language based isolation of untrusted javascript
play

Language Based isolation of Untrusted JavaScript Ankur Taly Dept. - PowerPoint PPT Presentation

Nov 02, 2023 •183 likes •650 views

Web 2 . 0 and the Isolation Problem Case Study : FBJS Formal Semantics of JavaScript Achieving the Isolation goal Ongoing Language Based isolation of Untrusted JavaScript Ankur Taly Dept. of Computer Science, Stanford University Joint work

  1. Web 2 . 0 and the Isolation Problem Case Study : FBJS Formal Semantics of JavaScript Achieving the Isolation goal Ongoing Language Based isolation of Untrusted JavaScript Ankur Taly Dept. of Computer Science, Stanford University Joint work with Sergio Maffeis (Imperial College, London) and John C. Mitchell (Stanford University) Ankur Taly Language Based isolation of Untrusted JavaScript

  2. Web 2 . 0 and the Isolation Problem Case Study : FBJS Formal Semantics of JavaScript Achieving the Isolation goal Ongoing 1 Web 2 . 0 and the Isolation Problem 2 Case Study : FBJS Design Attacks and Challenges 3 Formal Semantics of JavaScript 4 Achieving the Isolation goal 5 Ongoing and Future Work Ankur Taly Language Based isolation of Untrusted JavaScript

  3. Web 2 . 0 and the Isolation Problem Case Study : FBJS Formal Semantics of JavaScript Achieving the Isolation goal Ongoing Web 2 . 0 and the Isolation Problem Web 2.0 : All about mixing and merging content (data and code) from multiple content providers in a users browser, to provide high-value applications Extensive Client-side scripting - lots of JavaScript. Systems have complex trust boundaries. Security Issues This work Focus on the simple case where content providers are either trusted or untrusted : Third party Advertisements , Widgets, Social Networking site - applications. Assume the publisher has access to untrusted content before it adds it to the page. Focus on JavaScript content present in untrusted code. Ankur Taly Language Based isolation of Untrusted JavaScript

  4. Web 2 . 0 and the Isolation Problem Case Study : FBJS Formal Semantics of JavaScript Achieving the Isolation goal Ongoing Web 2 . 0 and the Isolation Problem Web 2.0 : All about mixing and merging content (data and code) from multiple content providers in a users browser, to provide high-value applications Extensive Client-side scripting - lots of JavaScript. Systems have complex trust boundaries. Security Issues This work Focus on the simple case where content providers are either trusted or untrusted : Third party Advertisements , Widgets, Social Networking site - applications. Assume the publisher has access to untrusted content before it adds it to the page. Focus on JavaScript content present in untrusted code. Ankur Taly Language Based isolation of Untrusted JavaScript

  5. Web 2 . 0 and the Isolation Problem Case Study : FBJS Formal Semantics of JavaScript Achieving the Isolation goal Ongoing Web 2 . 0 and the Isolation Problem Isolation Problem Design security mechanisms which allow untrusted code to perform valuable interactions and at the same time prevent intrusion and malicious damage. Ankur Taly Language Based isolation of Untrusted JavaScript

  6. Web 2 . 0 and the Isolation Problem Case Study : FBJS Formal Semantics of JavaScript Achieving the Isolation goal Ongoing Web 2 . 0 and the Isolation Problem Isolation Problem Design security mechanisms which allow untrusted code to perform valuable interactions and at the same time prevent intrusion and malicious damage. Ankur Taly Language Based isolation of Untrusted JavaScript

  7. Web 2 . 0 and the Isolation Problem Case Study : FBJS Formal Semantics of JavaScript Achieving the Isolation goal Ongoing IFrames Placing all untrusted content in separate IFrames seems to be a safe solution . Social network site applications and Ads : IFrames are sometimes too restrictive Restricts the ad to a delineated section of the page. Social network applications need more permissive interaction with the host page. Some publishers prefer to not use IFrames Gives better control over untrusted code. Easier to restrict same-origin untrusted code. This Work Design isolation mechanisms for untrusted code not placed in separate IFrames. Ankur Taly Language Based isolation of Untrusted JavaScript

  8. Web 2 . 0 and the Isolation Problem Case Study : FBJS Formal Semantics of JavaScript Achieving the Isolation goal Ongoing Program Analysis Problem Program Analysis Problem Given an untrusted JavaScript program P and a Heap H (corresponding to the trusted page), design a procedure to either statically or dynamically via run time checks, guarantee that P does not access any security critical portions of the Heap. Design static analysis and/or code instrumentation techniques Very hard problem to solve for whole of JavaScript as all code that gets executed may not appear textually ! var m = ”toS” ; var n = ”tring” ; Object . prototype [ m + n ] = function () { return undefined } ; Approach Solve the above problem for subsets of JavaScript that are more amenable to static analysis. Ankur Taly Language Based isolation of Untrusted JavaScript

  9. Web 2 . 0 and the Isolation Problem Case Study : FBJS Formal Semantics of JavaScript Achieving the Isolation goal Ongoing Program Analysis Problem Program Analysis Problem Given an untrusted JavaScript program P and a Heap H (corresponding to the trusted page), design a procedure to either statically or dynamically via run time checks, guarantee that P does not access any security critical portions of the Heap. Design static analysis and/or code instrumentation techniques Very hard problem to solve for whole of JavaScript as all code that gets executed may not appear textually ! var m = ”toS” ; var n = ”tring” ; Object . prototype [ m + n ] = function () { return undefined } ; Approach Solve the above problem for subsets of JavaScript that are more amenable to static analysis. Ankur Taly Language Based isolation of Untrusted JavaScript

  10. Web 2 . 0 and the Isolation Problem Case Study : FBJS Formal Semantics of JavaScript Achieving the Isolation goal Ongoing Case Study : FBJS FBJS is a subset of JavaScriptfor writing Facebook applications which are placed as a subtree of the page. Restrictions Applied Filtering : Application code must be written in FBJS Forbid eval , Function constructs. Disallow explicit access to properties (via the dot notation - o . p ) parent , constructor , . . . . Rewriting this is re-written to ref ( this ) ref(x) is a function defined by the host (Facebook) in the global object such that ref(x) = x if x � = window else ref(x) = null Prevents application code form accessing the global object. Ankur Taly Language Based isolation of Untrusted JavaScript

  11. Web 2 . 0 and the Isolation Problem Case Study : FBJS Formal Semantics of JavaScript Achieving the Isolation goal Ongoing Case Study : FBJS FBJS is a subset of JavaScriptfor writing Facebook applications which are placed as a subtree of the page. Restrictions Applied Filtering : Application code must be written in FBJS Forbid eval , Function constructs. Disallow explicit access to properties (via the dot notation - o . p ) parent , constructor , . . . . Rewriting this is re-written to ref ( this ) ref(x) is a function defined by the host (Facebook) in the global object such that ref(x) = x if x � = window else ref(x) = null Prevents application code form accessing the global object. Ankur Taly Language Based isolation of Untrusted JavaScript

  12. Web 2 . 0 and the Isolation Problem Case Study : FBJS Formal Semantics of JavaScript Achieving the Isolation goal Ongoing Case Study : FBJS Rewriting (contd): o [ p ] is rewritten to o [ idx ( p )] : Controls access to dynamically generated property names. idx(p) is a function defined by the host (Facebook) in the global object such that idx(p) = bad if p ∈ Blacklist else idx(p) = p. Blacklist contains sensitive property names like parent , constructor, . . . Add application specific prefix to all top-level identifiers. Example : o.p is renamed to a1234 o.p Separates effective namespace of an application from others. Facebook provides libraries, accessible within the application namespace, to allow safe access to certain parts of the global object. Ankur Taly Language Based isolation of Untrusted JavaScript

  13. Web 2 . 0 and the Isolation Problem Case Study : FBJS Formal Semantics of JavaScript Achieving the Isolation goal Ongoing Case Study : FBJS Rewriting (contd): o [ p ] is rewritten to o [ idx ( p )] : Controls access to dynamically generated property names. idx(p) is a function defined by the host (Facebook) in the global object such that idx(p) = bad if p ∈ Blacklist else idx(p) = p. Blacklist contains sensitive property names like parent , constructor, . . . Add application specific prefix to all top-level identifiers. Example : o.p is renamed to a1234 o.p Separates effective namespace of an application from others. Facebook provides libraries, accessible within the application namespace, to allow safe access to certain parts of the global object. Ankur Taly Language Based isolation of Untrusted JavaScript

  14. Web 2 . 0 and the Isolation Problem Case Study : FBJS Formal Semantics of JavaScript Achieving the Isolation goal Ongoing An attack on FBJS (Nov’08) Goal of the Attack Get a handle to the global object in the application code. Main Idea : Get a handle to the current scope object and shadow the ref method. 1 Getting the current scope: GET SCOPE. try { throw ( function () { return this ; } ); } catch ( f ) { curr scp = f (); } Other tricks : Use named recursive functions (see our CSF’09 paper) 2 Shadow ref : curr scp . ref = function ( x ) { return x ; } . this will now evaluate to the global object ! 3 Ankur Taly Language Based isolation of Untrusted JavaScript

Recommend

ISOLATION DEFENSES GRAD SEC OCT 03 2017 ISOLATION Running untrusted code in a trusted

ISOLATION DEFENSES GRAD SEC OCT 03 2017 ISOLATION Running untrusted code in a trusted

ISOLATION DEFENSES GRAD SEC OCT 03 2017 ISOLATION Running untrusted code in a trusted environment Possibly with multiple tenants Setting OS: users / processes Browser: webpages / browser extensions Cloud: virtual machines (VMs)

272 views • 25 slides
Object Capabilities and Isolation of Untrusted Web Applications Ankur Taly Dept. of Computer

Object Capabilities and Isolation of Untrusted Web Applications Ankur Taly Dept. of Computer

Isolation problem for Web Mashups Formal definition of Capability Safe languages Solving the Isolation problem using Capabilit Object Capabilities and Isolation of Untrusted Web Applications Ankur Taly Dept. of Computer Science, Stanford

1.01k views • 43 slides
Javascript Thierry Sans Introduction Javascript (aka Ecmascript) Scripting language

Javascript Thierry Sans Introduction Javascript (aka Ecmascript) Scripting language

Javascript Thierry Sans Introduction Javascript (aka Ecmascript) Scripting language (dynamically and weakly typed) Object-oriented (first prototype-based and now class-based) Functional (first-class functions) Reflexive (eval method)

1.19k views • 18 slides
JavaScript (a dialect of ECMAScript) JavaScript is an object-based scripting language. It works

JavaScript (a dialect of ECMAScript) JavaScript is an object-based scripting language. It works

CS125 Spring 2014 Interim JavaScript (a dialect of ECMAScript) JavaScript is an object-based scripting language. It works with the objects associated with a web page: the window, the document it contains, and the elements in the document (such

338 views • 13 slides
JavaScript is an object-based language 4 It is NOT

JavaScript is an object-based language 4 It is NOT

Lecture 2: JavaScript Objects JavaScript is an object-based language 4 It is NOT object-oriented 4 It has and uses objects, but does not support

569 views • 17 slides
J AVA S CRIPT JavaScript is the programming language of HTML and the Web. JavaScript

J AVA S CRIPT JavaScript is the programming language of HTML and the Web. JavaScript

J AVA S CRIPT JavaScript is the programming language of HTML and the Web. JavaScript Java JavaScript is interpreted by the browser JavaScript 1/15 JS W HERE T O <!DOCTYPE html> <html> <head> <script

591 views • 15 slides
JAVASCRIPT an d th e We b ! JAVASCRIPT popular scripting language on the Web, supported by

JAVASCRIPT an d th e We b ! JAVASCRIPT popular scripting language on the Web, supported by

CS498RK SPRING 2020 JAVASCRIPT an d th e We b ! JAVASCRIPT popular scripting language on the Web, supported by browsers separate scripting from structure (HTML) and presentation (CSS) client- and server-side programming object-oriented,

628 views • 31 slides
JAVASCRIPT an d th e We b ! JAVASCRIPT popular scripting language on the Web, supported by

JAVASCRIPT an d th e We b ! JAVASCRIPT popular scripting language on the Web, supported by

CS 498RK SPRING 2019 JAVASCRIPT an d th e We b ! JAVASCRIPT popular scripting language on the Web, supported by browsers separate scripting from structure (HTML) and presentation (CSS) client- and server-side programming object-oriented,

501 views • 32 slides
JavaScript! What is JavaScript? A (traditionally) client-side scripting language Meant

JavaScript! What is JavaScript? A (traditionally) client-side scripting language Meant

JavaScript! What is JavaScript? A (traditionally) client-side scripting language Meant (traditionally) to run entirely on the users browser Defined by the ECMAscript standard, published by the ECMA foundation JavaScript != Java,

657 views • 32 slides
JAVASCRIPT Fashionabl e an d Functiona l ! JAVASCRIPT popular scripting language on the Web,

JAVASCRIPT Fashionabl e an d Functiona l ! JAVASCRIPT popular scripting language on the Web,

CS498RK SPRING 2020 JAVASCRIPT Fashionabl e an d Functiona l ! JAVASCRIPT popular scripting language on the Web, supported by browsers separate scripting from structure (HTML) and presentation (CSS) client- and server-side programming

857 views • 49 slides
JavaScript Primer Basic Introduction of JavaScript JavaScript History Why (re)introduce

JavaScript Primer Basic Introduction of JavaScript JavaScript History Why (re)introduce

JavaScript Primer Basic Introduction of JavaScript JavaScript History Why (re)introduce JavaScript? Notorious for being worlds most misunderstood programming language o (Douglas Crockford -

432 views • 11 slides
CE419 Session 5: JavaScript Web Programming 1 What is JavaScript? JavaScript is a dynamic

CE419 Session 5: JavaScript Web Programming 1 What is JavaScript? JavaScript is a dynamic

CE419 Session 5: JavaScript Web Programming 1 What is JavaScript? JavaScript is a dynamic programming language. Introduced in 1995 as a way to add programs to web pages in the Netscape Navigator browser. It has made modern web

795 views • 35 slides
JavaScript as a second language let languageWeUse = 'JavaScript' if (intimidating == true) {

JavaScript as a second language let languageWeUse = 'JavaScript' if (intimidating == true) {

JavaScript as a second language let languageWeUse = 'JavaScript' if (intimidating == true) { dontPanic('about it') } Types of languages natural languages (English, Mandarin) formal languages symbolic (math, logic) computer

359 views • 15 slides
Introduction to JavaScript Niels Olof Bouvin 1 Overview A brief history of JavaScript and

Introduction to JavaScript Niels Olof Bouvin 1 Overview A brief history of JavaScript and

Introduction to JavaScript Niels Olof Bouvin 1 Overview A brief history of JavaScript and ECMAScript JavaScript for Java developers The JavaScript ecosystem Getting access to JavaScript Some language basics A look at the Node.js standard

1.1k views • 57 slides
Introduction to JavaScript Niels Olof Bouvin 2 Overview A brief history of JavaScript and

Introduction to JavaScript Niels Olof Bouvin 2 Overview A brief history of JavaScript and

Introduction to JavaScript Niels Olof Bouvin 2 Overview A brief history of JavaScript and ECMAScript JavaScript for Java developers The JavaScript ecosystem Getting access to JavaScript Some language basics A look at the Node.js standard

1.03k views • 54 slides
JavaScript: The Good Parts vs. JavaScript: The Definitive Guide CS 252: Advanced Programming

JavaScript: The Good Parts vs. JavaScript: The Definitive Guide CS 252: Advanced Programming

JavaScript: The Good Parts vs. JavaScript: The Definitive Guide CS 252: Advanced Programming Language Principles Introduction to JavaScript Prof. Tom Austin San Jos State University History of JavaScript In 1995, Netscape hired Brendan

395 views • 16 slides
JavaScript Dr. Steven Bitner What is it? JavaScript is a scripting language No compiling

JavaScript Dr. Steven Bitner What is it? JavaScript is a scripting language No compiling

JavaScript Dr. Steven Bitner What is it? JavaScript is a scripting language No compiling or linking Where is it? It is included in a page load In the head of an html page between <script></script> tags In a

1.01k views • 36 slides
Event-based programming Prof. Tom Austin San Jos State University Inline JavaScript

Event-based programming Prof. Tom Austin San Jos State University Inline JavaScript

CS 152: Programming Language Paradigms Event-based programming Prof. Tom Austin San Jos State University Inline JavaScript <html> JavaScript <input type='button' onclick=' alert("Hello!"); ' value='Say hi' />

329 views • 12 slides
JavaScript: The Good Parts vs. JavaScript: The Definitive Guide For next class, read

JavaScript: The Good Parts vs. JavaScript: The Definitive Guide For next class, read

JavaScript: The Good Parts vs. JavaScript: The Definitive Guide For next class, read http://eloquentjavascript.net/ chapters 1-4. CS 152: Programming Language Paradigms JavaScript Prof. Tom Austin San Jos State University History of

550 views • 17 slides
ES6 JavaScript, Metaprogramming, & Object Proxies Prof. Tom Austin San Jos State

ES6 JavaScript, Metaprogramming, & Object Proxies Prof. Tom Austin San Jos State

CS 252: Advanced Programming Language Principles ES6 JavaScript, Metaprogramming, & Object Proxies Prof. Tom Austin San Jos State University Fixing JavaScript ECMAScript committee formed to carefully evolve the language.

558 views • 43 slides
Introduction Language of Web 2.0 Dynamic language used for large, structured web

Introduction Language of Web 2.0 Dynamic language used for large, structured web

Introduction Understanding the Dynamics of JavaScript JavaScript Sylvain Lebresne, Gregor Richards, Johan Ostlund, Tobias Measurements Wrigstad, Jan Vitek Purdue University Results July 6, 2009 Conclusions 1 / 28 2 / 28 Introduction

694 views • 7 slides
Confinement (Running Untrusted Programs) Chester Rebeiro Indian Institute of Technology Madras

Confinement (Running Untrusted Programs) Chester Rebeiro Indian Institute of Technology Madras

Confinement (Running Untrusted Programs) Chester Rebeiro Indian Institute of Technology Madras Untrusted Programs Untrusted Application Entire Application untrusted Part of application untrusted Modules or library untrusted

797 views • 46 slides
Programming Basics When it comes to being precise about an algorithm, a programming language is

Programming Basics When it comes to being precise about an algorithm, a programming language is

Programming Basics When it comes to being precise about an algorithm, a programming language is better than English The Plan We will learn JavaScript over the next few lectures JavaScript is used with HTML in Web pages JavaScript is a

341 views • 18 slides
Higgs A monitoring JIT for JavaScript Maxime Chevalier-Boisvert Dynamic Language Team

Higgs A monitoring JIT for JavaScript Maxime Chevalier-Boisvert Dynamic Language Team

Higgs A monitoring JIT for JavaScript Maxime Chevalier-Boisvert Dynamic Language Team Universit de Montral Higgs Tracing JIT for JavaScript Written in D + JS Second iteration of Tachyon compiler Simpler, more straightforward

697 views • 35 slides

More recommend