from e to ecmascript and back again
play

From E to EcmaScript and back again Mark S. Miller and the - PowerPoint PPT Presentation

Sep 10, 2022 •763 likes •1.49k views

From E to EcmaScript and back again Mark S. Miller and the Cajadores Overview Object-Capabilities Security as extreme modularity Securing JavaScript Why and How? E Caja ES5 SES Dr. SES Patterns of Safe Cooperation In

  1. From E to EcmaScript and back again Mark S. Miller and the Cajadores

  2. Overview Object-Capabilities Security as extreme modularity Securing JavaScript – Why and How? E  Caja  ES5  SES  Dr. SES Patterns of Safe Cooperation In Secure EcmaScript (SES) Distributed Cryptographic Capabilities In Distributed Resilient Secure EcmaScript (Dr. SES)

  3. Security as Extreme Modularity Modularity: Avoid needless dependencies Security: Avoid needless vulnerabilities Vulnerability is a form of dependency Mod: Principle of info hiding - need to know. Sec: Principle of least authority - need to do.

  4. How do I designate thee? by Introduction ref to Carol ref to Bob decides to share by Parenthood by Endowment by Initial Conditions How might object Bob come to know of object Carol?

  5. How do I designate thee? Alice says : bob.foo(carol) by Introduction ref to Carol ref to Bob decides to share by Parenthood by Endowment by Initial Conditions

  6. How do I designate thee? Alice says : bob.foo(carol) by Introduction ref to Carol ref to Bob decides to share by Parenthood by Endowment by Initial Conditions

  7. How do I designate thee? Alice says : bob.foo(carol) by Introduction ref to Carol ref to Bob decides to share by Parenthood by Endowment by Initial Conditions

  8. How do I designate thee? Alice says : bob.foo(carol) by Introduction ref to Carol ref to Bob decides to share by Parenthood by Endowment by Initial Conditions

  9. How do I designate thee? Alice says : bob.foo(carol) by Introduction ref to Carol ref to Bob decides to share by Parenthood by Endowment by Initial Conditions

  10. How do I designate thee? Bob says : var carol = { ... }; by Introduction ref to Carol ref to Bob decides to share by Parenthood by Endowment by Initial Conditions

  11. How do I designate thee? Alice says : var bob = { ... carol ... }; by Introduction ref to Carol ref to Bob decides to share by Parenthood by Endowment by Initial Conditions

  12. How do I designate thee? At t 0 : by Introduction ref to Carol ref to Bob decides to share by Parenthood by Endowment by Initial Conditions

  13. OCaps: Small step from pure objects Memory safety and encapsulation + Effects only by using held references + No powerful references by default

  14. OCaps: Small step from pure objects Memory safety and encapsulation + Effects only by using held references + No powerful references by default Reference graph ≡ Access graph Only connectivity begets connectivity Natural Least Authority OO expressiveness for security patterns

  15. The Mashup problem: Code as Media <html> <head> <title>Basic Mashup</title> <script> function animate ( id ) { var element = document.getElementById(id); var textNode = element.childNodes[0]; var text = textNode.data; var reverse = false; element.onclick = function() { reverse = !reverse; }; setInterval(function() { textNode.data = text = reverse ? text.substring(1) + text[0] : text[text.length-1] + text.substring(0, text.length-1); }, 100); } </script> </head> <body onload="animate('target')"> <pre id="target">Hello Programmable World! </pre> </body> </html>

  19. Improving JavaScript in Stages EcmaScript 3: One of the hardest oo languages to secure. Caja: Complex server-side translator. Runtime overhead. EcmaScript 5: One of the easiest oo languages to secure. <script src=“initSES.js”></script> Simple client-side init and verifier. No runtime overhead. Approx 3K download compressed.

  20. Objects as Closures makeCounter function makeCounter () { var count = 0; incr incr return { incr incr incr incr incr: function() { return ++count; }, count decr: function() { return –count; } count count }; decr decr decr decr } decr decr

  21. Objects as Closures makeCounter function makeCounter () { var count = 0; incr incr return { incr incr incr incr incr: function() { return ++count; }, count decr: function() { return –count; } count count }; decr decr decr decr } decr decr A record of closures hiding state is a fine representation of an object of methods hiding instance vars

  22. Objects as Closures in ES5/strict “use strict”; makeCounter function makeCounter () { var count = 0; incr incr return def( { incr incr incr incr incr: function() { return ++count; }, count decr: function() { return –count; } count count }); decr decr decr decr } decr decr A tamper-proof record of lexical closures encapsulating state is a defensive object

  23. Turning ES5 into SES <script src=“initSES.js”></script> Monkey patch away bad non-std behaviors Remove non-whitelisted primordials Install leaky WeakMap emulation Make virtual global root Freeze whitelisted global variables • Replace eval & Function with safe alternatives • Freeze accessible primordials

  24. Running ES5 & SES on old browsers

  25. Future objects on old browsers

  26. Revocable Function Forwarder function makeFnCaretaker ( target ) { makeCaretaker return def({ wrapper: function(…args) { revoke revoke revoke revoke wrapper wrapper wrapper wrapper revoke revoke revoke revoke wrapper wrapper wrapper wrapper revoke revoke revoke revoke wrapper wrapper wrapper wrapper return target(…args); }, target target target target target target revoke: function() { target = null; } }); }

  27. Unconditional Access Alice says: Alice Bob foo bob.foo(carol); Grants Bob full access to Carol forever Carol

  28. Revocability ≡ Temporal attenuation Alice says: Alice Bob foo var ct = makeCaretaker(carol); bob.foo(ct.wrapper); revoke revoke wrapper wrapper target Carol

  29. Revocability ≡ Temporal attenuation Alice says: Alice Bob var ct = makeCaretaker(carol); bob.foo(ct.wrapper); //… revoke revoke wrapper wrapper target Carol

  30. Revocability ≡ Temporal attenuation Alice says: Alice Bob var ct = makeCaretaker(carol); bob.foo(ct.wrapper); //… revoke revoke wrapper wrapper ct.revoke(); target Carol

  31. Revocability ≡ Temporal attenuation Alice says: Alice Bob var ct = makeCaretaker(carol); bob.foo(ct.wrapper); //… revoke revoke wrapper wrapper ct.revoke(); target Carol

  32. Attenuators ≡ Access Abstractions Alice says: Alice Bob foo var ct = makeCaretaker(carol); bob.foo(ct.wrapper); Express security policy by the behavior of the objects you provide Carol

  33. Abstractions extend vocabulary Primitives Abstraction Forms Extended Vocabulary procedural abstraction +, ., [] foo(bar, baz), … data abstraction int, struct, array Point, Window, … control abstraction if, while, switch addListener, … points-to access abstraction caretaker, membrane, …

  34. Membranes: Transitive Interposition Alice Bob function makeFnMembrane ( target ) { var enabled = true; function wrap ( wrapped ) { if (wrapped !== Object(wrapped)) { return wrapped; Dave } return function(… args ) { if (!enabled) { throw new Error(“revoked”); } return wrap(wrapped(…args.map(wrap)); } } return def({ wrapper: wrap(target), Carol revoke: function() { enabled = false; } }); }

  35. Attenuators Compose function makeROFile ( file ) { return def({ read: file.read, getLength: file.getLength }); } var rorFile = makeROFile(revocableFile);

  36. No powerful references by default Alice says: Alice Bob var bobSrc = //site B bob var carolSrc = //site C var bob = eval (bobSrc); Carol var carol = eval (carolSrc); carol

  37. No powerful references by default Alice says: Alice Bob var bobSrc = //site B bob var carolSrc = //site C var bob = eval (bobSrc); Carol var carol = eval (carolSrc); carol Bob and Carol are confined . Only Alice controls how they can interact or get more connected.

  38. No powerful references by default Alice says: Alice bob Bob carol Carol

  39. Only connectivity begets connectivity Alice says: bob Bob var counter = makeCounter(); counter incr incr bob(counter.incr); carol(counter.decr); carol count count Carol count bob = carol = null; decr decr

  40. Only connectivity begets connectivity Alice says: bob Bob var counter = makeCounter(); counter incr incr bob(counter.incr); carol(counter.decr); carol count count Carol count bob = carol = null; decr decr Bob can only count up and see result. Carol only down. Alice can only do both.

  41. Membrane eval → compartment var compartment = makeMembrane(eval); var vbob = compartment.wrapper(bobSrc); Bob Alice

  42. Membrane eval → compartment var compartment = makeMembrane(eval); var vbob = compartment.wrapper(bobSrc); //… Bob Alice

  43. Membrane eval → compartment var compartment = makeMembrane(eval); var vbob = compartment.wrapper(bobSrc); //… compartment.revoke(); Bob Alice GC

  44. Composing Authority +? Usually intersection

  45. Rights Amplification ≥ + + Authority conditional on other possessions. Enables more expressive power.

  46. Rights Amplification function makeBrand () { Alice Bob foo var amp = WeakMap(); return def({ seal: function( payload ) { var box = def({}); amp.set(box, payload); makeBrand return box; }, seal unseal seal unseal unseal: function( box ) { amp amp box return amp.get(box); box box } payload payload payload }); }

Recommend

ADVANCED JS &amp; CSS flexb ox ES6 WHAT IS ES6? ES (ECMAScript) is a scripting language standard

ADVANCED JS &amp; CSS flexb ox ES6 WHAT IS ES6? ES (ECMAScript) is a scripting language standard

CS498RK SPRING 2020 e s 6 ADVANCED JS &amp; CSS flexb ox ES6 WHAT IS ES6? ES (ECMAScript) is a scripting language standard . JavaScript implements ECMAScript. ES6 means the 6th Edition of ECMAScript. Timelin e 6 years later, ES6! Started in

710 views • 42 slides
Modern JavaScript Shan-Hung Wu &amp; DataLab CS, NTHU ES5, ES6 and ES7 Javascript:

Modern JavaScript Shan-Hung Wu &amp; DataLab CS, NTHU ES5, ES6 and ES7 Javascript:

Modern JavaScript Shan-Hung Wu &amp; DataLab CS, NTHU ES5, ES6 and ES7 Javascript: implementation of ECMAScript (ES) ES5 = ECMAScript 5 (2009) ES6 = ECMAScript 6 = ES2015 ES7 = ECMAScript 7 = ES2016 2 Outline Project-based

730 views • 49 slides
CS/COE 1520 pitt.edu/~ach54/cs1520 Advanced JavaScript and ECMAScript ECMAScript and JavaScript

CS/COE 1520 pitt.edu/~ach54/cs1520 Advanced JavaScript and ECMAScript ECMAScript and JavaScript

CS/COE 1520 pitt.edu/~ach54/cs1520 Advanced JavaScript and ECMAScript ECMAScript and JavaScript ECMAScript is based on JavaScript, and JavaScript is based on ECMAScript ... 2 First of all, what is ECMA? Ecma International

779 views • 55 slides
ES6 JavaScript, Metaprogramming, &amp; Object Proxies Prof. Tom Austin San Jos State

ES6 JavaScript, Metaprogramming, &amp; Object Proxies Prof. Tom Austin San Jos State

CS 152: Programming Language Paradigm ES6 JavaScript, Metaprogramming, &amp; Object Proxies Prof. Tom Austin San Jos State University ECMAScript Schism ECMAScript 4 was divisive A group broke off to create ECMAScript 3.1 more

695 views • 37 slides
Remaining Hazards and Mitigating Patterns for Secure Mashups in EcmaScript 5 Mark S. Miller and

Remaining Hazards and Mitigating Patterns for Secure Mashups in EcmaScript 5 Mark S. Miller and

Remaining Hazards and Mitigating Patterns for Secure Mashups in EcmaScript 5 Mark S. Miller and the Cajadores Overview The Mashup Problem The Offensive and Defensive Code Problems JavaScript (EcmaScript) gets simpler ES3, ES5, ES5/strict,

716 views • 52 slides
Metaprogramming &amp; JavaScript Object Proxies Prof. Tom Austin San Jos State University

Metaprogramming &amp; JavaScript Object Proxies Prof. Tom Austin San Jos State University

CS 252: Advanced Programming Language Principles Metaprogramming &amp; JavaScript Object Proxies Prof. Tom Austin San Jos State University ECMAScript Schism ECMAScript 4 was divisive A group broke off to create ECMAScript 3.1

480 views • 32 slides
Securing EcmaScript 5: Adventures in Strategic Compromise Mark S. Miller and the Cajadores Thanks

Securing EcmaScript 5: Adventures in Strategic Compromise Mark S. Miller and the Cajadores Thanks

Securing EcmaScript 5: Adventures in Strategic Compromise Mark S. Miller and the Cajadores Thanks to many on EcmaScript committee Overview My Expression Security Constraints talk The What and Why of object-capabilities (ocaps) This talk

831 views • 71 slides
TypeScript - a look at SPA's and Angular 2 Christian Holm Diget Agenda EcmaScript 6

TypeScript - a look at SPA's and Angular 2 Christian Holm Diget Agenda EcmaScript 6

TypeScript - a look at SPA's and Angular 2 Christian Holm Diget Agenda EcmaScript 6 TypeScript Libraries: ImmutableJS + React SPA architecture Angular 2.0 EcmaScript 6/2015 Let + const function f() { { let x; { //

859 views • 48 slides
ECMAScript &quot;3.1&quot; Pratap Lakshman, ECMA TC39 Representative Microsoft Corp.

ECMAScript &quot;3.1&quot; Pratap Lakshman, ECMA TC39 Representative Microsoft Corp.

ECMAScript &quot;3.1&quot; Pratap Lakshman, ECMA TC39 Representative Microsoft Corp. pratapL@microsoft.com JAOO Aarhus 2008 1 ECMAScript A brief introduction to the language Standardization History, Motivation, and Status

1.12k views • 22 slides
SAFE Formal Specification and Implementation of a Scalable Analysis Framework for ECMAscript

SAFE Formal Specification and Implementation of a Scalable Analysis Framework for ECMAscript

SAFE Formal Specification and Implementation of a Scalable Analysis Framework for ECMAscript PLRG@KAIST Hongki Lee , Sooncheol Won, Joonho Jin, Junhee Cho, and Sukyoung Ryu Contents Introduction Big Picture Formal Specification

631 views • 25 slides
Javascript Thierry Sans Introduction Javascript (aka Ecmascript) Scripting language

Javascript Thierry Sans Introduction Javascript (aka Ecmascript) Scripting language

Javascript Thierry Sans Introduction Javascript (aka Ecmascript) Scripting language (dynamically and weakly typed) Object-oriented (first prototype-based and now class-based) Functional (first-class functions) Reflexive (eval method)

1.19k views • 18 slides
ECMAScript 6: whats next for JavaScript? Dr. Axel Rauschmayer rauschma.de 2014-06-13 QCon

ECMAScript 6: whats next for JavaScript? Dr. Axel Rauschmayer rauschma.de 2014-06-13 QCon

ECMAScript 6: whats next for JavaScript? Dr. Axel Rauschmayer rauschma.de 2014-06-13 QCon New York 2014 JavaScript has become dangerous Used everywhere: browsers, servers, devices, . . . For much more than it was created for Lets

669 views • 65 slides
JavaScript (a dialect of ECMAScript) JavaScript is an object-based scripting language. It works

JavaScript (a dialect of ECMAScript) JavaScript is an object-based scripting language. It works

CS125 Spring 2014 Interim JavaScript (a dialect of ECMAScript) JavaScript is an object-based scripting language. It works with the objects associated with a web page: the window, the document it contains, and the elements in the document (such

338 views • 13 slides
ECMASCRIPT HARMONY PlovdivConf 2015 https://github.com/ivanovyordan

ECMASCRIPT HARMONY PlovdivConf 2015 https://github.com/ivanovyordan

ECMASCRIPT HARMONY PlovdivConf 2015 https://github.com/ivanovyordan http://ivanovyordan.com ? http://kangax.github.io/compat-table/es6

642 views • 19 slides
PREVENTION OF LOW BACK PAIN : Back Education for Workplace and Home PRESENTED AT BODIJA-ASHI

PREVENTION OF LOW BACK PAIN : Back Education for Workplace and Home PRESENTED AT BODIJA-ASHI

PREVENTION OF LOW BACK PAIN : Back Education for Workplace and Home PRESENTED AT BODIJA-ASHI BAPTIST CHURCH, IBADAN MARCH 10, 2013 Ibidunni Alonge Olumide Dada WHY LOW BACK PAIN? 2 Knee Back Neck WHAT IS LOW BACK PAIN? 3 Low back

1.56k views • 61 slides
Back-Up Servicing www.1stservicing.com Back-Up Servicing A back-up servicer is a service

Back-Up Servicing www.1stservicing.com Back-Up Servicing A back-up servicer is a service

Back-Up Servicing www.1stservicing.com Back-Up Servicing A back-up servicer is a service provider who agrees to take over the servicing of a portfolio of assets on the occurrence of certain trigger events, most commonly failure of the

829 views • 5 slides
Secure Distributed Programming on EcmaScript 5 + HTML5 platforms Mark S. Miller and the Cajadores

Secure Distributed Programming on EcmaScript 5 + HTML5 platforms Mark S. Miller and the Cajadores

Secure Distributed Programming on EcmaScript 5 + HTML5 platforms Mark S. Miller and the Cajadores with thanks to Tyler Close How to lose an arms race How to lose an arms race Doomed to never ending tinkering? Doomed to never ending tinkering?

839 views • 83 slides
The Future of JavaScript I mean ECMAScript Douglas Crockford Yahoo! Welcome to the Future!

The Future of JavaScript I mean ECMAScript Douglas Crockford Yahoo! Welcome to the Future!

The Future of JavaScript I mean ECMAScript Douglas Crockford Yahoo! Welcome to the Future! Such as it is. The Worlds Most Popular Programming Language The Worlds Most Popular Programming Language The Worlds Most Unpopular

716 views • 58 slides
to get back on track It took a while but now I have taken back control. Im trying new things,

to get back on track It took a while but now I have taken back control. Im trying new things,

Making it easier to get back on track It took a while but now I have taken back control. Im trying new things, pushing my limits again. Alessia Leading intimate healthcare Coloplast Earnings Conference Call Q1 2019/20 February 6 th , 2020

465 views • 8 slides
THE BACK THE MUSCLES THE MUSCLES OF THE BACK THE MUSCLES OF THE BACK Muscles of the back are

THE BACK THE MUSCLES THE MUSCLES OF THE BACK THE MUSCLES OF THE BACK Muscles of the back are

THE BACK THE MUSCLES THE MUSCLES OF THE BACK THE MUSCLES OF THE BACK Muscles of the back are organized into superficial , intermediate , and deep groups . extrinsic muscles and intrinsic muscles Muscles in the superficial and intermediate groups

482 views • 37 slides
Back-to-School Outreach Strategies Agenda Back-to-School Outreach Why Back-to-School?

Back-to-School Outreach Strategies Agenda Back-to-School Outreach Why Back-to-School?

Back-to-School Outreach Strategies Agenda Back-to-School Outreach Why Back-to-School? What you can do Partner Spotlight, INOVA Hospital Bringing it all together 2 Be Part of the Conversation Do you have tried and

373 views • 24 slides
S chool Rove r BACK ON TRACK IS BACK So if you are lucky This term saw the return of Back on

S chool Rove r BACK ON TRACK IS BACK So if you are lucky This term saw the return of Back on

Issue 8, May 21 2010 As we express our gratitude, we must never forget that the highest appreciation is not to utter words, but to live by them. J.F. Kennedy ACN 063049669 Maher Road, P. O. Box 771, Gordonvale,

744 views • 8 slides
Back To Work Back To Work Back To Work Back To Work Q2 F2008 Results 31 January 2008 y

Back To Work Back To Work Back To Work Back To Work Q2 F2008 Results 31 January 2008 y

Back To Work Back To Work Back To Work Back To Work Q2 F2008 Results 31 January 2008 y Forward Looking &amp; Cautionary Statements Forward Looking &amp; Cautionary Statements This document and any materials distributed in connection with

774 views • 56 slides
D62 Back to School July 20, 2020 Goals: D62 Back to School Continue to monitor state and

D62 Back to School July 20, 2020 Goals: D62 Back to School Continue to monitor state and

D62 Back to School July 20, 2020 Goals: D62 Back to School Continue to monitor state and federal guidelines Prioritize health and safety Ensure a smooth transition back to in-person schooling Prepare for multiple scenarios

730 views • 36 slides

More recommend