Object Capability Security
Rafael Ferreira
Macro
Ambient
Document
Document
Macro
AmbientAddressbook
Document
Macro
AmbientAddressbook
Farm Wars
Mafia Ville
Farm Wars
Mafia Ville
Ambient
Farm Wars
Mafia Ville
Ambient
Untrusted
Ambient
Untrusted
AmbientX
Untrusted
Ambient
Sandbox
Untrusted
Ambient
Sandbox
Untrusted
Ambient
Sandbox
Untrusted
AmbientX
Untrusted
OBJECTS
How do objectsMeet?
var Creature = function () {...}
var TheCreator = { make: function() { var creature = new Creature }}
Parenthood
var Creature = function () {...}
var TheCreator = { make: function() { var creature = new Creature }}
make: function() { var reference = ... var newObject = { ... var copy = reference } }
Endowment
make: function() { var reference = ... var newObject = { ... var copy = reference } }
meet: function() { var someObject = ... var otherObject = ... someObject.doSomething(otherObject)}
Introduction
meet: function() { var someObject = ... var otherObject = ... someObject.doSomething(otherObject)}
this.reference = window .document .getElementById("farmWarsDiv")
Ambient
this.reference = window .document .getElementById("farmWarsDiv")
Ambient
this.reference = window .document .getElementById("farmWarsDiv")
X
Only connectivity begets connectivity
Document
Macro
AmbientAddressbook
Document
Addressbook
Text Editor
Document
Macro
Addressbook
Text Editor
Document
Macro
Addressbook
Text Editor
Object Capability
· Memory Safety· No global actions· No magic objects· Encapsulation
The reference graph is the access graph
Farm Wars
Mafia Ville
Ambient
Hostpage
<div>
WidgetArea
Hostpage
<div>
WidgetArea Mafia
Ville
Hostpage
<div>
WidgetArea Mafia
Ville
Hostpage
<div>
WidgetArea Mafia
Ville
<div>
Farm Wars
WidgetArea
Object Capability
· Memory Safety· No global actions· No magic objects· Encapsulation
Object Capability
· Memory Safety· No global actions· No magic objects· Encapsulation
Javascript
Google Caja
Javascript
Secure Javascript
EcmaScript.Next
Still Unsafe
EcmaScript.Next
Still Unsafe
Can be secured
EcmaScript.Next
· “use strict;”
· Object.freeze
· Module System· Safe Eval
· Proxies
Caretaker
= { updateStatus: function(message)}
StatusUpdater
Caretaker
Hostpage
StatusUpdater
Widget
Caretaker
Hostpage Widget
StatusUpdater Proxy
Caretaker
Hostpage Widget
StatusUpdater Proxy
Gate
obrigado
@rafaeldff