Security Types for Web Applications Introduction Goals Browser - PowerPoint PPT Presentation

Security Types for Web Applications Antoine Delignat- Our contribution Lavaud ◮ We focus our attention on the client-side interactions. ◮ We conducted a review on the security of host-proof web applications and found a Introduction Goals variety of attack vectors. Browser security Our contribution ◮ We investigated the problem of loading Review of Host-Proof trusted JavaScript code into an untrusted Web Applications Host-Proof Application Design environment. Ciphertext Integrity URL Authentication ◮ We propose a subset of JavaScript we belive Code/data separation Key management is safe to use in such environments. Defensive JavaScript Attacks to defend against ◮ We implemented a type system able to Type system Applications check if a given script belongs to that subset. Conclusion and Future Work ∨ 5 / 40

Security Types for Web Applications Antoine Delignat- Our contribution Lavaud ◮ We focus our attention on the client-side interactions. ◮ We conducted a review on the security of host-proof web applications and found a Introduction Goals variety of attack vectors. Browser security Our contribution ◮ We investigated the problem of loading Review of Host-Proof trusted JavaScript code into an untrusted Web Applications Host-Proof Application Design environment. Ciphertext Integrity URL Authentication ◮ We propose a subset of JavaScript we belive Code/data separation Key management is safe to use in such environments. Defensive JavaScript Attacks to defend against ◮ We implemented a type system able to Type system Applications check if a given script belongs to that subset. Conclusion and Future Work ∨ 5 / 40

Security Types for Host-Proof Application Design Web Applications Antoine Delignat- Lavaud User Introduction Application Client Goals Content Server Browser security Our contribution Review of Host-Proof Web Applications Host-Proof Application Design Ciphertext Integrity URL Authentication Code/data separation Key management Defensive JavaScript Attacks to defend against Type system Hacker X Sensitive data Applications Conclusion and Future Work ∨ 6 / 40

Security Types for Host-Proof Application Design Web Applications Antoine Delignat- Lavaud User Introduction Application Client Goals Content Server Browser security Our contribution Review of Host-Proof Web Applications Host-Proof Application Design Ciphertext Integrity URL Authentication Code/data separation Key management Defensive JavaScript Attacks to defend against Type system Hacker X Sensitive data Applications Conclusion and Future Work ∨ 6 / 40

Security Types for Encrypted cloud storage Web Applications Antoine Delignat- Lavaud Friends? User sharing Introduction CSRF App Website Server authentication Goals Browser security Our contribution encrypted data Review of Host-Proof Hacker Web Applications decryption script Host-Proof Application Design Ciphertext Integrity URL Authentication XSS Code/data separation key Key management decryption Defensive JavaScript Attacks to defend against Type system Decrypted Data Hacker Applications Conclusion and Future Work ∨ 7 / 40

Security Types for Encrypted cloud storage Web Applications Antoine Delignat- Lavaud Friends? User sharing Introduction CSRF App Website Server authentication Goals Browser security Our contribution encrypted data Review of Host-Proof Hacker Web Applications decryption script Host-Proof Application Design Ciphertext Integrity URL Authentication XSS Code/data separation key Key management decryption Defensive JavaScript Attacks to defend against Type system Decrypted Data Hacker Applications Conclusion and Future Work ∨ 7 / 40

Security Types for Encrypted cloud storage Web Applications Antoine Delignat- Lavaud Friends? User sharing Introduction CSRF App Website Server authentication Goals Browser security Our contribution encrypted data Review of Host-Proof Hacker Web Applications malicious script Host-Proof Application Design Ciphertext Integrity URL Authentication XSS Code/data separation key Key management decryption Defensive JavaScript Attacks to defend against Type system Decrypted Data Hacker Applications Conclusion and Future Work ∨ 7 / 40

Security Types for Encrypted cloud storage Web Applications Antoine Delignat- Lavaud Friends? User sharing Introduction CSRF App Website Server authentication Goals Browser security Our contribution encrypted data Review of Host-Proof Hacker Web Applications decryption script Host-Proof Application Design Ciphertext Integrity URL Authentication XSS Code/data separation key Key management decryption Defensive JavaScript Attacks to defend against Type system Decrypted Data Hacker Applications Conclusion and Future Work ∨ 7 / 40

Security Types for Password Manager Browser Extension Web Applications Antoine Delignat- Lavaud App Code Server session Introduction Goals Browser security Our contribution Review of Host-Proof User password URL Web Applications Host-Proof Application Design Ciphertext Integrity URL Authentication Code/data separation Key management Host Page Defensive JavaScript Attacks to defend against Type system Applications Conclusion and Future Work ∨ 8 / 40

Security Types for Password Manager Browser Extension Web Applications Antoine Delignat- Lavaud App Code Server session Introduction Goals Browser security Our contribution Review of Host-Proof User password URL Web Applications Host-Proof Application Design Ciphertext Integrity URL Authentication Code/data separation Key management Host Page Defensive JavaScript Attacks to defend against Type system Applications Conclusion and Future Work ∨ 8 / 40

Security Types for Password Manager Browser Extension Web Applications Antoine Delignat- Lavaud App Code Server session Introduction Goals Browser security Our contribution Review of Host-Proof User password URL Web Applications Host-Proof Application Design Ciphertext Integrity URL Authentication Code/data separation Key management Host Page Defensive JavaScript Attacks to defend against Type system Applications Conclusion and Future Work ∨ 8 / 40

Security Types for Password Manager Browser Extension Web Applications Antoine Delignat- Lavaud App Code Server session Introduction Goals Browser security Our contribution Review of Host-Proof User password URL Web Applications Host-Proof Application Design Ciphertext Integrity URL Authentication Code/data separation Key management Host Page Defensive JavaScript Attacks to defend against Type system Applications Conclusion and Future Work ∨ 8 / 40

Security Types for Password Manager Bookmarklet Web Applications Antoine Delignat- Lavaud secret App Code Server session Introduction Goals Browser security session intention Our contribution Review of Host-Proof User URL password Web Applications Host-Proof Application Design Ciphertext Integrity URL Authentication Code/data separation Key management App Website Host Page Defensive JavaScript Attacks to defend against Type system Applications Conclusion and Future Work ∨ 9 / 40

Security Types for Password Manager Bookmarklet Web Applications Antoine Delignat- Lavaud secret App Code Server session Introduction Goals Browser security session intention Our contribution Review of Host-Proof User URL password Web Applications Host-Proof Application Design Ciphertext Integrity URL Authentication Code/data separation Key management App Website Host Page Defensive JavaScript Attacks to defend against Type system Applications Conclusion and Future Work ∨ 9 / 40

Security Types for Password Manager Bookmarklet Web Applications Antoine Delignat- Lavaud secret App Code Server session Introduction Goals Browser security session intention Our contribution Review of Host-Proof User URL password Web Applications Host-Proof Application Design Ciphertext Integrity URL Authentication Code/data separation Key management App Website Host Page Defensive JavaScript Attacks to defend against Type system Applications Conclusion and Future Work ∨ 9 / 40

Security Types for Password Manager Bookmarklet Web Applications Antoine Delignat- Lavaud secret App Code Server session Introduction Goals Browser security session intention Our contribution Review of Host-Proof User URL password Web Applications Host-Proof Application Design Ciphertext Integrity URL Authentication Code/data separation Key management App Website Host Page Defensive JavaScript Attacks to defend against Type system Applications Conclusion and Future Work ∨ 9 / 40

Security Types for Password Manager Bookmarklet Web Applications Antoine Delignat- Lavaud secret App Code Server session Introduction Goals Browser security session intention Our contribution Review of Host-Proof User URL password Web Applications Host-Proof Application Design Ciphertext Integrity URL Authentication Code/data separation Key management App Website Host Page Defensive JavaScript Attacks to defend against Type system Applications Conclusion and Future Work ∨ 9 / 40

Security Types for Password Manager Bookmarklet Web Applications Antoine Delignat- Lavaud secret App Code Server session Introduction Goals Browser security session intention Our contribution Review of Host-Proof User URL password Web Applications Host-Proof Application Design Ciphertext Integrity URL Authentication Code/data separation Key management App Website Host Page Defensive JavaScript Attacks to defend against Type system Applications Conclusion and Future Work ∨ 9 / 40

Security Types for Password Manager Bookmarklet Web Applications Antoine Delignat- Lavaud secret App Code Server session Introduction Goals Browser security session intention Our contribution Review of Host-Proof User URL password Web Applications Host-Proof Application Design Ciphertext Integrity URL Authentication Code/data separation Key management App Website Host Page Defensive JavaScript Attacks to defend against Type system Applications Conclusion and Future Work ∨ 9 / 40

Security Types for Attacks Web Applications Antoine Delignat- Lavaud What can go wrong? Introduction ◮ Incorrect use of crypto. Goals Browser security Our contribution ◮ Usual web attacks (XSS/CSRF). Review of Host-Proof Web Applications ◮ No data/code separation. Host-Proof Application Design Ciphertext Integrity ◮ Bad key management. URL Authentication Code/data separation Key management Defensive JavaScript Attacks to defend against Type system Applications Conclusion and Future Work ∨ 10 / 40

Security Types for Attacks Web Applications Antoine Delignat- Lavaud What can go wrong? Introduction ◮ Incorrect use of crypto. Goals Browser security Our contribution ◮ Usual web attacks (XSS/CSRF). Review of Host-Proof Web Applications ◮ No data/code separation. Host-Proof Application Design Ciphertext Integrity ◮ Bad key management. URL Authentication Code/data separation Key management Defensive JavaScript Attacks to defend against Type system Applications Conclusion and Future Work ∨ 10 / 40

Security Types for Attacks Web Applications Antoine Delignat- Lavaud What can go wrong? Introduction ◮ Incorrect use of crypto. Goals Browser security Our contribution ◮ Usual web attacks (XSS/CSRF). Review of Host-Proof Web Applications ◮ No data/code separation. Host-Proof Application Design Ciphertext Integrity ◮ Bad key management. URL Authentication Code/data separation Key management Defensive JavaScript Attacks to defend against Type system Applications Conclusion and Future Work ∨ 10 / 40

Security Types for Attacks Web Applications Antoine Delignat- Lavaud What can go wrong? Introduction ◮ Incorrect use of crypto. Goals Browser security Our contribution ◮ Usual web attacks (XSS/CSRF). Review of Host-Proof Web Applications ◮ No data/code separation. Host-Proof Application Design Ciphertext Integrity ◮ Bad key management. URL Authentication Code/data separation Key management Defensive JavaScript Attacks to defend against Type system Applications Conclusion and Future Work ∨ 10 / 40

Security Types for No ciphertext integrity protection Web Applications Antoine Delignat- Lavaud RoboForm Passcard ❯❘▲✸✿❊♥❝♦❞❡✭❯❘▲✮ Introduction ✰P❘❖❚❊❈❚❊❉✲✷✰ Goals Browser security ❁ ENC k ✭✉s❡r♥❛♠❡✱♣❛ss✇♦r❞✮❃ Our contribution Review of Host-Proof Web Applications Host-Proof Application Design 1Password Keychain Ciphertext Integrity URL Authentication ④✧✉✉✐❞✧✿✳✳✳✱✧t✐t❧❡✧✿✳✳✳✱ ✧❧♦❝❛t✐♦♥✧✿❯❘▲✱ Code/data separation Key management ✧❡♥❝r②♣t❡❞✧✿❁ ENC k ✭✉s❡r♥❛♠❡✱♣❛ss✇♦r❞✮❃⑥ Defensive JavaScript Attacks to defend against Type system Applications Conclusion and Future Work ∨ 11 / 40

Security Types for No ciphertext integrity protection Web Applications Antoine Delignat- Lavaud Friend share User ❣♦♦❣❧❡✳❝♦♠ ❊◆❈✭✉✱ ♣✮ Introduction Goals Browser security Application Client Our contribution Content Server Review of Host-Proof Web Applications ❣♦♦❣❧❡✳❝♦♠ Host-Proof Application Design Ciphertext Integrity ❊◆❈✭✉✱ ♣✮ URL Authentication Code/data separation Key management Defensive JavaScript p Attacks to defend against Type system p Applications google.com Hacker Conclusion and Future Work ∨ 12 / 40

Security Types for No ciphertext integrity protection Web Applications Antoine Delignat- Lavaud Friend share User ❣♦♦❣❧❡✳❝♦♠ ❊◆❈✭✉✱ ♣✮ Introduction Goals Browser security Application Client Our contribution Content Server Review of Host-Proof Web Applications ❜❛❞✳❝♦♠ Host-Proof Application Design Ciphertext Integrity ❊◆❈✭✉✱ ♣✮ URL Authentication Code/data separation Key management Defensive JavaScript p Attacks to defend against Type system p Applications bad.com Hacker Conclusion and Future Work ∨ 12 / 40

Security Types for No ciphertext integrity protection Web Applications Antoine Delignat- Lavaud Friend share User ❣♦♦❣❧❡✳❝♦♠ ❊◆❈✭✉✱ ♣✮ Introduction Goals Browser security Application Client Our contribution Content Server Review of Host-Proof Web Applications ❣♦♦❣❧❡✳❝♦♠ Host-Proof Application Design Ciphertext Integrity ❊◆❈✭✉✱ ♣✮ URL Authentication Code/data separation Key management Defensive JavaScript p Attacks to defend against Type system p Applications google.com Hacker Conclusion and Future Work ∨ 12 / 40

Security Types for Web Applications Antoine Delignat- Classic problem: URL authenticating Lavaud ◮ Browser extension-based password managers; ◮ Match URL with password database in JS. ◮ Error-prone RegExp matching. Introduction Goals parseUri pattern Browser security Our contribution ✴❫✭❄✿✭❬❫✿❭✴❄★❪✰✮✿✮❄✭❄✿❭✴❭✴✭✭❄✿✭✭❬❫✿❅❪✯✮ Review of Host-Proof Web Applications ✭❄✿✿✭❬❫✿❅❪✯✮✮❄✮❄❅✮❄✭❬❫✿❭✴❄★❪✯✮✭❄✿✿✭❭❞✯✮✮❄✮✮❄ Host-Proof Application Design Ciphertext Integrity ✭✭✭✭❄✿❬❫❄★❭✴❪✯❭✴✮✯✮✭❬❫❄★❪✯✮✮✭❄✿❭❄✭❬❫★❪✯✮✮❄ URL Authentication Code/data separation ✭❄✿★✭✳✯✮✮❄✮✴ Key management Defensive JavaScript Attacks to defend against Incorrect Type system Applications ❤tt♣✿✴✴❜❛❞✳❝♦♠✴★❅❛❝❝♦✉♥ts✳❣♦♦❣❧❡✳❝♦♠ Conclusion and Future Work ∨ 13 / 40

Security Types for Web Applications Antoine Delignat- Classic problem: URL authenticating Lavaud ◮ Browser extension-based password managers; ◮ Match URL with password database in JS. ◮ Error-prone RegExp matching. Introduction Goals parseUri pattern Browser security Our contribution ✴❫✭❄✿✭❬❫✿❭✴❄★❪✰✮✿✮❄✭❄✿❭✴❭✴✭✭❄✿✭✭❬❫✿❅❪✯✮ Review of Host-Proof Web Applications ✭❄✿✿✭❬❫✿❅❪✯✮✮❄✮❄❅✮❄✭❬❫✿❭✴❄★❪✯✮✭❄✿✿✭❭❞✯✮✮❄✮✮❄ Host-Proof Application Design Ciphertext Integrity ✭✭✭✭❄✿❬❫❄★❭✴❪✯❭✴✮✯✮✭❬❫❄★❪✯✮✮✭❄✿❭❄✭❬❫★❪✯✮✮❄ URL Authentication Code/data separation ✭❄✿★✭✳✯✮✮❄✮✴ Key management Defensive JavaScript Attacks to defend against Incorrect Type system Applications ❤tt♣✿✴✴❜❛❞✳❝♦♠✴★❅❛❝❝♦✉♥ts✳❣♦♦❣❧❡✳❝♦♠ Conclusion and Future Work ∨ 13 / 40

Security Types for Web Applications Antoine Delignat- Classic problem: URL authenticating Lavaud ◮ Browser extension-based password managers; ◮ Match URL with password database in JS. ◮ Error-prone RegExp matching. Introduction Goals parseUri pattern Browser security Our contribution ✴❫✭❄✿✭❬❫✿❭✴❄★❪✰✮✿✮❄✭❄✿❭✴❭✴✭✭❄✿✭✭❬❫✿❅❪✯✮ Review of Host-Proof Web Applications ✭❄✿✿✭❬❫✿❅❪✯✮✮❄✮❄❅✮❄✭❬❫✿❭✴❄★❪✯✮✭❄✿✿✭❭❞✯✮✮❄✮✮❄ Host-Proof Application Design Ciphertext Integrity ✭✭✭✭❄✿❬❫❄★❭✴❪✯❭✴✮✯✮✭❬❫❄★❪✯✮✮✭❄✿❭❄✭❬❫★❪✯✮✮❄ URL Authentication Code/data separation ✭❄✿★✭✳✯✮✮❄✮✴ Key management Defensive JavaScript Attacks to defend against Incorrect Type system Applications ❤tt♣✿✴✴❜❛❞✳❝♦♠✴★❅❛❝❝♦✉♥ts✳❣♦♦❣❧❡✳❝♦♠ Conclusion and Future Work ∨ 13 / 40

Security Types for Web Applications Antoine Delignat- Classic problem: URL authenticating Lavaud ◮ Browser extension-based password managers; ◮ Match URL with password database in JS. ◮ Error-prone RegExp matching. Introduction Goals parseUri pattern Browser security Our contribution ✴❫✭❄✿✭❬❫✿❭✴❄★❪✰✮✿✮❄✭❄✿❭✴❭✴✭✭❄✿✭✭❬❫✿❅❪✯✮ Review of Host-Proof Web Applications ✭❄✿✿✭❬❫✿❅❪✯✮✮❄✮❄❅✮❄✭❬❫✿❭✴❄★❪✯✮✭❄✿✿✭❭❞✯✮✮❄✮✮❄ Host-Proof Application Design Ciphertext Integrity ✭✭✭✭❄✿❬❫❄★❭✴❪✯❭✴✮✯✮✭❬❫❄★❪✯✮✮✭❄✿❭❄✭❬❫★❪✯✮✮❄ URL Authentication Code/data separation ✭❄✿★✭✳✯✮✮❄✮✴ Key management Defensive JavaScript Attacks to defend against Incorrect Type system Applications ❤tt♣✿✴✴❜❛❞✳❝♦♠✴★❅❛❝❝♦✉♥ts✳❣♦♦❣❧❡✳❝♦♠ Conclusion and Future Work ∨ 13 / 40

Security Types for Web Applications Antoine Delignat- Classic problem: URL authenticating Lavaud ◮ Browser extension-based password managers; ◮ Match URL with password database in JS. ◮ Error-prone RegExp matching. Introduction Goals parseUri pattern Browser security Our contribution ✴❫✭❄✿✭❬❫✿❭✴❄★❪✰✮✿✮❄✭❄✿❭✴❭✴✭✭❄✿✭✭❬❫✿❅❪✯✮ Review of Host-Proof Web Applications ✭❄✿✿✭❬❫✿❅❪✯✮✮❄✮❄❅✮❄✭❬❫✿❭✴❄★❪✯✮✭❄✿✿✭❭❞✯✮✮❄✮✮❄ Host-Proof Application Design Ciphertext Integrity ✭✭✭✭❄✿❬❫❄★❭✴❪✯❭✴✮✯✮✭❬❫❄★❪✯✮✮✭❄✿❭❄✭❬❫★❪✯✮✮❄ URL Authentication Code/data separation ✭❄✿★✭✳✯✮✮❄✮✴ Key management Defensive JavaScript Attacks to defend against Incorrect Type system Applications ❤tt♣✿✴✴❜❛❞✳❝♦♠✴★❅❛❝❝♦✉♥ts✳❣♦♦❣❧❡✳❝♦♠ Conclusion and Future Work ∨ 13 / 40

Security Types for Fishing attack on 1Password extension Web Applications Antoine Delignat- Lavaud URL parsing code ✈❛r ❤r❡❢ ❂ ❣❡t❇r♦✇s❡r✭✮✳❝♦♥t❡♥t❲✐♥❞♦✇ ✳❧♦❝❛t✐♦♥✳❤r❡❢ ✰ ✧✴✧❀ ✈❛r ❞♦♠❛✐♥ ❂ ❤r❡❢✳r❡♣❧❛❝❡✭ Introduction ✴❫❤tt♣❬s❪✯✿❭✴❭✴✭✳✯❄✮❭✴✳✯✩✴✐✱ ✧✩✶✧✮❀ Goals Browser security ✈❛r ♠✐❞❞❧❡ ❂ ❞♦♠❛✐♥✳r❡♣❧❛❝❡✭ Our contribution Review of Host-Proof ✴❫✭✇✇✇✳✮✯✭✳✯✮✴✐✱ ✧✩✷✧✮❀ Web Applications Host-Proof Application Design Ciphertext Integrity URL Authentication r❡t✉r♥ ♠✐❞❞❧❡✳s✉❜str✐♥❣✭✵✱✶✮✳t♦❯♣♣❡r❈❛s❡✭✮ ✰ Code/data separation Key management ♠✐❞❞❧❡✳s✉❜str✐♥❣✭✶✱♠✐❞❞❧❡✳❧❡♥❣t❤✮❀ Defensive JavaScript Attacks to defend against Type system Fishing URL Applications Conclusion and ❤tt♣✿✴✴✇✇✇✳❣♦♦❣❧❡✳❝♦♠✿①①①❅❜❛❞✳❝♦♠ Future Work ∨ 14 / 40

Security Types for Fishing attack on 1Password extension Web Applications Antoine Delignat- Lavaud URL parsing code ✈❛r ❤r❡❢ ❂ ❣❡t❇r♦✇s❡r✭✮✳❝♦♥t❡♥t❲✐♥❞♦✇ ✳❧♦❝❛t✐♦♥✳❤r❡❢ ✰ ✧✴✧❀ ✈❛r ❞♦♠❛✐♥ ❂ ❤r❡❢✳r❡♣❧❛❝❡✭ Introduction ✴❫❤tt♣❬s❪✯✿❭✴❭✴✭✳✯❄✮❭✴✳✯✩✴✐✱ ✧✩✶✧✮❀ Goals Browser security ✈❛r ♠✐❞❞❧❡ ❂ ❞♦♠❛✐♥✳r❡♣❧❛❝❡✭ Our contribution Review of Host-Proof ✴❫✭✇✇✇✳✮✯✭✳✯✮✴✐✱ ✧✩✷✧✮❀ Web Applications Host-Proof Application Design Ciphertext Integrity URL Authentication r❡t✉r♥ ♠✐❞❞❧❡✳s✉❜str✐♥❣✭✵✱✶✮✳t♦❯♣♣❡r❈❛s❡✭✮ ✰ Code/data separation Key management ♠✐❞❞❧❡✳s✉❜str✐♥❣✭✶✱♠✐❞❞❧❡✳❧❡♥❣t❤✮❀ Defensive JavaScript Attacks to defend against Type system Fishing URL Applications Conclusion and ❤tt♣✿✴✴✇✇✇✳❣♦♦❣❧❡✳❝♦♠✿①①①❅❜❛❞✳❝♦♠ Future Work ∨ 14 / 40

Security Types for 1Password fishing attack Web Applications Antoine Delignat- Lavaud Server 1Password session Introduction Goals Browser security Our contribution Google Review of Host-Proof User Fishing URL Web Applications password Host-Proof Application Design Ciphertext Integrity URL Authentication Code/data separation Key management Attacker Defensive JavaScript Attacks to defend against Type system Applications Conclusion and Future Work ∨ 15 / 40

Security Types for 1Password fishing attack Web Applications Antoine Delignat- Lavaud Server 1Password session Introduction Goals Browser security Our contribution Google Review of Host-Proof User Fishing URL Web Applications password Host-Proof Application Design Ciphertext Integrity URL Authentication Code/data separation Key management Attacker Defensive JavaScript Attacks to defend against Type system Applications Conclusion and Future Work ∨ 15 / 40

Security Types for 1Password fishing attack Web Applications Antoine Delignat- Lavaud Server 1Password session Introduction Goals Browser security Our contribution Google Review of Host-Proof User Fishing URL Web Applications password Host-Proof Application Design Ciphertext Integrity URL Authentication Code/data separation Key management Attacker Defensive JavaScript Attacks to defend against Type system Applications Conclusion and Future Work ∨ 15 / 40

Security Types for Code/data separation Web Applications Antoine Delignat- Lavaud Web interfaces Introduction ◮ Hard to maintain client-side decryption due Goals Browser security to Javascript limitations. Our contribution Review of Host-Proof ◮ Login form exposed to web attacks. Web Applications Host-Proof Application Design ◮ Decryption in the same scope as various GUI Ciphertext Integrity URL Authentication and user data. Code/data separation Key management Defensive JavaScript Attacks to defend against Type system Applications Conclusion and Future Work ∨ 16 / 40

Security Types for Code/data separation Web Applications Antoine Delignat- Lavaud Web interfaces Introduction ◮ Hard to maintain client-side decryption due Goals Browser security to Javascript limitations. Our contribution Review of Host-Proof ◮ Login form exposed to web attacks. Web Applications Host-Proof Application Design ◮ Decryption in the same scope as various GUI Ciphertext Integrity URL Authentication and user data. Code/data separation Key management Defensive JavaScript Attacks to defend against Type system Applications Conclusion and Future Work ∨ 16 / 40

Security Types for Code/data separation Web Applications Antoine Delignat- Lavaud Web interfaces Introduction ◮ Hard to maintain client-side decryption due Goals Browser security to Javascript limitations. Our contribution Review of Host-Proof ◮ Login form exposed to web attacks. Web Applications Host-Proof Application Design ◮ Decryption in the same scope as various GUI Ciphertext Integrity URL Authentication and user data. Code/data separation Key management Defensive JavaScript Attacks to defend against Type system Applications Conclusion and Future Work ∨ 16 / 40

Security Types for SpiderOak Web Applications Antoine Delignat- Lavaud User Introduction Goals Browser security Our contribution SpiderOak Attacker Server Review of Host-Proof Web Applications JSONP query session Host-Proof Application Design Ciphertext Integrity URL Authentication JSON listing JSON listing Code/data separation Key management Defensive JavaScript Attacks to defend against Type system Applications Conclusion and Future Work ∨ 17 / 40

Security Types for SpiderOak Web Applications Antoine Delignat- Lavaud User Introduction Goals Browser security Our contribution SpiderOak Attacker Server Review of Host-Proof Web Applications JSONP query session Host-Proof Application Design Ciphertext Integrity URL Authentication JSON listing JSON listing Code/data separation Key management Defensive JavaScript Attacks to defend against Type system Applications Conclusion and Future Work ∨ 17 / 40

Security Types for SpiderOak Web Applications Antoine Delignat- Lavaud User Introduction Goals Browser security Our contribution SpiderOak Attacker Server Review of Host-Proof Web Applications JSONP query session Host-Proof Application Design Ciphertext Integrity URL Authentication JSON listing JSON listing Code/data separation Key management Defensive JavaScript Attacks to defend against Type system Applications Conclusion and Future Work ∨ 17 / 40

Security Types for SpiderOak Web Applications Antoine Delignat- Lavaud Query ❤tt♣s✿✴✴s♣✐❞❡r♦❛❦✳❝♦♠✴st♦r❛❣❡✴❁✉✸✷❃✴❄❝❛❧❧❜❛❝❦❂❢ Result Introduction ❢✭④ Goals Browser security ✧st❛ts✧✿ ④ Our contribution Review of Host-Proof ✧❢✐rst♥❛♠❡✧✿ ✧✳✳✳✧✱ Web Applications Host-Proof Application Design ✧❧❛st♥❛♠❡✧✿ ✧✳✳✳✧✱ Ciphertext Integrity URL Authentication ✧❞❡✈✐❝❡s✧✿ ✳✳✳✱ Code/data separation Key management ⑥✱ Defensive JavaScript ✧❞❡✈✐❝❡s✧✿ ❬ Attacks to defend against Type system ❬✧♣❝✶✧✱ ✧♣❝✶✴✧❪✱❬✧❧❛♣t♦♣✧✱ ✧❧❛♣t♦♣✴✧❪✱✳✳✳ Applications ❪ Conclusion and Future Work ⑥✮ ∨ 18 / 40

Security Types for SpiderOak Web Applications Antoine Delignat- Lavaud Query ❤tt♣s✿✴✴s♣✐❞❡r♦❛❦✳❝♦♠✴st♦r❛❣❡✴❁✉✸✷❃✴s❤❛r❡s Result Introduction ④ Goals Browser security ✧s❤❛r❡❴r♦♦♠s✧ ✿ ❬ Our contribution Review of Host-Proof ✧✉r❧✧ ✿ ✧✴❜r♦✇s❡✴s❤❛r❡✴❁✐❞❃✴❁❦❡②❃✧✱ Web Applications Host-Proof Application Design ✧r♦♦♠❴❦❡②✧ ✿ ✧❁❦❡②❃✧✱ Ciphertext Integrity URL Authentication ✧r♦♦♠❴❞❡s❝r✐♣t✐♦♥✧ ✿ ✧✧ ✱ Code/data separation Key management ✧r♦♦♠❴♥❛♠❡✧✿ ✧❁r♦♦♠❃✧ Defensive JavaScript ❪✱ Attacks to defend against Type system ✧s❤❛r❡❴✐❞✧ ✿ ✧❁✐❞❃✧✱ Applications ✧s❤❛r❡❴✐❞❴❜✸✷✧ ✿ ✧❁✉✸✷❃✧ Conclusion and Future Work ⑥ ∨ 19 / 40

Security Types for Key management Web Applications Antoine Delignat- Lavaud A difficult challenge Introduction Goals ◮ All applications implement some form of Browser security Our contribution sharing. Review of Host-Proof ◮ Full database vs per-entry dilemma. Web Applications Host-Proof Application Design Ciphertext Integrity ◮ Bias towards features rather than security. URL Authentication Code/data separation Key management Defensive JavaScript Attacks to defend against Type system Applications Conclusion and Future Work ∨ 20 / 40

Security Types for Key management Web Applications Antoine Delignat- Lavaud A difficult challenge Introduction Goals ◮ All applications implement some form of Browser security Our contribution sharing. Review of Host-Proof ◮ Full database vs per-entry dilemma. Web Applications Host-Proof Application Design Ciphertext Integrity ◮ Bias towards features rather than security. URL Authentication Code/data separation Key management Defensive JavaScript Attacks to defend against Type system Applications Conclusion and Future Work ∨ 20 / 40

Security Types for Key management Web Applications Antoine Delignat- Lavaud A difficult challenge Introduction Goals ◮ All applications implement some form of Browser security Our contribution sharing. Review of Host-Proof ◮ Full database vs per-entry dilemma. Web Applications Host-Proof Application Design Ciphertext Integrity ◮ Bias towards features rather than security. URL Authentication Code/data separation Key management Defensive JavaScript Attacks to defend against Type system Applications Conclusion and Future Work ∨ 20 / 40

Security Types for LastPass login bookmarklet Web Applications Antoine Delignat- Lavaud s Server Bookmarklet D , Enc s , r ( K ) , r session Introduction Goals Browser security session intention Our contribution Review of Host-Proof K User rootkit K Web Applications Host-Proof Application Design Ciphertext Integrity URL Authentication Code/data separation Key management App Website Attacker Defensive JavaScript Attacks to defend against Type system Applications Conclusion and Future Work ∨ 21 / 40

Security Types for LastPass login bookmarklet Web Applications Antoine Delignat- Lavaud s Server Bookmarklet D , Enc s , r ( K ) , r session Introduction Goals Browser security session intention Our contribution Review of Host-Proof K User rootkit K Web Applications Host-Proof Application Design Ciphertext Integrity URL Authentication Code/data separation Key management App Website Attacker Defensive JavaScript Attacks to defend against Type system Applications Conclusion and Future Work ∨ 21 / 40

Security Types for LastPass login bookmarklet Web Applications Antoine Delignat- Lavaud s Server Bookmarklet D , Enc s , r ( K ) , r session Introduction Goals Browser security session intention Our contribution Review of Host-Proof K User rootkit K Web Applications Host-Proof Application Design Ciphertext Integrity URL Authentication Code/data separation Key management App Website Attacker Defensive JavaScript Attacks to defend against Type system Applications Conclusion and Future Work ∨ 21 / 40

Security Types for LastPass login bookmarklet Web Applications Antoine Delignat- Lavaud s Server Bookmarklet D , Enc s , r ( K ) , r session Introduction Goals Browser security session intention Our contribution Review of Host-Proof K User rootkit K Web Applications Host-Proof Application Design Ciphertext Integrity URL Authentication Code/data separation Key management App Website Attacker Defensive JavaScript Attacks to defend against Type system Applications Conclusion and Future Work ∨ 21 / 40

Security Types for LastPass login bookmarklet Web Applications Antoine Delignat- Lavaud s Server Bookmarklet D , Enc s , r ( K ) , r session Introduction Goals Browser security session intention Our contribution Review of Host-Proof K User rootkit K Web Applications Host-Proof Application Design Ciphertext Integrity URL Authentication Code/data separation Key management App Website Attacker Defensive JavaScript Attacks to defend against Type system Applications Conclusion and Future Work ∨ 21 / 40

Security Types for LastPass login bookmarklet Web Applications Antoine Delignat- Lavaud s Server Bookmarklet D , Enc s , r ( K ) , r session Introduction Goals Browser security session intention Our contribution Review of Host-Proof K User rootkit K Web Applications Host-Proof Application Design Ciphertext Integrity URL Authentication Code/data separation Key management App Website Attacker Defensive JavaScript Attacks to defend against Type system Applications Conclusion and Future Work ∨ 21 / 40

Security Types for Key recovery by rootkiting Web Applications Antoine Delignat- Lavaud Key recovery by rootkiting ❢✉♥❝t✐♦♥ ❴▲P❴❙❚❆❘❚✭✮ ④ ❴▲P ❂ ♥❡✇ ❴▲P❴❈❖◆❚❆■◆❊❘✭✮❀ Introduction ✈❛r ❞ ❂ ④❁❡♥❝r②♣t❡❞ ❢♦r♠ ❞❛t❛❃⑥❀ Goals Browser security ❴▲P✳s❡t❱❛rs✭❞✱ ✬❁✉s❡r❃✬✱ Our contribution Review of Host-Proof ✬❁❡♥❝r②♣t❡❞❴❦❡②❃✬✱ ❴▲❆❙❚P❆❙❙❴❘❆◆❉✱ ✳✳✳✮❀ Web Applications ❴▲P✳❜♠▼✉❧t✐✭♥✉❧❧✱ ♥✉❧❧✮❀ Host-Proof Application Design Ciphertext Integrity ⑥ URL Authentication Code/data separation Key management Defensive JavaScript Ben Adida, Adam Barth and Collin Jackson Attacks to defend against Rootkits for JavaScript environments Type system Applications WOOT’2009 Conclusion and Future Work ∨ 22 / 40

Security Types for Defensive JavaScript Web Applications Antoine Delignat- Lavaud Challenges of JavaScript static analysis ◮ Implicit initialization and global definition of undeclared variables. ◮ Dynamic property access and creation. Introduction ◮ Weak, dynamic types ( ✶✰✧①✧✱ ✧✶✳✶✧❂❂✶✳✶ ), Goals Browser security Our contribution implicit function calls for conversions Review of Host-Proof ( ✈❛❧✉❡❖❢✱ t♦❙tr✐♥❣ ). Web Applications Host-Proof Application Design ◮ No distinction between functions, methods Ciphertext Integrity URL Authentication and constructors. Code/data separation Key management ◮ No static scoping ( t❤✐s , ✇✐t❤ ). Defensive JavaScript Attacks to defend against ◮ Prototype chain inheritence, redefineable Type system Applications prototypes for base objects. Conclusion and Future Work ◮ Getters and setters. ∨ 23 / 40

Security Types for Defensive JavaScript Web Applications Antoine Delignat- Lavaud Challenges of JavaScript static analysis ◮ Implicit initialization and global definition of undeclared variables. ◮ Dynamic property access and creation. Introduction ◮ Weak, dynamic types ( ✶✰✧①✧✱ ✧✶✳✶✧❂❂✶✳✶ ), Goals Browser security Our contribution implicit function calls for conversions Review of Host-Proof ( ✈❛❧✉❡❖❢✱ t♦❙tr✐♥❣ ). Web Applications Host-Proof Application Design ◮ No distinction between functions, methods Ciphertext Integrity URL Authentication and constructors. Code/data separation Key management ◮ No static scoping ( t❤✐s , ✇✐t❤ ). Defensive JavaScript Attacks to defend against ◮ Prototype chain inheritence, redefineable Type system Applications prototypes for base objects. Conclusion and Future Work ◮ Getters and setters. ∨ 23 / 40

Security Types for Defensive JavaScript Web Applications Antoine Delignat- Lavaud Challenges of JavaScript static analysis ◮ Implicit initialization and global definition of undeclared variables. ◮ Dynamic property access and creation. Introduction ◮ Weak, dynamic types ( ✶✰✧①✧✱ ✧✶✳✶✧❂❂✶✳✶ ), Goals Browser security Our contribution implicit function calls for conversions Review of Host-Proof ( ✈❛❧✉❡❖❢✱ t♦❙tr✐♥❣ ). Web Applications Host-Proof Application Design ◮ No distinction between functions, methods Ciphertext Integrity URL Authentication and constructors. Code/data separation Key management ◮ No static scoping ( t❤✐s , ✇✐t❤ ). Defensive JavaScript Attacks to defend against ◮ Prototype chain inheritence, redefineable Type system Applications prototypes for base objects. Conclusion and Future Work ◮ Getters and setters. ∨ 23 / 40

Security Types for Defensive JavaScript Web Applications Antoine Delignat- Lavaud Challenges of JavaScript static analysis ◮ Implicit initialization and global definition of undeclared variables. ◮ Dynamic property access and creation. Introduction ◮ Weak, dynamic types ( ✶✰✧①✧✱ ✧✶✳✶✧❂❂✶✳✶ ), Goals Browser security Our contribution implicit function calls for conversions Review of Host-Proof ( ✈❛❧✉❡❖❢✱ t♦❙tr✐♥❣ ). Web Applications Host-Proof Application Design ◮ No distinction between functions, methods Ciphertext Integrity URL Authentication and constructors. Code/data separation Key management ◮ No static scoping ( t❤✐s , ✇✐t❤ ). Defensive JavaScript Attacks to defend against ◮ Prototype chain inheritence, redefineable Type system Applications prototypes for base objects. Conclusion and Future Work ◮ Getters and setters. ∨ 23 / 40

Security Types for Defensive JavaScript Web Applications Antoine Delignat- Lavaud Challenges of JavaScript static analysis ◮ Implicit initialization and global definition of undeclared variables. ◮ Dynamic property access and creation. Introduction ◮ Weak, dynamic types ( ✶✰✧①✧✱ ✧✶✳✶✧❂❂✶✳✶ ), Goals Browser security Our contribution implicit function calls for conversions Review of Host-Proof ( ✈❛❧✉❡❖❢✱ t♦❙tr✐♥❣ ). Web Applications Host-Proof Application Design ◮ No distinction between functions, methods Ciphertext Integrity URL Authentication and constructors. Code/data separation Key management ◮ No static scoping ( t❤✐s , ✇✐t❤ ). Defensive JavaScript Attacks to defend against ◮ Prototype chain inheritence, redefineable Type system Applications prototypes for base objects. Conclusion and Future Work ◮ Getters and setters. ∨ 23 / 40

Security Types for Defensive JavaScript Web Applications Antoine Delignat- Lavaud Challenges of JavaScript static analysis ◮ Implicit initialization and global definition of undeclared variables. ◮ Dynamic property access and creation. Introduction ◮ Weak, dynamic types ( ✶✰✧①✧✱ ✧✶✳✶✧❂❂✶✳✶ ), Goals Browser security Our contribution implicit function calls for conversions Review of Host-Proof ( ✈❛❧✉❡❖❢✱ t♦❙tr✐♥❣ ). Web Applications Host-Proof Application Design ◮ No distinction between functions, methods Ciphertext Integrity URL Authentication and constructors. Code/data separation Key management ◮ No static scoping ( t❤✐s , ✇✐t❤ ). Defensive JavaScript Attacks to defend against ◮ Prototype chain inheritence, redefineable Type system Applications prototypes for base objects. Conclusion and Future Work ◮ Getters and setters. ∨ 23 / 40

Security Types for Defensive JavaScript Web Applications Antoine Delignat- Lavaud Challenges of JavaScript static analysis ◮ Implicit initialization and global definition of undeclared variables. ◮ Dynamic property access and creation. Introduction ◮ Weak, dynamic types ( ✶✰✧①✧✱ ✧✶✳✶✧❂❂✶✳✶ ), Goals Browser security Our contribution implicit function calls for conversions Review of Host-Proof ( ✈❛❧✉❡❖❢✱ t♦❙tr✐♥❣ ). Web Applications Host-Proof Application Design ◮ No distinction between functions, methods Ciphertext Integrity URL Authentication and constructors. Code/data separation Key management ◮ No static scoping ( t❤✐s , ✇✐t❤ ). Defensive JavaScript Attacks to defend against ◮ Prototype chain inheritence, redefineable Type system Applications prototypes for base objects. Conclusion and Future Work ◮ Getters and setters. ∨ 23 / 40

Security Types for Attacks to defend against Web Applications Antoine Delignat- Lavaud Scoping problem Undeclared variables are implicitely global. Introduction Attack example Goals Browser security Our contribution ❢✉♥❝t✐♦♥ ❴▲P❴❙❚❆❘❚✭✮ ④ Review of Host-Proof ❴▲P ❂ ♥❡✇ ❴▲P❴❈❖◆❚❆■◆❊❘✭✮❀ Web Applications Host-Proof Application Design ✈❛r ❞ ❂ ④❁❡♥❝r②♣t❡❞ ❢♦r♠ ❞❛t❛❃⑥❀ Ciphertext Integrity URL Authentication ❴▲P✳s❡t❱❛rs✭❞✱ ✬❁✉s❡r❃✬✱ Code/data separation Key management ✬❁❡♥❝r②♣t❡❞❴❦❡②❃✬✱ ❴▲❆❙❚P❆❙❙❴❘❆◆❉✱ ✳✳✳✮❀ Defensive JavaScript ❴▲P✳❜♠▼✉❧t✐✭♥✉❧❧✱ ♥✉❧❧✮❀ Attacks to defend against Type system ⑥ Applications Conclusion and Future Work ∨ 24 / 40

Security Types for Scoping problem Web Applications Antoine Delignat- Lavaud Solution ◮ We use a monomorphic type inference Introduction Goals system. Browser security Our contribution ◮ We forbid features that break lexical scoping: Review of Host-Proof Web Applications ❛r❣✉♠❡♥ts✳❝❛❧❧❡r , ✇✐t❤✭♦✮ Host-Proof Application Design Ciphertext Integrity ◮ We need to distinguish functions and URL Authentication Code/data separation methods. Key management Defensive JavaScript Attacks to defend against Type system Applications Conclusion and Future Work ∨ 25 / 40

Security Types for Scoping problem Web Applications Antoine Delignat- Lavaud Solution ◮ We use a monomorphic type inference Introduction Goals system. Browser security Our contribution ◮ We forbid features that break lexical scoping: Review of Host-Proof Web Applications ❛r❣✉♠❡♥ts✳❝❛❧❧❡r , ✇✐t❤✭♦✮ Host-Proof Application Design Ciphertext Integrity ◮ We need to distinguish functions and URL Authentication Code/data separation methods. Key management Defensive JavaScript Attacks to defend against Type system Applications Conclusion and Future Work ∨ 25 / 40

Security Types for Scoping problem Web Applications Antoine Delignat- Lavaud Solution ◮ We use a monomorphic type inference Introduction Goals system. Browser security Our contribution ◮ We forbid features that break lexical scoping: Review of Host-Proof Web Applications ❛r❣✉♠❡♥ts✳❝❛❧❧❡r , ✇✐t❤✭♦✮ Host-Proof Application Design Ciphertext Integrity ◮ We need to distinguish functions and URL Authentication Code/data separation methods. Key management Defensive JavaScript Attacks to defend against Type system Applications Conclusion and Future Work ∨ 25 / 40

Security Types for Attacks to defend against Web Applications Antoine Delignat- Lavaud Implicit function calls Some type casts implicitely call redefineable functions. Introduction Goals Browser security Our contribution Attack example Review of Host-Proof Web Applications ✴✴ ❆tt❛❝❦❡r Host-Proof Application Design Ciphertext Integrity ❖❜❥❡❝t✳♣r♦t♦t②♣❡✳✈❛❧✉❡❖❢ ❂ URL Authentication Code/data separation ❢✉♥❝t✐♦♥✭✮④st❡❛❧✭t❤✐s✳s❡❝r❡t✮⑥❀ Key management ✴✴ ❯♥s❛❢❡ ❝♦❞❡ Defensive JavaScript Attacks to defend against ❛ ❂ ④s❡❝r❡t✿✧①✧⑥ ✰ ✶ Type system Applications Conclusion and Future Work ∨ 26 / 40

Security Types for Implicit function calls Web Applications Antoine Delignat- Lavaud Solution Introduction Goals ◮ Monomorphic operators. Browser security Our contribution ◮ Exceptions for safe typecasts (logical Review of Host-Proof Web Applications negation). Host-Proof Application Design Ciphertext Integrity URL Authentication Code/data separation Key management Defensive JavaScript Attacks to defend against Type system Applications Conclusion and Future Work ∨ 27 / 40

Security Types for Implicit function calls Web Applications Antoine Delignat- Lavaud Solution Introduction Goals ◮ Monomorphic operators. Browser security Our contribution ◮ Exceptions for safe typecasts (logical Review of Host-Proof Web Applications negation). Host-Proof Application Design Ciphertext Integrity URL Authentication Code/data separation Key management Defensive JavaScript Attacks to defend against Type system Applications Conclusion and Future Work ∨ 27 / 40

Security Types for Attacks to defend against Web Applications Antoine Delignat- Lavaud Source code leaks The source of functions published to the page is public. Attack example Introduction Goals Browser security ✴✴ ❆tt❛❝❦❡r Our contribution ✇✐♥❞♦✇✳r❡❣✐st❡r❊✈❡♥t▲✐st❡♥❡r ❂ Review of Host-Proof Web Applications ❢✉♥❝t✐♦♥✭t✱❢✮④st❡❛❧✭❢✰✬✬✮⑥❀ Host-Proof Application Design Ciphertext Integrity ✴✴ ❯♥s❛❢❡ ❝♦❞❡ URL Authentication Code/data separation ✇✐♥❞♦✇✳r❡❣✐st❡r❊✈❡♥t▲✐st❡♥❡r✭✧♠❡ss❛❣❡✧✱ Key management ❢✉♥❝t✐♦♥✭♠✮ Defensive JavaScript Attacks to defend against ④ Type system Applications ✐❢✭♠❂❂✧s❡❝r❡t✧✮ ❞♦❆❝t✐♦♥✭✮❀ Conclusion and ⑥ Future Work ✮❀ ∨ 28 / 40

Security Types for Source code leaks Web Applications Antoine Delignat- Lavaud Solution Functions posted to the page must be wrapped Introduction Goals in a function defined inside a ✇✐t❤ literal: Browser security Our contribution Review of Host-Proof ✇✐t❤✭④❢✿❢✉♥❝t✐♦♥✭♠✮④✐❢✭♠❂❂✧s❡❝r❡t✧✮ ❣✭✮❀⑥⑥✮ Web Applications Host-Proof Application Design r❡❣✐st❡r❊✈❡♥t▲✐st❡♥❡r✭✧♠❡ss❛❣❡✧✱ Ciphertext Integrity URL Authentication ❢✉♥❝t✐♦♥✭♠✮④r❡t✉r♥ ❢✭♠✮❀⑥ Code/data separation Key management ✮❀ Defensive JavaScript Attacks to defend against Type system Applications Conclusion and Future Work ∨ 29 / 40

Security Types for Attacks to defend against Web Applications Antoine Delignat- Lavaud Prototype poisoning Accessing or creating a non-literal property can cause calls to prototype functions. Introduction Goals Attack example Browser security Our contribution Review of Host-Proof ✴✴ ❆tt❛❝❦❡r Web Applications ❖❜❥❡❝t✳♣r♦t♦t②♣❡✳❴❴❞❡❢✐♥❡❙❡tt❡r❴❴✭✧s❡❝r❡t✧✱ Host-Proof Application Design Ciphertext Integrity ❢✉♥❝t✐♦♥✭✈✮④st❡❛❧✭✈✮❀⑥ URL Authentication Code/data separation ✮❀ Key management Defensive JavaScript ✴✴ ❯♥s❛❢❡ ❝♦❞❡ Attacks to defend against Type system ✈❛r ♦ ❂ ④⑥❀ Applications ♦✳s❡❝r❡t ❂ ✶✷✸❀ Conclusion and Future Work ∨ 30 / 40

Security Types for Prototype poisoning Web Applications Antoine Delignat- Lavaud Solution ◮ Completely literal definition of objects and arrays. Introduction Goals ◮ No dynamic accessor (main restriction). Browser security Our contribution ◮ Type inference infers minimal set of property Review of Host-Proof Web Applications that must be defined in object. Host-Proof Application Design Ciphertext Integrity ◮ When applied to literal object, verify object URL Authentication Code/data separation Key management signatures are compatible. Defensive JavaScript ◮ For arrays, check bounds on length. Attacks to defend against Type system Applications Conclusion and Future Work ∨ 31 / 40

Security Types for Prototype poisoning Web Applications Antoine Delignat- Lavaud Solution ◮ Completely literal definition of objects and arrays. Introduction Goals ◮ No dynamic accessor (main restriction). Browser security Our contribution ◮ Type inference infers minimal set of property Review of Host-Proof Web Applications that must be defined in object. Host-Proof Application Design Ciphertext Integrity ◮ When applied to literal object, verify object URL Authentication Code/data separation Key management signatures are compatible. Defensive JavaScript ◮ For arrays, check bounds on length. Attacks to defend against Type system Applications Conclusion and Future Work ∨ 31 / 40

Security Types for Prototype poisoning Web Applications Antoine Delignat- Lavaud Solution ◮ Completely literal definition of objects and arrays. Introduction Goals ◮ No dynamic accessor (main restriction). Browser security Our contribution ◮ Type inference infers minimal set of property Review of Host-Proof Web Applications that must be defined in object. Host-Proof Application Design Ciphertext Integrity ◮ When applied to literal object, verify object URL Authentication Code/data separation Key management signatures are compatible. Defensive JavaScript ◮ For arrays, check bounds on length. Attacks to defend against Type system Applications Conclusion and Future Work ∨ 31 / 40

Security Types for Prototype poisoning Web Applications Antoine Delignat- Lavaud Solution ◮ Completely literal definition of objects and arrays. Introduction Goals ◮ No dynamic accessor (main restriction). Browser security Our contribution ◮ Type inference infers minimal set of property Review of Host-Proof Web Applications that must be defined in object. Host-Proof Application Design Ciphertext Integrity ◮ When applied to literal object, verify object URL Authentication Code/data separation Key management signatures are compatible. Defensive JavaScript ◮ For arrays, check bounds on length. Attacks to defend against Type system Applications Conclusion and Future Work ∨ 31 / 40

Security Types for Prototype poisoning Web Applications Antoine Delignat- Lavaud Solution ◮ Completely literal definition of objects and arrays. Introduction Goals ◮ No dynamic accessor (main restriction). Browser security Our contribution ◮ Type inference infers minimal set of property Review of Host-Proof Web Applications that must be defined in object. Host-Proof Application Design Ciphertext Integrity ◮ When applied to literal object, verify object URL Authentication Code/data separation Key management signatures are compatible. Defensive JavaScript ◮ For arrays, check bounds on length. Attacks to defend against Type system Applications Conclusion and Future Work ∨ 31 / 40

Security Types for Attacks to defend against Web Applications Antoine Delignat- Lavaud Functions and methods A method used outside an object binds t❤✐s to Introduction the global object. Goals Browser security Our contribution Attack example Review of Host-Proof Web Applications Host-Proof Application Design ✴✴ ❯♥s❛❢❡ ❝♦❞❡ Ciphertext Integrity URL Authentication ✇✐t❤✭④s❡❝r❡t✿ ✧①✧✱ Code/data separation Key management ❢✿❢✉♥❝t✐♦♥✭✮④t❤✐s✳s❡❝r❡t ❂ ✧②✧⑥⑥✮ Defensive JavaScript ✭❢✉♥❝t✐♦♥✭✮④ ✈❛r ❣ ❂ ❢❀ ❣✭✮⑥✮✭✮❀ Attacks to defend against Type system Applications Conclusion and Future Work ∨ 32 / 40

Security Types for Functions and methods Web Applications Antoine Delignat- Lavaud Solution ◮ Two sets of rules for functions and methods (if Introduction t❤✐s is used). Goals Browser security ◮ Methods have an an additional condition: Our contribution the object in which they are defined must Review of Host-Proof Web Applications have a signature compatible with the set of Host-Proof Application Design Ciphertext Integrity properties of t❤✐s used in the function. URL Authentication Code/data separation Key management ◮ Annoying special case for ✇✐t❤ -bound Defensive JavaScript methods. Attacks to defend against Type system Applications Conclusion and Future Work ∨ 33 / 40

Security Types for Functions and methods Web Applications Antoine Delignat- Lavaud Solution ◮ Two sets of rules for functions and methods (if Introduction t❤✐s is used). Goals Browser security ◮ Methods have an an additional condition: Our contribution the object in which they are defined must Review of Host-Proof Web Applications have a signature compatible with the set of Host-Proof Application Design Ciphertext Integrity properties of t❤✐s used in the function. URL Authentication Code/data separation Key management ◮ Annoying special case for ✇✐t❤ -bound Defensive JavaScript methods. Attacks to defend against Type system Applications Conclusion and Future Work ∨ 33 / 40

Security Types for Functions and methods Web Applications Antoine Delignat- Lavaud Solution ◮ Two sets of rules for functions and methods (if Introduction t❤✐s is used). Goals Browser security ◮ Methods have an an additional condition: Our contribution the object in which they are defined must Review of Host-Proof Web Applications have a signature compatible with the set of Host-Proof Application Design Ciphertext Integrity properties of t❤✐s used in the function. URL Authentication Code/data separation Key management ◮ Annoying special case for ✇✐t❤ -bound Defensive JavaScript methods. Attacks to defend against Type system Applications Conclusion and Future Work ∨ 33 / 40

Security Types for Type system Web Applications Antoine Delignat- Lavaud � τ � ::= number | boolean | string | undefined | α , β Type variable | τ → τ ˜ Arrow Introduction Goals | τ [ ρ ] → τ ˜ Method Browser security Our contribution | [ τ ] n Final Array Review of Host-Proof | [ τ ] � k Array schema Web Applications Host-Proof Application Design | ρ ∗ Final object Ciphertext Integrity URL Authentication | ρ Object schema Code/data separation Key management Defensive JavaScript � ρ � ::= { l 1 : τ 1 , . . . , l n : τ n } Attacks to defend against Type system Applications Conclusion and Future Work ∨ 34 / 40

Security Types for Scoping: function rule Web Applications Antoine Delignat- Lavaud body = ( var y 1 = e 1 , . . . y m = e m ; s ; return r ) Introduction Goals λ = fresh () α = fresh () ˜ Browser security Our contribution ∀ j � m , Γ , f : λ, ˜ x : ˜ α, ( y i : µ i ) i < j ⊢ e j : µ j Review of Host-Proof Γ , f : λ, ˜ α, ˜ x : ˜ y : ˜ µ ⊢ s : undefined ; r : τ r Web Applications Host-Proof Application Design U ( λ, ˜ α → τ r ) Ciphertext Integrity Fun URL Authentication Γ ⊢ function f (˜ x ) { body } : ˜ α → τ r Code/data separation Key management Defensive JavaScript Attacks to defend against Type system Applications Conclusion and Future Work ∨ 35 / 40

Security Types for Object and Array accessors Web Applications Antoine Delignat- Lavaud Introduction τ = fresh () Γ ⊢ e : σ U ( { l : τ } , σ ) Goals Browser security PropR Our contribution Γ ⊢ e . l : τ Review of Host-Proof Web Applications τ = fresh () Γ ⊢ e : σ U ([ τ ] � n + 1 , σ ) Host-Proof Application Design ArrR Ciphertext Integrity Γ ⊢ e [ n ] : τ URL Authentication Code/data separation Key management Defensive JavaScript Attacks to defend against Type system Applications Conclusion and Future Work ∨ 36 / 40

Security Types for Dynamic accessors Web Applications Antoine Delignat- Lavaud Adding dynamic checks It’s impossible to program without dynamic array accessors. We introduce a dynamic check that can be safely typed: Introduction � dyn_accessor � ::= Goals Browser security | ( � x � = @identifier) ‘ ❬ ’ � expression � Our contribution Review of Host-Proof ‘ ✫ ’ @posint ‘ ✪ ’ � x � ‘ ✳❧❡♥❣t❤ ❪ ’ Web Applications | @identifier ‘ ❬ ’ � expression � ‘ ✫ ’ @posint ‘ ❪ ’ Host-Proof Application Design Ciphertext Integrity URL Authentication Code/data separation Key management Γ ⊢ x : [ τ ] � 1 Γ ⊢ e : int n ∈ N ∗ Defensive JavaScript Attacks to defend against Γ ⊢ x [ e & n % x . length ] : τ Type system Applications Γ ⊢ x : [ τ ] � n Γ ⊢ e : int n ≡ 0 [ 2 ] Conclusion and Future Work Γ ⊢ x [ e & n ] : τ ∨ 37 / 40

Security Types for Applications Web Applications Antoine Delignat- Lavaud Implementation ◮ We implemented a JavaScript parser and our Introduction type system in OCaml. Goals Browser security ◮ We implemented defensive versions of Our contribution Review of Host-Proof HMAC-SHA-256 and AES-256-CBC and Web Applications ensured that they were well-typed in our Host-Proof Application Design Ciphertext Integrity system. URL Authentication Code/data separation Key management ◮ We used these primitives to build a safe Defensive JavaScript version of the LastPass bookmarklet. Attacks to defend against Type system Applications Conclusion and Future Work ∨ 38 / 40

Security Types for Applications Web Applications Antoine Delignat- Lavaud Implementation ◮ We implemented a JavaScript parser and our Introduction type system in OCaml. Goals Browser security ◮ We implemented defensive versions of Our contribution Review of Host-Proof HMAC-SHA-256 and AES-256-CBC and Web Applications ensured that they were well-typed in our Host-Proof Application Design Ciphertext Integrity system. URL Authentication Code/data separation Key management ◮ We used these primitives to build a safe Defensive JavaScript version of the LastPass bookmarklet. Attacks to defend against Type system Applications Conclusion and Future Work ∨ 38 / 40