cross origin javascript capability leaks detection exploitation and defense
Download
Skip this Video
Download Presentation
Cross-Origin JavaScript Capability Leaks: Detection, Exploitation and Defense

Loading in 2 Seconds...

play fullscreen
1 / 18

Cross-Origin JavaScript Capability Leaks: Detection, Exploitation and Defense - PowerPoint PPT Presentation


  • 111 Views
  • Uploaded on

Cross-Origin JavaScript Capability Leaks: Detection, Exploitation and Defense. By Adam Barth, Joel Weinberger and Dawn Song. Overview. Current JavaScript Security Model Cross-Origin JavaScript Capability Leaks Capability Leak Detection Browser Defense Mechanism. The DOM and Access Control.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Cross-Origin JavaScript Capability Leaks: Detection, Exploitation and Defense' - cadee


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
cross origin javascript capability leaks detection exploitation and defense

Cross-Origin JavaScript Capability Leaks: Detection, Exploitation and Defense

By Adam Barth, Joel Weinberger and Dawn Song

overview
Overview
  • Current JavaScript Security Model
  • Cross-Origin JavaScript Capability Leaks
  • Capability Leak Detection
  • Browser Defense Mechanism
dom vs js engine
DOM vs JS Engine
  • The DOM provides an access control layer
  • The JavaScript engine treats objects as capabilities
overview1
Overview
  • Current JavaScript Security Model
  • Cross-Origin JavaScript Capability Leaks
  • Capability Leak Detection
  • Browser Defense Mechanism
overview2
Overview
  • Current JavaScript Security Model
  • Cross-Origin JavaScript Capability Leaks
  • Capability Leak Detection
  • Browser Defense Mechanism
instrumentation
Instrumentation
  • In the JavaScript Engine object system
  • Object creation, destruction and reference
  • Calls into analysis library
overview3
Overview
  • Current JavaScript Security Model
  • Cross-Origin JavaScript Capability Leaks
  • Capability Leak Detection
  • Browser Defense Mechanism
conclusion
Conclusion
  • Heap Graph Analysis can be used to find vulnerabilities in web browser
  • Web Browser can provide mechanism to eliminate these vulnerabilities
  • Heap Graph Tool and Access Control Prototype for WebKit:
ad