Web 2.0 – user-generated content, rich user interfaces and co-operative, dynamic services – has also brought with it a new and extremely virulent breed of ‘Malware 2.0’. A key motivation for this study is the link between Web 2.0 and the increase in ‘drive-by’ malware infections requiring no intervention or awareness on the part of the user. To give some idea of the threat posed, a Scansafe report analysing malware trends reports that risks from compromised websites increased 407% in the year to May 2008.

One of the most important sources of vulnerabilities in Web 2.0 is the inadequacy of access and authorisation frameworks used in Web 2.0 environments. In particular, this report highlights problems in policy frameworks governing the separation of control between web applications. These centre on the ‘same-origin’ policy, which sandboxes web applications coming from different domains, and the cases where this policy is either deliberately relaxed or circumvented for malicious purposes. Problems in access and authorisation frameworks often stem from the difficulty in finding a balance between allowing enough freedom for Web 2.0 applications to function and providing adequate security.

Web 2.0 has also brought a sea-change in the way knowledge and information is managed. One page contains content and even executable code from multiple sources including end-users, and information may be syndicated (eg, using RSS) and altered many times from its original source.

This means in particular that:
• The increased opportunities for contributing content also provide more opportunities to inject malicious code leading to many vulnerabilities in the category of cross-site scripting, an important weakness exploited by Malware 2.0. This is exacerbated by very short development cycles and the fact that programmers often have little or no security training.
• Trust in information is more difficult to establish, making it easier to promote fraudulent information for criminal purposes (eg, distortion of stock prices in so-called ‘pump and dump’ schemes).

The vulnerabilities identified in this paper are extremely important because of the potential damage they cause through identity theft, extortion via botnets (we describe an attack where botnets are controlled via a Web 2.0 application), financial loss, loss of privacy and damage to reputation.

Technology can address many of the more immediate problems, but eliminating the more systemic risks requires a comprehensive approach to security involving people, process and technology. Some of the elements of such an approach include:
• Government policy – eg, secure development incentives such as lightweight certification schemes and the funding of pilot actions.
• Research – eg, usability of TLS/SSL, privacy-preserving means of establishing trust in information in Web 2.0 environments, and advanced Javascript security models.
• Awareness-raising campaigns – eg, lifetime of data on the web, use of stronger authentication in certain Web 2.0 scenarios, and the ineffectiveness of age-verification and content-rating schemes in Web 2.0.
• Standardisation – eg, further development of existing access-control and authorisation frameworks to provide improved security in access control and authorisation, standards for privacy-preserving establishment of information provenance and pedigree.

Download pdf Web 2.0 Security and Privacy