The Document Object Model is defined by the W3C as:
“The Document Object Model is a platform- and language-neutral interface that will allow programs and scripts to dynamically access and update the content, structure and style of documents. The document can be further processed and the results of that processing can be incorporated back into the presented page. This is an overview of DOM-related materials here at W3C and around the web.”(W3C)i
The DOM is a form of advanced programmer interface (API), designed to allow web-developers access to fuctions and objects within the page via javascript. This allows the flexible creation and update of page and site elements in manners that most programmers would already understand. Since the DOM uses Javascript; it is executed within the Client Browser, it may also be executed by any language including but not limited to VBScript, C#, ASP.NET et cetera, ad nosium.(W3Schools)ii Since the DOM Model is Platform independent it may be manipulated by any script.
Funcitonality vs Security the Balance
The functionality of any API is always inversly proportional to the securty of that API. (Reguly)iii(Howard)iv
Exploits
The primary type and most common type of DOM Exploit involes a type callsed XSS or Cross Site Scripting. The one type specific to the DOM would be a Local XSS Attack as defined by Klien.(Klien)v
The secondary type of DOM is the good old Bufer Overflow.(Wikipedia)vi; Since all new browsers must be DOM compliant to function, the browser must allow the execution and use of DOM methods. This open's a potential attack vector to malicious code via the code arbitrating and then overrunning a given variables memory buffer; Since the most common browser on the internet is Internet Explorer there have been many DOM related buffer overflows but I will provide one here. (Microsoft)vii
Each Browser on every platform has had one buffer overflow at one time or anohter they arise as a risk when the memory of a called object is not properly recovered or allocated during said objects instantiation. Since on most microsoft platforms the brower is running under the local users identity (which usually has administrative rights to the machine) if a buffer overflow does occur and is successful it results in the ability for the producer of said malicious code to execute arbitrary code with administrative privlages. In hacking cricles this is called “Owning” the box. Once a box has been “Owned” it may be used as a remote spam server, zombie box for DDOS or DOS attackes, or Identity theft or for whatever nefarious purposes the malicious code wirter intended.
There is also “ClickJacking” however it's a derivative of Cross Site scripting, primaraly used to bankrupt advertizing budgets of various competitiors to improve one's own ad ranks within search engine powered keyword systems.
Mitigations
To achieve any security one must limite the type and function of object calls and implment systems with features such as Automated Memory Management & Verifacation, (Stallings)viii another method used to mitigate buffer overflows is random order library loading on the operating sytems startup.(OpenBSD)ix Although the primary and best method to protect agains XSS and Buffer overflow attackes is to disable Scripting alltogether, requireing the user to verify weather or not the site maintains valid code. (Gorgio)x The only alternative to this would be to implment dynamic online content validation as mentioned by Helfin et all.(Helfin et All.)xi Were all contenet has a 3rd party encrypted checksum with integrated public keys thus leveradging the cryptographic systems checksumming methods ot certify content.
in.a. (W3C, January 19th 2005) Document Object Model [Online] World Wide Web, Available from: http://www.w3.org/DOM/ (Accessed on June 25th 2009)
iin.a. (W3Schools, n.d.) JavaScript HTML DOM Objects [Online] World Wide Web, Available frrom: http://www.w3schools.com/js/js_obj_htmldom.asp (Accessed on: June 25th 2009)
iiiRugley, Tyler (360 Security Ncircle, March 11th 2009) Functionality vs Security Who Wins? [Online] World Wide Web, Available from: http://blog.ncircle.com/blogs/vert/archives/2009/03/functionality_versus_security.html (Accessed on: June 25th 2009)
ivHoward, Michael (Microsoft, March 2007) Security Development Lifecycle (SDL) Banned Function Calls [Online] World Wide Web, Available from: http://msdn.microsoft.com/en-us/library/bb288454.aspx (Accessed on June 25th 2009)
vKlein, Amit (Web applications Security Consortium, April 7th 2005) DOM Based Cross Site Scripting of the Third Kind [Online] World Wide Web, Available from: http://www.webappsec.org/projects/articles/071105.shtml (Accessed on June 25th 2009)
vin.a. (Wikipedia, June 19th 2009) Buffer Overflow [Online] World Wide Web, Available from: http://en.wikipedia.org/wiki/Buffer_overflow (Accessed on June 25th 2009)
viin.a. (Microsoft, December 13th 2005) Microsoft Security Buillitn MS05-054 KBID 905915 [Online] World Wide Web, available from: http://www.microsoft.com/technet/security/Bulletin/MS05-054.mspx (Accessed on June 25th 2009)
viiiWilliam Stallings, (Prentice Hall, 2008) Operating Systems 6th ed. Section 7.5 Security Issues P331. [Online] World Wide Web, Available from: http://books.google.ca/books?id=dBQFXs5NPEYC&pg=PA331&lpg=PA331&dq=Memory+Management+Security&source=bl&ots=CtpS0WeuF8&sig=ws4AjP5HPHEPQ9DHx1X2oxfkSZs&hl=en&ei=h3FFSuLGO4WEtwf-8OCVBg&sa=X&oi=book_result&ct=result&resnum=4 (Accessed on June 25th 2009)
ixn.a. (OpenBSD Foundation, October 3rd 2006) OpenBSD 3.4 Release Notes [Online] World Wide Web, Available from: http://www.openbsd.org/34.html (Accessed on June 25th 2009)
xMaone, Gorgio (Noscript, n.d.) NoScript Project Home page [Online] World Wide Web, available from: http://noscript.net/ (Accessed on June 25th 2009)
xiHelfin, J; Handler, J; (Maryland University, IEEE, March 4th 2004) Intellegent Systems Volume 16 Issue 2, A portrat of the Semantic web in action [Online] PDF Document, Available from: http://ieeexplore.ieee.org/xpl/freeabs_all.jsp?arnumber=920600 (Accessed on June 25th 2009)