Document details

The number of Internet users keeps growing every year. Moreover, the Internet is becoming a daily tool, which impacts the individual's lives used either as a work tool or for entertainment purposes. However, by using it, people become possible targets for cyber attacks as they keep exchanging data, sometimes sensitive and private data, with remote servers.Among all the different attacks types, MitB is the reason behind the genesis of this thesis subject. MitB attacks are performed by a computer program running on user's computer that is commonly known as Malware, which has access to what happens inside a browser window. It can be a system library or even a browser extension programmed to, automatically, misrepresent the source code of the client-side server response, and other information stored in user's browsers. They rely on markup and DOM anchors to identify sections of a web page to attack. The end result of an attack will be dictated by the malware's ability to successfully identify the right location on the web page to perform the attack.Polymorphism is a broad concept that can be applied to web pages as a tool to both neutralize and defeat such kind of attacks, as documented by Shape Security, Inc. in 2014. Applying polymorphic techniques to web pages, the server response will be textually different between requests, but the visual display to the user will always be the same. That is, the values of static attributes and the structure of HTML documents may be modified on the server immediately before responses are sent off, creating a polymorphic version of the web page, or by pre-building this new versions on the server to decrease the real time computational costs. Therefore, no two HTML documents will be textually the same, turning web pages in somehow a moving target against MitB attacks. This level of protection is necessary since all changes are made locally, client side, making their detection difficult by control and security structures implemented on the service provider's servers.In this thesis, we aim to develop a tool based on polymorphism to protect web pages and users from MitB attacks based on markup and DOM anchors. This tool will be evaluated by accuracy and efficiency. The first metric will be evaluated by recording and comparing the list of errors and warnings generated by original web pages and by their polymorphic versions created with our tool. The efficiency will be evaluated by running automated attempts for tampering web pages protected by our tool.