Presentation is loading. Please wait.

Presentation is loading. Please wait.

Phu H. Phung Chalmers University of Technology JSTools’ 12 June 13, 2012, Beijing, China Joint work with Lieven Desmet (KU Leuven)

Published byLindsay Barber Modified over 9 years ago

Similar presentations

Presentation on theme: "Phu H. Phung Chalmers University of Technology JSTools’ 12 June 13, 2012, Beijing, China Joint work with Lieven Desmet (KU Leuven)"— Presentation transcript:

1 Phu H. Phung Chalmers University of Technology JSTools’ 12 June 13, 2012, Beijing, China Joint work with Lieven Desmet (KU Leuven)

2  External third-party JS code embedded to hosting pages, e.g., ads, widgets, analysis tools  Run with the same privilege of the hosting page  Security issues:  Malicious third-party code  Trusted third-party is compromised  Confidentiality, integrity, and other security risks 1

3  Server-side pre-processing of untrusted code to ensure the code is in a safe subset  Transformation, e.g. Caja, BrowserSheild  Code validation, e.g. Adsafe  Iframe isolation  e.g., Adjail, Webjail  Behavioral sandboxing  Browser modification, e.g. ConScript  Client-side security wrappers 2

4  Context  Overview of Self-Protecting JavaScript  Goals  Two-tier sandbox architecture  Technical approach  Validation  Summary and further work 3

5  Intercept JavaScript security- relevant actions with policies by wrappers  control or modify the bad behaviour  The method works since we only try to control built-in calls 4

6  Easy of deployment  No browser modification nor user installation  Non-invasive: no difficulties with dynamic- generated JavaScript code  Focus on code behavior, not code integrity  does not parse or transform the code  Can enforce application-specific, fine-grained policies at runtime, e.g.:  limit the number of popup to 3  Disallow send after cookie read 5

7 Self-Protecting JavaScript Code TRUSTED UNTRUSTED 6  No privilege distinguish between hosting code and external code Hosting code external code

8  Deploy SPJS in the context of untrusted JS  Load and execute untrusted code without pre- processing the code  No browser modification is required  Enforce modular and fined-grained, stateful security policies for a piece of untrusted code  Protect the hosting page from untrusted code  Robust to potential flaws in security policies  Bad written policies might not break security 7

9  Use Secure ECMAScript (SES) library developed by Google Caja team (Miller et al)  Load a piece of code to execute within an isolated environment ▪ The code can only interact with the outside world via a provided API 8 var api = {...}; //constructing var makeSandbox = cajaVM.compileModule(untrustedCodeSrc); var sandboxed = makeSandbox(api);

10  API implementation  Can enforce coarse-grained, generic policies, e.g.: ▪ Sanitize HTML ▪ Ensure complete mediation  More fine-grained policies are needed for multiple untrusted code  Modular, principal-specific, e.g.: script1 is allowed to read/write reg_A, script2 is allowed to read reg_A  Stafeful, e.g.: limit the number of popups to 3  Cross-principal stateful policies, e.g: after script1 write to reg_A, disallow access from script2 to reg_A 9

11 API/policy 2 API/policy 1 untrusted API/policy 3 untrusted API implementation is complex, difficult and error-prone to specify application-specific policy within API 10/40

12 11 var api = loadAPI(api_url); var outerSandbox = cajaVM.compileModule(policyCode); var enforcedAPI = outerSandbox(api); var innerSandbox = cajaVM.compileModule(untrustedCode); innerSandbox(enforcedAPI);

13 Sandbox running untrusted code, defined in a separate file e.g. `untrusted.js’ Sandbox running policy code, defined in a separate file e.g. `policy.js’ Base-line API implementation, in e.g. `api.js’ file JavaScript environment, e.g. the DOM The untrusted code can only access objects returned by the enforcement sandbox 12

14 Policy 2 Policy 1 untrusted Policy 3 untrusted Base-line API implementation, in e.g. `api.js’ file 13

15  Policy definition is constrained by the outer- sandbox  Even bad written policies can only access the API, not the real DOM  Whitelist (least-privilege) implementation approach  Only properties and objects defined in policies are available to the untrusted code ▪ Only define least-privilege policies to function 14

16  Load and run remote JS code  Server-side proxy + XMLHttpRequest  Base-line API implementation – complete mediation is essential  Proxy API in Harmony ECMAScript  Dynamic loaded code, e.g. document.write(‘ … ’), …  Load and execute the script in the same scope 15

17  The prototype implementation is validated by a number of JS widgets and a context- sensitive web ad  On-going work  In real applications, e.g., Google Maps, Google Analytics, jQuery  Ad networks – advertisement-specific behaviors 16

18  The two-tier sandbox architecture separates API implementation and policy definition  Load and execute a piece of untrusted code in a sandboxed environment controlled by fine- grained, stateful policy enforcement  Further work will focus on practical issues to deploy the architecture to real-world scenarios 17

19 The work is partial funded by the European FP7 project WebSand http://www.websand.euhttp://www.websand.eu This talk, i.e. the trip, is supported the Ericsson Research Foundation With the financial support from the Prevention of and Fight against Crime Programme of the European Union 18

20 19

Download ppt "Phu H. Phung Chalmers University of Technology JSTools’ 12 June 13, 2012, Beijing, China Joint work with Lieven Desmet (KU Leuven)"

Similar presentations

Presented by Vaibhav Rastogi. Current browsers try to separate host system from Web Websites evolved into web applications Lot of private data on the.

Presented by Vaibhav Rastogi. Current browsers try to separate host system from Web Websites evolved into web applications Lot of private data on the.
JavaScript FaaDoOEngineers.com FaaDoOEngineers.com.

JavaScript FaaDoOEngineers.com FaaDoOEngineers.com.
The Case for JavaScript Transactions Mohan Dhawan, Chung-chieh Shan, Vinod Ganapathy Department of Computer Science Rutgers University PLAS 2010.

The Case for JavaScript Transactions Mohan Dhawan, Chung-chieh Shan, Vinod Ganapathy Department of Computer Science Rutgers University PLAS 2010.
0 The Past, Present and Future of XSS Defense Jim Manico 2011 OWASP Brussels.

0 The Past, Present and Future of XSS Defense Jim Manico 2011 OWASP Brussels.
1 Yinzhi Cao, Zhichun Li *, Vaibhav Rastogi, Yan Chen, and Xitao Wen Labs of Internet Security and Technology Northwestern University * NEC Labs America.

1 Yinzhi Cao, Zhichun Li *, Vaibhav Rastogi, Yan Chen, and Xitao Wen Labs of Internet Security and Technology Northwestern University * NEC Labs America.
EXTENSIBILITY, SAFETY AND PERFORMANCE IN THE SPIN OPERATING SYSTEM B. Bershad, S. Savage, P. Pardyak, E. G. Sirer, D. Becker, M. Fiuczynski, C. Chambers,

EXTENSIBILITY, SAFETY AND PERFORMANCE IN THE SPIN OPERATING SYSTEM B. Bershad, S. Savage, P. Pardyak, E. G. Sirer, D. Becker, M. Fiuczynski, C. Chambers,
Presented by Vaibhav Rastogi.  Advent of Web 2.0 and Mashups  Inclusion of untrusted third party content a necessity  Need to restrict the functionality.

Presented by Vaibhav Rastogi.  Advent of Web 2.0 and Mashups  Inclusion of untrusted third party content a necessity  Need to restrict the functionality.
An Evaluation of the Google Chrome Extension Security Architecture

An Evaluation of the Google Chrome Extension Security Architecture
Mitigating Malware Collin Jackson CS142 – Winter 2009.

Mitigating Malware Collin Jackson CS142 – Winter 2009.
Mashup Security by Compilation Tamara Rezk These slides discuss joint work with Zhengqin Luo and Jose Santos February 22 nd, 2013.

Mashup Security by Compilation Tamara Rezk These slides discuss joint work with Zhengqin Luo and Jose Santos February 22 nd, 2013.
The Most Dangerous Code in the Browser Stefan Heule, Devon Rifkin, Alejandro Russo, Deian Stefan Stanford University, Chalmers University of Technology.

The Most Dangerous Code in the Browser Stefan Heule, Devon Rifkin, Alejandro Russo, Deian Stefan Stanford University, Chalmers University of Technology.
IS 360 Course Introduction. Slide 2 What you will Learn (1) The role of Web servers and clients How to create HTML, XHTML, and HTML 5 pages suitable for.

IS 360 Course Introduction. Slide 2 What you will Learn (1) The role of Web servers and clients How to create HTML, XHTML, and HTML 5 pages suitable for.
A problem in IMS Learning Design To promote interoperability, few services Local tool frameworks like LAMS have much richer tool environment –Easy provisioning.

A problem in IMS Learning Design To promote interoperability, few services Local tool frameworks like LAMS have much richer tool environment –Easy provisioning.
CMSC 414 Computer and Network Security Lecture 13 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 13 Jonathan Katz.
Computer Security and Penetration Testing

Computer Security and Penetration Testing
1 Java Server Pages Can web pages be created specially for each user? What part does Java play?

1 Java Server Pages Can web pages be created specially for each user? What part does Java play?
Frame isolation and the same origin policy Collin Jackson CS 142 Winter 2009.

Frame isolation and the same origin policy Collin Jackson CS 142 Winter 2009.
1 Subspace: Secure Cross Domain Communication for Web Mashups Collin Jackson and Helen J. Wang Mamadou H. Diallo.

1 Subspace: Secure Cross Domain Communication for Web Mashups Collin Jackson and Helen J. Wang Mamadou H. Diallo.
Subspace: Secure Cross-Domain Communication for Web Mashups Collin Jackson Stanford University Helen J. Wang Microsoft Research ACM WWW, May, 2007 Presenter:

Subspace: Secure Cross-Domain Communication for Web Mashups Collin Jackson Stanford University Helen J. Wang Microsoft Research ACM WWW, May, 2007 Presenter:
Subspace: Secure Cross-Domain Communication for Web Mashups In Proceedings of the 16th International World Wide Web Conference. (WWW), 2007 Collin Jackson,

Subspace: Secure Cross-Domain Communication for Web Mashups In Proceedings of the 16th International World Wide Web Conference. (WWW), 2007 Collin Jackson,

Similar presentations

Ads by Google