research report mitigating langsec problems with
play

Research Report: Mitigating LangSec Problems With Capabilities Or: - PowerPoint PPT Presentation

Oct 16, 2022 •272 likes •584 views

Tradition Sandstorm 95% of CVEs? Research Report: Mitigating LangSec Problems With Capabilities Or: How Sandstorm Taught Me to Stop Worrying and Love the Web Nathaniel Wesley Filardo May 26, 2016 1 / 14 Tradition Sandstorm 95% of CVEs?

  1. Tradition Sandstorm 95% of CVEs? Research Report: Mitigating LangSec Problems With Capabilities Or: How Sandstorm Taught Me to Stop Worrying and Love the Web Nathaniel Wesley Filardo May 26, 2016 1 / 14

  2. Tradition Sandstorm 95% of CVEs? One-Slide Elevator Pitch Actually two, related, pitches: ❼ Sandstorm’s capability-based design enables very fine-grained sandboxing of application software, which largely (sometimes completely!) mitigates the majority of LangSec bugs seen in practice. ❼ Capability systems offer the potential to turn difficult authorization decisions into LangSec’s bread and butter: syntactic constraints on requests; every well-formed request which can be stated is authorized. 2 / 14

  3. ❼ ❼ ❼ ❼ ❼ ❼ ❼ ❼ Tradition Sandstorm 95% of CVEs? Traditional Web Application Hosting The Sad Story Consider a standard LAMP-esque stack. ❼ Many co-hosted applications at different paths. ❼ Maybe have separate kernel UIDs when executing? 3 / 14

  4. ❼ ❼ ❼ ❼ ❼ ❼ Tradition Sandstorm 95% of CVEs? Traditional Web Application Hosting The Sad Story Consider a standard LAMP-esque stack. ❼ Many co-hosted applications at different paths. ❼ Maybe have separate kernel UIDs when executing? ❼ System design encourages ambient authority : ❼ esp. to filesystem, network resources. 3 / 14

  5. ❼ ❼ ❼ ❼ Tradition Sandstorm 95% of CVEs? Traditional Web Application Hosting The Sad Story Consider a standard LAMP-esque stack. ❼ Many co-hosted applications at different paths. ❼ Maybe have separate kernel UIDs when executing? ❼ System design encourages ambient authority : ❼ esp. to filesystem, network resources. ❼ Database processes per-server ❼ Own notion of users (typ. “app”) and permissions. 3 / 14

  6. ❼ Tradition Sandstorm 95% of CVEs? Traditional Web Application Hosting The Sad Story Consider a standard LAMP-esque stack. ❼ Many co-hosted applications at different paths. ❼ Maybe have separate kernel UIDs when executing? ❼ System design encourages ambient authority : ❼ esp. to filesystem, network resources. ❼ Database processes per-server ❼ Own notion of users (typ. “app”) and permissions. ❼ Client authn, authz up to each hosted application. ❼ Even SSO systems typically require application buy-in. ❼ Groups, ACLs, etc. per application. 3 / 14

  7. Tradition Sandstorm 95% of CVEs? Traditional Web Application Hosting The Sad Story Consider a standard LAMP-esque stack. ❼ Many co-hosted applications at different paths. ❼ Maybe have separate kernel UIDs when executing? ❼ System design encourages ambient authority : ❼ esp. to filesystem, network resources. ❼ Database processes per-server ❼ Own notion of users (typ. “app”) and permissions. ❼ Client authn, authz up to each hosted application. ❼ Even SSO systems typically require application buy-in. ❼ Groups, ACLs, etc. per application. ❼ Web’s failings left to apps: XSRF, XSS, SRI, . . . 3 / 14

  8. ❼ ❼ ❼ ❼ ❼ ❼ ❼ ❼ Tradition Sandstorm 95% of CVEs? Traditional Web Application Hosting The Impact of LangSec Bugs In this environment, what do LangSec bugs buy an attacker? ❼ Outright authn/authz confusion: ❼ Authn/authz cookie leak & replay ❼ XSRF & XSS 4 / 14

  9. ❼ ❼ ❼ ❼ Tradition Sandstorm 95% of CVEs? Traditional Web Application Hosting The Impact of LangSec Bugs In this environment, what do LangSec bugs buy an attacker? ❼ Outright authn/authz confusion: ❼ Authn/authz cookie leak & replay ❼ XSRF & XSS ❼ Path traversals: ❼ Access to intra-application resources (almost surely) ❼ Access to other applications’ resources (maybe) ❼ Access to system configuration (likely) 4 / 14

  10. Tradition Sandstorm 95% of CVEs? Traditional Web Application Hosting The Impact of LangSec Bugs In this environment, what do LangSec bugs buy an attacker? ❼ Outright authn/authz confusion: ❼ Authn/authz cookie leak & replay ❼ XSRF & XSS ❼ Path traversals: ❼ Access to intra-application resources (almost surely) ❼ Access to other applications’ resources (maybe) ❼ Access to system configuration (likely) ❼ Code injection: ❼ Probe file system, loopback network ❼ Make remote network connections ❼ Probe local kernel for vulnerabilities Too easy for bug in one application to impact entire server . 4 / 14

  11. ❼ ❼ ❼ ❼ ❼ ❼ ❼ ❼ ❼ Tradition Sandstorm 95% of CVEs? Sandstorm Application Hosting What a mess! Alternative design? Sweeping changes to design of system: ❼ Replace web server with application supervisor. ❼ Not “Web Application Firewall” ❼ No dynamic inspection of application display content! 5 / 14

  12. ❼ ❼ ❼ ❼ ❼ ❼ ❼ Tradition Sandstorm 95% of CVEs? Sandstorm Application Hosting What a mess! Alternative design? Sweeping changes to design of system: ❼ Replace web server with application supervisor. ❼ Not “Web Application Firewall” ❼ No dynamic inspection of application display content! ❼ Centralize authn to supervisor. ❼ Send user display information to application. 5 / 14

  13. ❼ ❼ ❼ ❼ Tradition Sandstorm 95% of CVEs? Sandstorm Application Hosting What a mess! Alternative design? Sweeping changes to design of system: ❼ Replace web server with application supervisor. ❼ Not “Web Application Firewall” ❼ No dynamic inspection of application display content! ❼ Centralize authn to supervisor. ❼ Send user display information to application. ❼ Centralize authz to supervisor (mostly). ❼ Applications enumerate possible “rights”. ❼ Supervisor computes agent’s rights; tells application. 5 / 14

  14. Tradition Sandstorm 95% of CVEs? Sandstorm Application Hosting What a mess! Alternative design? Sweeping changes to design of system: ❼ Replace web server with application supervisor. ❼ Not “Web Application Firewall” ❼ No dynamic inspection of application display content! ❼ Centralize authn to supervisor. ❼ Send user display information to application. ❼ Centralize authz to supervisor (mostly). ❼ Applications enumerate possible “rights”. ❼ Supervisor computes agent’s rights; tells application. ❼ Sandbox server-side resources very tightly . ❼ Each document in its own container is possible! ❼ Granularity up to application author and user. ❼ Possible due to centralized management of sharing. 5 / 14

  15. ❼ ❼ ❼ ❼ ❼ ❼ ❼ Tradition Sandstorm 95% of CVEs? Sandstorm Application Hosting What a mess! Alternative design? Old world: ❼ As admin, install application to web server (or find host) ❼ Users register with each application (or be anonymous) ❼ Application juggles many documents / objects / . . . ❼ User rights managed within each application 6 / 14

  16. Tradition Sandstorm 95% of CVEs? Sandstorm Application Hosting What a mess! Alternative design? Old world: ❼ As admin, install application to web server (or find host) ❼ Users register with each application (or be anonymous) ❼ Application juggles many documents / objects / . . . ❼ User rights managed within each application New world: ❼ As admin, install sandstorm server (or . . . ) ❼ Users register once with sandstorm installation (or . . . ) ❼ Users install arbitrary applications as desired! ❼ Users instantiate applications as “grains.” ❼ Each user may have zero or more grains of any app. ❼ Grains begin private to creator . ❼ Users share (and revoke) appropriate access to grains. 6 / 14

  17. Tradition Sandstorm 95% of CVEs? Sandstorm Application Hosting User’s Perspective 7 / 14

  18. Tradition Sandstorm 95% of CVEs? Sandstorm Application Hosting User’s Perspective 7 / 14

  19. Tradition Sandstorm 95% of CVEs? Sandstorm Application Hosting User’s Perspective https://main.sandstorm.acm.jhu.edu/shared/ pruMzgByO3ReRVV9tT5uQQyhwXJulmoMCSNSFutPjXJ 7 / 14

  20. ❼ ❼ ❼ ❼ Tradition Sandstorm 95% of CVEs? Sandstorm Application Hosting Supervisor’s Perspective Supervisor tracks capabilities conveying rights to grains: ❼ Each application specifies a collection of rights. ❼ ShareLaTeX: “read”, “write” ❼ DokuWiki: “user”, “manager”, “admin” ❼ When grain is created, owner gets all rights. ❼ Nobody else gets any rights 8 / 14

  21. Tradition Sandstorm 95% of CVEs? Sandstorm Application Hosting Supervisor’s Perspective Supervisor tracks capabilities conveying rights to grains: ❼ Each application specifies a collection of rights. ❼ ShareLaTeX: “read”, “write” ❼ DokuWiki: “user”, “manager”, “admin” ❼ When grain is created, owner gets all rights. ❼ Nobody else gets any rights ❼ Users delegate access to grains: ❼ Creates a new capability object held by designated user(s) or within a sharing link. ❼ Delegated access is a subset of delegator’s access. ❼ Sandstorm tracks provenance of rights & adjusts. 8 / 14

  22. ❼ ❼ ❼ ❼ Tradition Sandstorm 95% of CVEs? Sandstorm Application Hosting Supervisor’s Perspective Supervisor juggles sessions : user’s live connection to a grain. ❼ Grains started and stopped by supervisor as needed. 9 / 14

Recommend

Invertible Generative Models for Inverse Problems Mitigating Representation Error and Dataset Bias

Invertible Generative Models for Inverse Problems Mitigating Representation Error and Dataset Bias

Invertible Generative Models for Inverse Problems Mitigating Representation Error and Dataset Bias M. Asim, M. Daniels, O. Leong, P . Hand, A. Ahmed Inverse Problems with Generative Models as Image Priors Inverse Problems with Generative Models

369 views • 22 slides
Mitigating PQ Problems in Legacy Data Centers Boris V. Ilinets, P.E. Work supported in part by

Mitigating PQ Problems in Legacy Data Centers Boris V. Ilinets, P.E. Work supported in part by

SLAC-WP-083 Mitigating PQ Problems in Legacy Data Centers Boris V. Ilinets, P.E. Work supported in part by US Department of Energy contract DE-AC02-76SF00515. Introduction IEEE Std. 519-1992 [1] Sec. 6 stated that power electronics,

425 views • 30 slides
The Role of Urban Development Patterns in Mitigating the Effects of Tsunami Run-up: Final Report

The Role of Urban Development Patterns in Mitigating the Effects of Tsunami Run-up: Final Report

J-RAPID Final Symposium Sendai, Japan The Role of Urban Development Patterns in Mitigating the Effects of Tsunami Run-up: Final Report March 6, 2013 Fumio Yamazaki , Chiba University, Japan and Ronald T. Eguchi , ImageCat, Inc., USA 1

666 views • 38 slides
Structuring a Compensation Framework for Clinical Research Mitigating Fraud and Abuse Risks for

Structuring a Compensation Framework for Clinical Research Mitigating Fraud and Abuse Risks for

Presenting a live 90-minute webinar with interactive Q&A Structuring a Compensation Framework for Clinical Research Mitigating Fraud and Abuse Risks for Healthcare Providers, Navigating FMV in Clinical Research Budgeting, Lessons From Recent

911 views • 44 slides
Meredith L. Patterson Upstanding Hackers, Inc. LangSec@SPW May 21, 2015

Meredith L. Patterson Upstanding Hackers, Inc. LangSec@SPW May 21, 2015

Meredith L. Patterson Upstanding Hackers, Inc. LangSec@SPW May 21, 2015 https://github.com/UpstandingHackers/hammer All backends complete Packrat, GLR, LALR, LL(k), regex New combinators! h_endianness h_aligned

301 views • 5 slides
Remaining Hazards and Mitigating Patterns for Secure Mashups in EcmaScript 5 Mark S. Miller and

Remaining Hazards and Mitigating Patterns for Secure Mashups in EcmaScript 5 Mark S. Miller and

Remaining Hazards and Mitigating Patterns for Secure Mashups in EcmaScript 5 Mark S. Miller and the Cajadores Overview The Mashup Problem The Offensive and Defensive Code Problems JavaScript (EcmaScript) gets simpler ES3, ES5, ES5/strict,

716 views • 52 slides
NV: A Framework for Modeling and Verifying Network Configurations LangSec 2020 David Walker

NV: A Framework for Modeling and Verifying Network Configurations LangSec 2020 David Walker

NV: A Framework for Modeling and Verifying Network Configurations LangSec 2020 David Walker Princeton University Collaborators Nick Giannarakis Devon Loehr Tim Thijm Ratul Mahajan Ryan Beckett Aarti Gupta (UW) (Microsoft) Language-Based

1.27k views • 57 slides
& session languages Erik Poll Joeri de Ruiter Aleksy Schubert LangSec

& session languages Erik Poll Joeri de Ruiter Aleksy Schubert LangSec

Protocol state machines & session languages Erik Poll Joeri de Ruiter Aleksy Schubert LangSec workshop @ IEEE Security & Privacy, 2015 Input languages: messages & sessions Handling inputs involves language of

405 views • 26 slides
Mitigating Seabird Mitigating Seabird Interactions with Interactions with Trawl Nets Trawl

Mitigating Seabird Mitigating Seabird Interactions with Interactions with Trawl Nets Trawl

Mitigating Seabird Mitigating Seabird Interactions with Interactions with Trawl Nets Trawl Nets Clement & Associates Ltd FISHERIES ADVISORS & ANALYSTS Objectives Objectives Characterise the nature and extent of

730 views • 35 slides
Caradoc: a Pragmatic Approach to PDF Parsing and Validation IEEE Security & Privacy LangSec

Caradoc: a Pragmatic Approach to PDF Parsing and Validation IEEE Security & Privacy LangSec

Caradoc: a Pragmatic Approach to PDF Parsing and Validation IEEE Security & Privacy LangSec Workshop 2016 Guillaume Endignoux Olivier Levillain Jean-Yves Migeon cole Polytechnique, France EPFL, Switzerland ANSSI, France Thursday 26 th

842 views • 35 slides
Building a Wide Reach Corpus for Secure Parser Development LangSec 2020 May 21, 2020 The Team

Building a Wide Reach Corpus for Secure Parser Development LangSec 2020 May 21, 2020 The Team

Click to add text Building a Wide Reach Corpus for Secure Parser Development LangSec 2020 May 21, 2020 The Team Chris Mattmann Tim Allison Tom Barber Wayne Burke Valentino Constantinou Edwin Goh Deputy CTO Files and Search Doer/Maker

467 views • 42 slides
Unambiguous Encapsulation Separating Data and Signaling LangSec workshop 2015 Michael Ossmann

Unambiguous Encapsulation Separating Data and Signaling LangSec workshop 2015 Michael Ossmann

Unambiguous Encapsulation Separating Data and Signaling LangSec workshop 2015 Michael Ossmann Primary on Unambiguous Encapsulation Creator of multiple OSHW projects, Ubertooth, HackRF, Daisho, YARD Stick One Founder of Great Scott Gadgets

570 views • 38 slides
NASEM Study Statement of Task Examine the potential use of biotechnology for mitigating

NASEM Study Statement of Task Examine the potential use of biotechnology for mitigating

NASEM Study Statement of Task Examine the potential use of biotechnology for mitigating threats to forest tree health Identify the ecological, economic, social implications of deploying biotechnology in forests Develop a research

338 views • 21 slides
UNCHAINED Mitigating your Hidden Risks Louise Beaumont Colin Levins Waldo de Vleeschauwer True

UNCHAINED Mitigating your Hidden Risks Louise Beaumont Colin Levins Waldo de Vleeschauwer True

SUPPLIER FINANCE UNCHAINED Mitigating your Hidden Risks Louise Beaumont Colin Levins Waldo de Vleeschauwer True stories Report published by Zurich Survey comprised of Senior Management 500 UK companies Five sectors Zurich

430 views • 21 slides
Novel Approaches for Mitigating Plasma Disruptions and Runaway Electrons in Tokamak ADITYA by R.

Novel Approaches for Mitigating Plasma Disruptions and Runaway Electrons in Tokamak ADITYA by R.

Novel Approaches for Mitigating Plasma Disruptions and Runaway Electrons in Tokamak ADITYA by R. L. Tanna Institute for Plasma Research, India (Contribution from ADITYA Team) 23-01-2015 25th IAEA/Fusion Engineering Conference (FEC)-2014,

554 views • 20 slides
Mitigating Stress: What Neuroscience Teaches Us About Virtual Work and Collaboration Ryan J.

Mitigating Stress: What Neuroscience Teaches Us About Virtual Work and Collaboration Ryan J.

Mitigating Stress: What Neuroscience Teaches Us About Virtual Work and Collaboration Ryan J. Mullenix , AIA Megha Parekh Sinha , AICP, LEED AP BD+C Partner, NBBJ Principal, NBBJ Mitigating Stress Dr. John Medina Professor of Bioengineering,

1.01k views • 33 slides
Research also indicate that elimination of mental health problems such as anxiety and depression

Research also indicate that elimination of mental health problems such as anxiety and depression

Happiness depends on mental health according to the Origins of happiness report Research also indicate that elimination of mental health problems such as anxiety and depression increased happiness by 20% COVID-19 may represent an unprecedented

317 views • 6 slides
Mitigating high energy anomalous signals in the CMS barrel Electromagnetic Calorimeter Summary

Mitigating high energy anomalous signals in the CMS barrel Electromagnetic Calorimeter Summary

Mitigating high energy anomalous signals in the CMS barrel Electromagnetic Calorimeter Summary report Ali Farzanehfar University of Southampton University of Southampton Spike mitigation May 28, 2015 1 / 33 May 28, 2015 Introduction

717 views • 43 slides
Heap Models For Exploit Systems IEEE Security and Privacy LangSec Workshop 2015 Julien Vanegue

Heap Models For Exploit Systems IEEE Security and Privacy LangSec Workshop 2015 Julien Vanegue

Heap Models For Exploit Systems IEEE Security and Privacy LangSec Workshop 2015 Julien Vanegue Bloomberg L.P. New York, USA. May 24, 2015 Big picture : The Automated Exploitation Grand Challenge A Security Exploit is a program taking

451 views • 23 slides
Perspectives and Successes in Mitigating Methane Emissions from Energy Pipelines Robert Smith

Perspectives and Successes in Mitigating Methane Emissions from Energy Pipelines Robert Smith

Perspectives and Successes in Mitigating Methane Emissions from Energy Pipelines Robert Smith Research Manager & Climate Change/Methane Actions SME Methane Emissions from California's Natural Gas System: Challenges and Solutions

1.07k views • 27 slides
The geometry of syntax and semantics for directed file transformations Steve Huntsman 1 Michael

The geometry of syntax and semantics for directed file transformations Steve Huntsman 1 Michael

IEEE S&P 2020 LangSec workshop The geometry of syntax and semantics for directed file transformations Steve Huntsman 1 Michael Robinson 2 1 FAST Labs / Cyber Technology 2 American University 21 May 2020 IEEE S&P 2020 LangSec workshop

723 views • 50 slides
Draft Mitigating COVID-19 Impacts in the Workplace Policy Personnel Committee Meeting June

Draft Mitigating COVID-19 Impacts in the Workplace Policy Personnel Committee Meeting June

Draft Mitigating COVID-19 Impacts in the Workplace Policy Personnel Committee Meeting June 3, 2020 TRANSFORMING WASTEWATER TO RESOURCES Background Mitigating COVID-19 Impacts Ensuring the health and safety of District employees is

397 views • 10 slides
Learning Approaches to Post-Hoc LangSec Sheridan Curley and & Dr. Richard Harang (ARL) The

Learning Approaches to Post-Hoc LangSec Sheridan Curley and & Dr. Richard Harang (ARL) The

UNCLASSIFIED UNCLASSIFIED Grammatical Inference and Machine Learning Approaches to Post-Hoc LangSec Sheridan Curley and & Dr. Richard Harang (ARL) The Nations Premier Laboratory for Land Forces The Nations Premier Laboratory for Land

424 views • 18 slides
Mitigating Geomagnetic Induced Currents Using Surge Arresters ALBERTO RAMIREZ MITIGATING

Mitigating Geomagnetic Induced Currents Using Surge Arresters ALBERTO RAMIREZ MITIGATING

Mitigating Geomagnetic Induced Currents Using Surge Arresters ALBERTO RAMIREZ MITIGATING GEOMAGNETIC INDUCED CURRENTS USING SURGE ARRESTERS Alberto Ramirez Orquin Vanessa Ramirez University of Puerto Rico

656 views • 29 slides

More recommend