1 / 36

Live Labs Web Sandbox: Securing Mash-Ups, Site Extensibility, And Gadgets

TL29. Live Labs Web Sandbox: Securing Mash-Ups, Site Extensibility, And Gadgets.  Scott Isaacs Software Architect Microsoft Corporation.  Dragos Manolescu Program Manager Microsoft Corporation. Agenda. Web security – overview and history Introducing the Web Sandbox

lorne
Download Presentation

Live Labs Web Sandbox: Securing Mash-Ups, Site Extensibility, And Gadgets

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. TL29 Live Labs Web Sandbox: Securing Mash-Ups, Site Extensibility, And Gadgets  Scott Isaacs Software Architect Microsoft Corporation  Dragos Manolescu Program Manager Microsoft Corporation

  2. Agenda • Web security – overview and history • Introducing the Web Sandbox • Kicking the tires • Getting involved • and lots of demos

  3. How The Web Works <div id="sitemeter" class="plain"> <!--WEBBOT bot="HTMLMarkup" startspan ALT="Site Meter" --> <script type="text/javascript" language="JavaScript">var site="s15gizmodo"</script> <script type="text/javascript" language="JavaScript1.2" src="http://s15.sitemeter.com/js/counter.js?site=s15gizmodo"> </script>

  4. Failure Should Not Be An Option

  5. announcing Web SandboxA Tech Preview

  6. History • Technology dates back to the 90s • Started with hit counters (images) • Transition to affiliate programs • Web 2.0 mash-ups: low-cost innovation • Sites want to become “platforms” • All suffer the same fate

  7. A Scary Problem • Mashing up third-party content • What does this mean for the site? • What does this mean for the user? • but everyone wants a “partner” • A challenging environment • Only as reliable as the weakest link • Users pay the cost

  8. This is one of the most damaging problems on the Web – security expert RSnake

  9. State Of The Art (Before Today) • Ignore the problem • IFrame the problem • Too much isolation without security • Redirects, installers, history, clickjacking, etc • First Generation Solutions (FBJS…) • A new programming model • None address Quality of Service (QoS)

  10. Where Do We Need To Go? • Think outside the box – literally • Beyond gadgets • Site extensibility • Componentization model • Richer advertising • Control the trust model • Protect the overall experience

  11. The Opportunity • Goal: Secure Web 2.0 • Industry-wide focus • ECMA Security Working Group • AdSafe, Caja… • Work together to define the standard • Enter the Live Labs Web Sandbox

  12. demo Web Sandbox 101

  13. No IFrames were abused…

  14. Architecture 101 – The Big Picture Trusted Host Requested Content(untrusted) Virtual Machine Sandboxed Execution Sandboxed Execution TransformationPipeline Untrusted Content Virtualized Code

  15. The Browser Challenge • Support for all modern browsers • No browser extensions required • Provides cross-browser consistency • Why not develop a plug-in? • Users must not opt-into security • Ubiquity versus deployment

  16. The Philosophy • Change function: Success= Customer Pain Total Perceived Pain of Adoption • Use the materials in the room • No new APIs or language • No gadget SDK required

  17. demo Web Sandbox 201

  18. Going Beyond Security • Standards – based • JavaScript “good” and “bad” parts • Processing Model • Automatic multi-instancing • Code throttling • QoS monitoring

  19. demo Web Sandbox:Graduation

  20. Why Is QoS Hard? • Lack of isolation • Increased surface area • Testing challenges • Unintentional conflicts • No feedback loop • Single point of failure

  21. demo Grad School:Infinite Is A Big Number…

  22. The Fine Print • Goal: Support 99% of the language • Work in progress • HTML must be well-formed • document.write • JavaScript with statement • XML Proxy is not yet enabled • Dynamic loading of external scripts • Silverlight and Flash Support

  23. The Finer Print • Trade-offs • Performance: 1.5 – 4x • Intermediate transformation step • More difficult debugging (?debug=true flag) • The 1%: API Limitations • No arbitrary code “eval”uation • Addressable with native support

  24. demo Privacy:It’s My History

  25. Architecture 101 – The Big Picture Trusted Host Requested Content(untrusted) Virtual Machine Sandboxed Execution Sandboxed Execution TransformationPipeline Untrusted Content Virtualized Code

  26. Transformation Pipeline Ready to Run! Untrusted Content HTML to JSON CSS to JSON Transform all Scripts Package With Script

  27. Sandbox Execution Ready to Run! Sandbox Instance Sandbox Instance Sandbox Instance Code Invocations Monitor QoS Interception Layer Type and Apply Rule

  28. demo We Rule!

  29. Runtime Communication Trusted Host Requested Content(untrusted) Runtime Virtual Machine Sandboxed Execution Sandboxed Execution TransformationPipeline Untrusted Content Virtualized Code

  30. Easy Hosting <div id="putContentHere"></div><script src="websandbox.js"></script><!-- Use Server Transform --><script src="http://websandbox-code.org/transform.aspx?url=UrlToUntrustedCode&guid=ContentID"></script> <script> // Create a Sandbox instancevarsb = new $Sandbox(document.getElementById("putContentHere"), $Policy.Gadget, "ContentID") sb.initialize(); </script>

  31. demo Web Sandbox: DIY

  32. Getting Involved • An Open Project • http://websandbox.livelabs.com • Interactive Documentation • Playground and Samples • Hack us! Break us! Make us feel pain • Community Forums • We want all feedback • Public Full Disclosure Forum • Join us in defining the standard

  33. Evals & Recordings Please fill out your evaluation for this session at: This session will be available as a recording at: www.microsoftpdc.com

  34. Q&A Please use the microphones provided

  35. © 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

More Related