secure cooperative sharing of javascript browser and physical resources l.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Secure Cooperative Sharing of JavaScript, Browser, and Physical Resources PowerPoint Presentation
Download Presentation
Secure Cooperative Sharing of JavaScript, Browser, and Physical Resources

Loading in 2 Seconds...

play fullscreen
1 / 22

Secure Cooperative Sharing of JavaScript, Browser, and Physical Resources - PowerPoint PPT Presentation


  • 119 Views
  • Uploaded on

Secure Cooperative Sharing of JavaScript, Browser, and Physical Resources. Leo Meyerovich , David Zhu. Benjamin Livshits. UC Berkeley. Web Application Security. l ipstick on a pig?. Not Your Mother’s Browser. browser kernels. JIT compilers. p artitioned hardware. Mashup Manifesto.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Secure Cooperative Sharing of JavaScript, Browser, and Physical Resources' - taryn


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
secure cooperative sharing of javascript browser and physical resources

Secure Cooperative Sharing of JavaScript, Browser, and Physical Resources

Leo Meyerovich, David Zhu

Benjamin Livshits

UC Berkeley

slide2

Web Application Security

lipstick on a pig?

not your mother s browser
Not Your Mother’s Browser

browser kernels

JIT compilers

partitioned hardware

mashup manifesto
Mashup Manifesto

sharing requires control

sharing must be natural

sharing must be cheap

what to share
What to Share?

Hardware

disk

Browser APIs

parser, DOM, network, ...

JavaScript

slide6

<CoFramesrc=http://gadget.com/page id=gadget

passthroughBrowser="html cssjs"

3. delegatePhysical=".1 cpu"/> ...

4. var toggle = true;

5. delegateBrowser(“network”, gadget, "http://gadget.com",

6. function () { if (toggle) return true; });

7. function getData() {

8. toggle = false;

9. return "profile data"; }

10. aroundJS(gadget, getData,

11. function proceed (continue) { return continue(); });

js sharing with cross principal advice
JS Sharing with Cross-Principal Advice

Alice

Bob

Function.prototype

__proto__

function getData

js sharing with cross principal advice8
JS Sharing with Cross-Principal Advice

Alice

Bob

Function.prototype

__proto__

function getData

js sharing with cross principal advice9
JS Sharing with Cross-Principal Advice

Alice

Bob

Messages

execute

set fldval

get fld

addFieldfldvalremoveFieldfld

Function.prototype

__proto__

function getData

execute

set, get, …

function proceed (continue) { return continue(); }

function proceed

function defaultDeny

function defaultDeny (continue) { throw ‘err’ }

js sharing with cross principal advice10
JS Sharing with Cross-Principal Advice

Alice

Bob

Messages

execute

set fldval

get fld

addFieldfldvalremoveFieldfld

Function.prototype

__proto__

function getData

execute

, get

set, …

function proceed

function defaultDeny

js sharing with cross principal advice11
JS Sharing with Cross-Principal Advice

Alice

Bob

set, …

Messages

execute

set fldval

get fld

addFieldfldvalremoveFieldfld

Function.prototype

execute, set, get, addField, removeField

__proto__

function getData

execute

, get

set, …

function proceed

function defaultDeny

Cornelia

browser api sharing with non tampering advice
Browser API Sharing with Non-Tampering Advice

browser

facebook.com

gadget.com

delegation: non-tampering advice

facebook.com

delegateBrowser(“network”, gadget, "http://gadget.com",

function () { if (toggle) return true; });

parser, DOM, CSS, ...

gadget.com

physical resource sharing with tessellationos
Physical Resource Sharing with TessellationOS

disk

render

render

render

layout

layout

layout

mashup manifesto14
Mashup Manifesto

sharing requires control

sharing must be natural

control must be cheap

related work
Related Work

JavaScript Sharing Caja

MashupOS

Object Views

ConScript

  • Browser API Sharing OP Browser
  • ConScript
  • ServiceOS
  • Physical Resource Sharing Resource Containers
    • E
    • Gazelle
    • TessellationOS
    • Chrome
sharing browser apis today
Sharing Browser APIs: Today

Facebook.com

advice

DOM (FFI)

sharing browser apis tomorrow
Sharing Browser APIs: Tomorrow

Facebook.com

advice

DOM (FFI)

browser kernel

slide20

BROWSER

container.com

gadget.com

slide21

gadget

fork bomb!!!

YouTube

policy?

BROWSER

container.com

gadget.com

gadget.com

slide22

A New Hope

BROWSER

container.com

gadget.com

gadget.com