the browser as a secure platform
play

The Browser as a Secure Platform for Loosely Coupled, Private-Data - PowerPoint PPT Presentation

Aug 19, 2023 •560 likes •745 views

The Browser as a Secure Platform for Loosely Coupled, Private-Data Mashups Ben Adida C enter for R esearch on C omputation and S ociety Harvard University 24 May 2007 web mashups : interesting combinations. Aggressive web 2.0

  1. The Browser as a Secure Platform for Loosely Coupled, Private-Data Mashups Ben Adida C enter for R esearch on C omputation and S ociety Harvard University 24 May 2007

  2. web mashups : interesting combinations.

  3. Aggressive “web 2.0” development will continue. Can we make the browser a better platform?

  4. Service #1 Service #2 • mashup service selects Mashup which sources to combine. Service • all data flows through the mashup service. • (most of) mashup logic on the mashup server. great for public data services

  5. web applications increasingly manage private data

  6. Mashup Service #1 Service #2 Service • authentication handled independently by each service • no data flows through the mashup service • logic runs in the browser. more interesting for private data.

  7. Mashup Service Service #1 Service #2 • Service #2 is “injected” into Service #1 • loose coupling : Service #2 doesn’t necessarily know about Service #1 ahead of time. • using a bookmarklet or a browser extension

  8. del.icio.us

  12. Problems • bookmarklet runs in current page’s context unstable API - bad for stability and security. • bookmarklet limited to on-the-fly downloads vulnerable to pharming attacks. • extension has full control over all browsing requires significant trust in extension!

  13. Suggested Enhancements

  14. 1. JavaScript Isolation with_cleanslate { // access DOM // call standard JavaScript API // ... }

  15. 2. Fine-Grained Permissions • Limited Awakening: extension takes control only when the user invokes it. • Limited Network Access: extension can access only hosts on which it is invoked.

  16. 3. Metadata-Mediated Extensions • web services contain structured data. • the data type triggers 1a 1b 1c Service #2 the appropriate extension. structured data • the extension can contact (microformat, RDFa,...) its own web-based service. • (extension may not even need to contact 1a, 1b, 1c.) watch for the Operator FF Extension

  17. Browser = Platform • Isolation • Fine-Grained Permissions • Structured Data for Inter-Application Communication Enhancements are backwards-compatible with today’s web

  18. http://flickr.com/photos/hollywoodpoodle/373053089/ Questions? http://ben.adida.net/presentations/

Recommend

GWT-Gears The Browser is the Platform The Browser is the Platform Didier Girard

GWT-Gears The Browser is the Platform The Browser is the Platform Didier Girard

GWT-Gears The Browser is the Platform The Browser is the Platform Didier Girard girard.d@sfeir.com Sfeir CTO Member of OSSGTP Before starting, some questions Who knows javascript ? Who is a javascript expert ? Who knows java ?

1.57k views • 93 slides
Run Any Software in a Browser NVIDIA GTC, April 7, 2016 What is Frame? Frame is a secure cloud

Run Any Software in a Browser NVIDIA GTC, April 7, 2016 What is Frame? Frame is a secure cloud

Run Any Software in a Browser NVIDIA GTC, April 7, 2016 What is Frame? Frame is a secure cloud platform that lets organizations deliver amazing experiences and workflows to users on all connected devices . Pixels user input Confidential Why

540 views • 21 slides
Corey Clark PhD Daniel Montgomery Web Dev Platform Cross Cross Platform Browser HTML5 Web

Corey Clark PhD Daniel Montgomery Web Dev Platform Cross Cross Platform Browser HTML5 Web

Corey Clark PhD Daniel Montgomery Web Dev Platform Cross Cross Platform Browser HTML5 Web Web WebGL Socket Worker Optimized Parallel Hardware Communication Acceleration Processing Channel Web Workers JaHOVA OS Internal APIs

957 views • 38 slides
Requirements for Secure Device Authentication Iden&ty in the browser

Requirements for Secure Device Authentication Iden&ty in the browser

Requirements for Secure Device Authentication Iden&ty in the browser workshop, 24-25 May 2011, Mountain View Mark Watson, Mitch Zollinger, Wesley Miaw 1

327 views • 9 slides
Network and Information Security (NIS) Platform WG3 Secure ICT Research & Innovation Fabio

Network and Information Security (NIS) Platform WG3 Secure ICT Research & Innovation Fabio

Network and Information Security (NIS) Platform WG3 Secure ICT Research & Innovation Fabio Martinelli CNR Raul Riesco Granadino INCIBE (Chairs) NIS Platform WG3 Secure ICT Research & Innovation Outline WG3 Main deliverables

392 views • 17 slides
jsprobes cross-platform browser instrumentation using JavaScript Brian Burg (@brrian /

jsprobes cross-platform browser instrumentation using JavaScript Brian Burg (@brrian /

jsprobes cross-platform browser instrumentation using JavaScript Brian Burg (@brrian / burg@cs.uw.edu) Background: browser research template 1 2 3

781 views • 23 slides
Virtels Browser -Based 3270 Terminal Emulation Working from Home: Virtels Secure 3270 TE

Virtels Browser -Based 3270 Terminal Emulation Working from Home: Virtels Secure 3270 TE

Webinar Working from Home with Virtels Browser -Based 3270 Terminal Emulation Working from Home: Virtels Secure 3270 TE Limited Time Offer Shelter-in-place Plan Our Offer Everyone works from home Virtel Web Access = browser-based

219 views • 21 slides
Student Presentation WHO ARE TURBULENZ? US 1 A revolutionary new gaming platform based entirely

Student Presentation WHO ARE TURBULENZ? US 1 A revolutionary new gaming platform based entirely

Student Presentation WHO ARE TURBULENZ? US 1 A revolutionary new gaming platform based entirely in the browser. 2 One of the fastest growing gaming technology companies in the world. 2011 PUBLIC LAUNCH A new generation of browser games

434 views • 7 slides
Google Chrome The Invisible Browser Ben Goodger Tech Lead, User Interface Google Inc.

Google Chrome The Invisible Browser Ben Goodger Tech Lead, User Interface Google Inc.

Google Chrome The Invisible Browser Ben Goodger Tech Lead, User Interface Google Inc. Beginnings A new browser... a new opportunity A modern platform for web applications Objective: An Invisible Browser Deliver a transparent experience:

557 views • 9 slides
Secure Web Applications with AWA Stphane Carrez FOSDEM 2019 What is a Web Application

Secure Web Applications with AWA Stphane Carrez FOSDEM 2019 What is a Web Application

Secure Web Applications with AWA Stphane Carrez FOSDEM 2019 What is a Web Application Client server program with browser as client Examples: Gmail, Dropbox, Netflix, Zoho,... Server Server Database Client Front Back Browser End

1.09k views • 34 slides
SECURE ENTERPRISE MOBILITY CONTENT PLATFORM AGENDA About us Solution overview

SECURE ENTERPRISE MOBILITY CONTENT PLATFORM AGENDA About us Solution overview

ANY DEVICE ANY STORAGE ONE PLATFORM SECURE ENTERPRISE MOBILITY CONTENT PLATFORM AGENDA About us Solution overview Supported platforms Use cases Contacts ABOUT US ABOUT CLOUDFUZE CloudFuze Inc. Founded in 2012 Based in

655 views • 24 slides
Browser as Renderer W3C Paris, 2013 Adam Hyde Book Sprint Facilitator, Platform Designer

Browser as Renderer W3C Paris, 2013 Adam Hyde Book Sprint Facilitator, Platform Designer

Browser as Renderer W3C Paris, 2013 Adam Hyde Book Sprint Facilitator, Platform Designer www.adamhyde.net www.adamhyde.net Browser as Renderer www.adamhyde.net Browser as Renderer Book Sprints, zero to book in 3-5 days

225 views • 9 slides
A Secure Architecture for Untrusted Web Browser Plugins Achim Weimert SECT/TU-Berlin March 18,

A Secure Architecture for Untrusted Web Browser Plugins Achim Weimert SECT/TU-Berlin March 18,

A Secure Architecture for Untrusted Web Browser Plugins Achim Weimert SECT/TU-Berlin March 18, 2011 Achim Weimert (SECT/TU-Berlin) Web Browser Plugin Architecture March 18, 2011 1 / 21 Outline Introduction 1 Design 2 3 Implementation

424 views • 24 slides
Secure Data Sharing and Distribution Platform for Integrated Big Data Utilization - Handling all

Secure Data Sharing and Distribution Platform for Integrated Big Data Utilization - Handling all

Secure Data Sharing and Distribution Platform for Integrated Big Data Utilization Oct.2015-Mar.2021 funded by Japan Science and Technology Agency Secure Data Sharing and Distribution Platform for Integrated Big Data Utilization - Handling all

312 views • 17 slides
The Multi-Principal OS Construction of the Gazelle Web Browser Helen J. Wang, Chris Grier, Alex

The Multi-Principal OS Construction of the Gazelle Web Browser Helen J. Wang, Chris Grier, Alex

The Multi-Principal OS Construction of the Gazelle Web Browser Helen J. Wang, Chris Grier, Alex Moshchuk, Sam King, Piali Choudhury, Herman Venter Browser as an application platform Single stop for many computing needs banking,

850 views • 30 slides
Securing The Web Browser Keeping the Phish in the Sea What is Wrong With This? Where to Begin?

Securing The Web Browser Keeping the Phish in the Sea What is Wrong With This? Where to Begin?

Securing The Web Browser Keeping the Phish in the Sea What is Wrong With This? Where to Begin? Security indicator only in the content region Notice that it is used for personal data that should be secure No access to the location or

933 views • 21 slides
Web/Browser-Based Platform Theater - Scientific Sessions Poster Hall CoLabs Attendee Login

Web/Browser-Based Platform Theater - Scientific Sessions Poster Hall CoLabs Attendee Login

Web/Browser-Based Platform Theater - Scientific Sessions Poster Hall CoLabs Attendee Login Lobby Help Desk Games Resource Exhibit Hall Center Networking Lounge - group chats Lobby Environment ISSCR Example Exhibit Hall

500 views • 15 slides
Web Interface for Secure Decentralized Collaboration Platform Rehan Mulakhel EPFL 2017-06-21

Web Interface for Secure Decentralized Collaboration Platform Rehan Mulakhel EPFL 2017-06-21

Web Interface for Secure Decentralized Collaboration Platform Rehan Mulakhel EPFL 2017-06-21 Outline Introduction Architecture The tools used Issues Rights File System Future Work (http://shareaza.sourceforge.net/mediawiki/index.php/P2P

661 views • 21 slides
PLATFORM that adapts to your needs Technical documentation Designed in France, Whaller is a

PLATFORM that adapts to your needs Technical documentation Designed in France, Whaller is a

The secure collaborative PLATFORM that adapts to your needs Technical documentation Designed in France, Whaller is a simple, yet rich, collaborative solution that allows organizations to create their own secure, tailor-made social networks.

845 views • 38 slides
A Flight Delay Reporting and Analysis Platform Through Secure Information Sharing Guney Guner,

A Flight Delay Reporting and Analysis Platform Through Secure Information Sharing Guney Guner,

A Flight Delay Reporting and Analysis Platform Through Secure Information Sharing Guney Guner, Baris Baspinar, Emre Koyuncu , Gokhan Inalhan, Massimiliano Zanin, Vaishali Mirchandani, Alberto Enrich Gonzalez, Julio Cesar Triana Castillo,

808 views • 26 slides
Over the Edge: Silently Owning Windows 10's Secure Browser Erik Bosman , Kaveh Razavi, Herbert

Over the Edge: Silently Owning Windows 10's Secure Browser Erik Bosman , Kaveh Razavi, Herbert

Over the Edge: Silently Owning Windows 10's Secure Browser Erik Bosman , Kaveh Razavi, Herbert Bos and Cristiano Giu ff rida This presentation: Deduplication (software side-channel) 1 This presentation: Deduplication (software side-channel)

1.87k views • 129 slides
How Secure are Secure How Secure are Secure Interdomain Routing Protocols? Interdomain Routing

How Secure are Secure How Secure are Secure Interdomain Routing Protocols? Interdomain Routing

DIMACS Workshop On Secure Routing March 10, 2010 How Secure are Secure How Secure are Secure Interdomain Routing Protocols? Interdomain Routing Protocols? $ $ Sharon Goldberg Microsoft Research & Boston University y Michael Schapira

701 views • 54 slides
A Secure Data Enclave and Analytics Platform For Social Scientists Yadu N. Babuji, Kyle Chard,

A Secure Data Enclave and Analytics Platform For Social Scientists Yadu N. Babuji, Kyle Chard,

A Secure Data Enclave and Analytics Platform For Social Scientists Yadu N. Babuji, Kyle Chard, Aaron Gerow, & Eamon Duede Computation Institute, The University of Chicago and Argonne National Laboratory

473 views • 24 slides
ConScript Specifying and Enforcing Fine-Grained Security Policies for JavaScript in the Browser

ConScript Specifying and Enforcing Fine-Grained Security Policies for JavaScript in the Browser

ConScript Specifying and Enforcing Fine-Grained Security Policies for JavaScript in the Browser Leo Meyerovich Benjamin Livshits UC Berkeley Microsoft Research Web Programmability Platform openid.net yelp.com adsense.com Google maps 2

727 views • 41 slides

More recommend