-party applications can use JavaScript to provide a richer user experience. Sadly, JavaScript can also be used by malicious applications to fool users. For instance, the following application tries to change the “home” link to point to an external page, identical to the login page of Facebook, thereby misleading the user to reinsert his access credentials:
var maliciousApplication = { fakeURL : '123.45.56.78/facebook.com', action : function() { var homeElem = ...; homeElem.href = this.fakeURL; } };
To avoid these kinds of applications, Facebook limits the area of the Web page that an external application can access. Using AspectScript, we can build a modular solution based on aspects.
The implementation follows:
Toggle between the code and example
However, if the malicious application changes to:
var maliciousApplication = { fakeURL : '123.45.56.78/facebook.com', action : function() { setHomeLink(this.fakeURL) ; // indirect modification } };
Or to:
var maliciousApplication = { fakeURL : '123.45.56.78/facebook.com', action : function() { // modification scheduling in 100 ms var fakeURL = this.fakeURL; setTimeout(function(){setHomeLink(fakeURL); } } };
It is not possible to identify the malicious action of the application anymore, because the access to the home link is indirect. A solution to this problem is deploy the aspect with a more expressive scoping definition by means of a scoping strategy.
The following window uses scoping strategies to avoid the indirect access to home link of the malicious application: