Secure Cooperative Sharing of JavaScript, Browser, and Physical Resources
description
Transcript of Secure Cooperative Sharing of JavaScript, Browser, and Physical Resources
![Page 1: Secure Cooperative Sharing of JavaScript, Browser, and Physical Resources](https://reader036.fdocuments.net/reader036/viewer/2022062310/56816387550346895dd47538/html5/thumbnails/1.jpg)
Secure Cooperative Sharing of JavaScript, Browser, and Physical Resources
Benjamin Livshits
UC Berkeley
Leo Meyerovich, David Zhu
![Page 2: Secure Cooperative Sharing of JavaScript, Browser, and Physical Resources](https://reader036.fdocuments.net/reader036/viewer/2022062310/56816387550346895dd47538/html5/thumbnails/2.jpg)
Web Application Security
lipstick on a pig?
![Page 3: Secure Cooperative Sharing of JavaScript, Browser, and Physical Resources](https://reader036.fdocuments.net/reader036/viewer/2022062310/56816387550346895dd47538/html5/thumbnails/3.jpg)
JIT compilers
partitioned hardware
Not Your Mother’s Browserbrowser kernels
disk
jsvm, network, ...
![Page 4: Secure Cooperative Sharing of JavaScript, Browser, and Physical Resources](https://reader036.fdocuments.net/reader036/viewer/2022062310/56816387550346895dd47538/html5/thumbnails/4.jpg)
Mashup Manifesto1. sharing requires control
2. sharing must be natural
3. sharing must be cheap
![Page 5: Secure Cooperative Sharing of JavaScript, Browser, and Physical Resources](https://reader036.fdocuments.net/reader036/viewer/2022062310/56816387550346895dd47538/html5/thumbnails/5.jpg)
1. <CoFrame src=http://gadget.com/page id=gadget 2. passthroughBrowser="html css js" 3. delegatePhysical=".1 cpu"/> ...4. var toggle = true; 5. delegateBrowser(“network”, gadget, "http://gadget.com", 6. function () { if (!toggle) throw ‘exn!’; }); 7. function getData() { 8. toggle = false; 9. return "profile data"; } 10. gadget.getData = getData; 11. aroundJS(gadget, getData, “execute”, 12. function proceed (continue) { return continue(); });
![Page 6: Secure Cooperative Sharing of JavaScript, Browser, and Physical Resources](https://reader036.fdocuments.net/reader036/viewer/2022062310/56816387550346895dd47538/html5/thumbnails/6.jpg)
JS Sharing with Cross-Principal Advice
function getData
Function.prototype
Alice Bob
__proto__
![Page 7: Secure Cooperative Sharing of JavaScript, Browser, and Physical Resources](https://reader036.fdocuments.net/reader036/viewer/2022062310/56816387550346895dd47538/html5/thumbnails/7.jpg)
JS Sharing with Cross-Principal Advice
function getData
Function.prototype
__proto__
Alice Bob
![Page 8: Secure Cooperative Sharing of JavaScript, Browser, and Physical Resources](https://reader036.fdocuments.net/reader036/viewer/2022062310/56816387550346895dd47538/html5/thumbnails/8.jpg)
JS Sharing with Cross-Principal Advice
function getData
Function.prototype
__proto__
function proceed
execute
function defaultDeny
Messagesexecuteset fld val get fldaddField fld valremoveField fld
Alice Bob
set, get, …aroundJS(Bob, getData, “execute”, function proceed (continue) { return continue(); })
function defaultDeny (continue) { throw ‘err’ }
![Page 9: Secure Cooperative Sharing of JavaScript, Browser, and Physical Resources](https://reader036.fdocuments.net/reader036/viewer/2022062310/56816387550346895dd47538/html5/thumbnails/9.jpg)
JS Sharing with Cross-Principal Advice
function getData
Function.prototype
__proto__
function proceed
execute
function defaultDeny
Messagesexecuteset fld val get fldaddField fld valremoveField fld
Alice Bob
set, …, get
![Page 10: Secure Cooperative Sharing of JavaScript, Browser, and Physical Resources](https://reader036.fdocuments.net/reader036/viewer/2022062310/56816387550346895dd47538/html5/thumbnails/10.jpg)
JS Sharing with Cross-Principal Advice
function getData
Function.prototype
__proto__
function proceed
execute
function defaultDeny
Messagesexecuteset fld val get fldaddField fld valremoveField fld
Alice Bob
execute, set, get, addField, removeField
set, …, get
Cornelia
set, …
![Page 11: Secure Cooperative Sharing of JavaScript, Browser, and Physical Resources](https://reader036.fdocuments.net/reader036/viewer/2022062310/56816387550346895dd47538/html5/thumbnails/11.jpg)
browser
Browser API Sharing with Non-Tampering Advice
facebook.com
gadget.com
gadget.com
delegateBrowser(“network”, gadget, "http://gadget.com", function () { if (!toggle) throw ‘exn!’; });
delegation: non-tampering advicefacebook.com
parser, DOM, CSS, ...
![Page 12: Secure Cooperative Sharing of JavaScript, Browser, and Physical Resources](https://reader036.fdocuments.net/reader036/viewer/2022062310/56816387550346895dd47538/html5/thumbnails/12.jpg)
Physical Resource Sharing with ROS
disk
layout
render
layout
render
layout
render
… … …
![Page 13: Secure Cooperative Sharing of JavaScript, Browser, and Physical Resources](https://reader036.fdocuments.net/reader036/viewer/2022062310/56816387550346895dd47538/html5/thumbnails/13.jpg)
Conclusion
• Abstractions for sharing browser, physical, and JavaScript resources
• Use the browser, OS/hardware, and language runtime
![Page 14: Secure Cooperative Sharing of JavaScript, Browser, and Physical Resources](https://reader036.fdocuments.net/reader036/viewer/2022062310/56816387550346895dd47538/html5/thumbnails/14.jpg)
Mashup Manifesto1. sharing requires control
2. sharing must be natural
3. control must be cheap
![Page 15: Secure Cooperative Sharing of JavaScript, Browser, and Physical Resources](https://reader036.fdocuments.net/reader036/viewer/2022062310/56816387550346895dd47538/html5/thumbnails/15.jpg)
Related Work
Physical Resource Sharing Resource Containers E Gazelle TessellationOS Chrome
JavaScript Sharing Caja MashupOS Object Views ConScript
Browser API Sharing OP Browser ConScript ServiceOS
![Page 16: Secure Cooperative Sharing of JavaScript, Browser, and Physical Resources](https://reader036.fdocuments.net/reader036/viewer/2022062310/56816387550346895dd47538/html5/thumbnails/16.jpg)
backup slides.
![Page 17: Secure Cooperative Sharing of JavaScript, Browser, and Physical Resources](https://reader036.fdocuments.net/reader036/viewer/2022062310/56816387550346895dd47538/html5/thumbnails/17.jpg)
![Page 18: Secure Cooperative Sharing of JavaScript, Browser, and Physical Resources](https://reader036.fdocuments.net/reader036/viewer/2022062310/56816387550346895dd47538/html5/thumbnails/18.jpg)
Sharing Browser APIs: Today
Facebook.comadvice
DOM (FFI)
![Page 19: Secure Cooperative Sharing of JavaScript, Browser, and Physical Resources](https://reader036.fdocuments.net/reader036/viewer/2022062310/56816387550346895dd47538/html5/thumbnails/19.jpg)
Sharing Browser APIs: Tomorrow
Facebook.com
DOM (FFI)
advice
browser
kernel
![Page 20: Secure Cooperative Sharing of JavaScript, Browser, and Physical Resources](https://reader036.fdocuments.net/reader036/viewer/2022062310/56816387550346895dd47538/html5/thumbnails/20.jpg)
The Times They Are A-Changin’method-based JIT
trace-based compilationstatic compilation
GPU rendering
parser generator
parallel layout
multicore CSS selectors
parallel parsing
hardware partitioning
hypervisor, microkernel,
browser JIT (C#, X86, …)
browser kernel
solver generator
![Page 21: Secure Cooperative Sharing of JavaScript, Browser, and Physical Resources](https://reader036.fdocuments.net/reader036/viewer/2022062310/56816387550346895dd47538/html5/thumbnails/21.jpg)
container.com
gadget.com
BROWSER
![Page 22: Secure Cooperative Sharing of JavaScript, Browser, and Physical Resources](https://reader036.fdocuments.net/reader036/viewer/2022062310/56816387550346895dd47538/html5/thumbnails/22.jpg)
container.com
gadget.com
gadget.com
BROWSER
gadgetfork
bomb!!!
YouTubepolicy?
![Page 23: Secure Cooperative Sharing of JavaScript, Browser, and Physical Resources](https://reader036.fdocuments.net/reader036/viewer/2022062310/56816387550346895dd47538/html5/thumbnails/23.jpg)
container.com
gadget.com
gadget.com
BROWSER
A New Hope