a secure architecture for untrusted web browser plugins
play

A Secure Architecture for Untrusted Web Browser Plugins Achim - PowerPoint PPT Presentation

Dec 17, 2023 •171 likes •424 views

A Secure Architecture for Untrusted Web Browser Plugins Achim Weimert SECT/TU-Berlin March 18, 2011 Achim Weimert (SECT/TU-Berlin) Web Browser Plugin Architecture March 18, 2011 1 / 21 Outline Introduction 1 Design 2 3 Implementation

  1. A Secure Architecture for Untrusted Web Browser Plugins Achim Weimert SECT/TU-Berlin March 18, 2011 Achim Weimert (SECT/TU-Berlin) Web Browser Plugin Architecture March 18, 2011 1 / 21

  2. Outline Introduction 1 Design 2 3 Implementation Evaluation 4 Demo 5 Achim Weimert (SECT/TU-Berlin) Web Browser Plugin Architecture March 18, 2011 2 / 21

  3. Introduction Web browser: ◮ Display web page ◮ Execute JavaScript Achim Weimert (SECT/TU-Berlin) Web Browser Plugin Architecture March 18, 2011 3 / 21

  4. Introduction Web browser: ◮ Display web page ◮ Execute JavaScript Plugins: ◮ Extend browser functionality ◮ Provided by third-party ◮ Executed in browser context ◮ Netscape Plugin API (NPAPI) Achim Weimert (SECT/TU-Berlin) Web Browser Plugin Architecture March 18, 2011 3 / 21

  5. Browser Vulnerabilities Plugins to attack web browser Availability Integrity Confidentiality Achim Weimert (SECT/TU-Berlin) Web Browser Plugin Architecture March 18, 2011 4 / 21

  6. Browser Vulnerabilities Plugins to attack web browser Availability Integrity Confidentiality Threat model Attacker controls web page, plugin Trusted OS, browser, user Achim Weimert (SECT/TU-Berlin) Web Browser Plugin Architecture March 18, 2011 4 / 21

  7. Goal Create architecture that... allows for multi-media plugins ◮ low latency ◮ high data throughput ◮ low computation overhead ◮ multiple event sources ◮ threading ◮ prioritization prevents attacks on browser security Achim Weimert (SECT/TU-Berlin) Web Browser Plugin Architecture March 18, 2011 5 / 21

  8. Design Achim Weimert (SECT/TU-Berlin) Web Browser Plugin Architecture March 18, 2011 6 / 21

  9. Design Design... ... an interface Checkable information flow ... an architecture Provide interface Enforce interface Facilitate multi-media plugins Overview Execution model, host-client interaction, threading library Achim Weimert (SECT/TU-Berlin) Web Browser Plugin Architecture March 18, 2011 7 / 21

  10. Execution Model Virtual CPU model (vCPU) Resembles physical CPU Sequential execution model Control flow diversion on events Allows for user level threads Allows for synchronization Achim Weimert (SECT/TU-Berlin) Web Browser Plugin Architecture March 18, 2011 8 / 21

  11. Execution Model Virtual CPU model (vCPU) Resembles physical CPU Sequential execution model Control flow diversion on events Allows for user level threads Allows for synchronization Host-Client Interaction System calls Events Achim Weimert (SECT/TU-Berlin) Web Browser Plugin Architecture March 18, 2011 8 / 21

  12. Client Threading Library Multi-threading: ◮ preemption ◮ scheduling ◮ prioritization of events and threads ◮ synchronization Dynamic memory Achim Weimert (SECT/TU-Berlin) Web Browser Plugin Architecture March 18, 2011 9 / 21

  13. Implementation Achim Weimert (SECT/TU-Berlin) Web Browser Plugin Architecture March 18, 2011 10 / 21

  14. Implementation Tools Ubuntu Linux 9.10 (64bit) C++ / Assembly Implementation separate from the browser Sandboxing vCPU Preemption Thread priorities Event priorities Synchronization System calls User level resume Achim Weimert (SECT/TU-Berlin) Web Browser Plugin Architecture March 18, 2011 11 / 21

  15. vCPU System Calls Host waits for client changes using waitpid Segmentation fault at specific address Manipulation of client using ptrace Implemented System Calls exit / sleep / resume / deliver event / get data / display Achim Weimert (SECT/TU-Berlin) Web Browser Plugin Architecture March 18, 2011 12 / 21

  16. User Level Resume Resume client state without system call high usage of syscall resume repeated switching to host user level implementation ◮ high performance ◮ RET instruction Achim Weimert (SECT/TU-Berlin) Web Browser Plugin Architecture March 18, 2011 13 / 21

  17. Evaluation Achim Weimert (SECT/TU-Berlin) Web Browser Plugin Architecture March 18, 2011 14 / 21

  18. Evaluation System Call Roundtrip clock cycles per call time per call relation vCPU ( syscall null ) 37 , 702 ticks ≈ 35 . 671 µs 100 % native (getpid) 248 ticks ≈ 0 . 234 µs 1 % Achim Weimert (SECT/TU-Berlin) Web Browser Plugin Architecture March 18, 2011 15 / 21

  19. Evaluation cont. Context Switch configuration time per switch relation 1 user level resume ≈ 1 . 0 µs 100 % vCPU 2 syscall resume ≈ 16 . 5 µs 1 , 732 % 3 shared addr. ( clone ) ≈ 2 . 3 µs 237 % 300 % 4 native separate addr. (fork) ≈ 2 . 9 µs 5 separate addr. (clone) ≈ 2 . 9 µs 300 % Achim Weimert (SECT/TU-Berlin) Web Browser Plugin Architecture March 18, 2011 16 / 21

  20. Evaluation cont. Computation Overhead time relation vCPU 13,733 ms 100 . 0 % native 13,643 ms 99 . 3 % Achim Weimert (SECT/TU-Berlin) Web Browser Plugin Architecture March 18, 2011 17 / 21

  21. Evaluation cont. Event Latency 10000 Latency of events with parallel data event handling threads 8000 Latency in CPU clock cycles 6000 4000 2000 0 1 2 3 4 5 6 Number of parallel data event handling threads Figure: Latency of events: increasing number of data event handling threads Achim Weimert (SECT/TU-Berlin) Web Browser Plugin Architecture March 18, 2011 18 / 21

  22. Evaluation cont. Event Latency with parallel events 2.5e+06 Average event latency for HIGH priority handling (1) Average event latency for EQUAL priority handling (2) 2e+06 Average CPU cycles per 100 events 1.5e+06 1e+06 500000 0 0 1 2 3 4 5 Number of parallel data event handling threads Figure: Latency of data events: increasing number of data event handling threads Achim Weimert (SECT/TU-Berlin) Web Browser Plugin Architecture March 18, 2011 19 / 21

  23. FFmpeg Demo Achim Weimert (SECT/TU-Berlin) Web Browser Plugin Architecture March 18, 2011 20 / 21

  24. Q & A Thank you! Questions? Achim Weimert (SECT/TU-Berlin) Web Browser Plugin Architecture March 18, 2011 21 / 21

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

jVPFS: Adding Robustness to a Secure Stacked File System with Untrusted Local Storage Components

jVPFS: Adding Robustness to a Secure Stacked File System with Untrusted Local Storage Components

Department of Computer Science Institute of Systems Architecture, Operating Systems Group jVPFS: Adding Robustness to a Secure Stacked File System with Untrusted Local Storage Components Carsten Weinhold, Hermann Hrtig INTRODUCTION

429 views • 21 slides
Session 1 Session 1 Tool Time Tuesday Tool Time Tuesday Bandwidth, Browser Plugins, WebEx &

Session 1 Session 1 Tool Time Tuesday Tool Time Tuesday Bandwidth, Browser Plugins, WebEx &

Session 1 Session 1 Tool Time Tuesday Tool Time Tuesday Bandwidth, Browser Plugins, WebEx & Skype Guides Bandwidth, Browser Plugins, WebEx & Skype Guides Hello! Hello! Laurissa Gann, MSLS, AHIP Lesli Moore, MLS Research Medical

250 views • 14 slides
ISOLATION DEFENSES GRAD SEC OCT 03 2017 ISOLATION Running untrusted code in a trusted

ISOLATION DEFENSES GRAD SEC OCT 03 2017 ISOLATION Running untrusted code in a trusted

ISOLATION DEFENSES GRAD SEC OCT 03 2017 ISOLATION Running untrusted code in a trusted environment Possibly with multiple tenants Setting OS: users / processes Browser: webpages / browser extensions Cloud: virtual machines (VMs)

272 views • 25 slides
InkTag: Secure Applications on an Untrusted Operating System Paper from The University of Texas

InkTag: Secure Applications on an Untrusted Operating System Paper from The University of Texas

InkTag: Secure Applications on an Untrusted Operating System Paper from The University of Texas at Austin by: Owen S. Hofmann, Kim Sangmann, Alan M. Dunn, Michael Z. Lee, and Emmett Witchel Presented by: Kyle May and Carson Boden Outline

680 views • 26 slides
Router Plugins (Formerly Crossbow) A Software Architecture for Next Generation Routers John

Router Plugins (Formerly Crossbow) A Software Architecture for Next Generation Routers John

Router Plugins (Formerly Crossbow) A Software Architecture for Next Generation Routers John DeHart jdd@arl.wustl.edu Washington January 9, 2001 Router Plugins (Crossbow) 1 WASHINGTON UNIVERSITY IN ST LOUIS Agenda 9:00 - 9:20

551 views • 13 slides
A Secure Softw are A Secure Softw are Architecture Architecture Description Language

A Secure Softw are A Secure Softw are Architecture Architecture Description Language

A Secure Softw are A Secure Softw are Architecture Architecture Description Language Description Language Jie Ren, Richard N. Taylor Department of Informatics University of California, Irvine Software Security Assurance Tools, Techniques,

354 views • 22 slides
Pipelight Windows browser plugins on Linux Michael Mller Sebastian Lackner Erich E. Hoover

Pipelight Windows browser plugins on Linux Michael Mller Sebastian Lackner Erich E. Hoover

Pipelight Windows browser plugins on Linux Michael Mller Sebastian Lackner Erich E. Hoover May 7, 2014 1 / 35 $ whoami Michael Mller (michael@fds-team.de) studying computer science at the university of Heidelberg, Germany Sebastian

1.25k views • 35 slides
Bareos Python Plugins Introduction Stephan Dhr Feb 3, 2017 Agenda Bareos architecture and

Bareos Python Plugins Introduction Stephan Dhr Feb 3, 2017 Agenda Bareos architecture and

Bareos Python Plugins Introduction Stephan Dhr Feb 3, 2017 Agenda Bareos architecture and terminology Introduction Plugin overview (FD, SD, DIR) Detailed View at FileDaemon Plugins FD Plugin Examples Discussion of Plugin

437 views • 43 slides
Secure Architecture Principles Isolation and Least Privilege Access Control Concepts

Secure Architecture Principles Isolation and Least Privilege Access Control Concepts

Secure Architecture Principles Isolation and Least Privilege Access Control Concepts Operating Systems Browser Isolation and Least Privilege Original slides were created by Prof. John Mitchel and Suman Janna Some slides are from

1.03k views • 58 slides
Requirements for Secure Device Authentication Iden&ty in the browser

Requirements for Secure Device Authentication Iden&ty in the browser

Requirements for Secure Device Authentication Iden&ty in the browser workshop, 24-25 May 2011, Mountain View Mark Watson, Mitch Zollinger, Wesley Miaw 1

327 views • 9 slides
InkTag: Secure Applications on an Untrusted Operating System Owen Hofmann, Sangman Kim, Alan

InkTag: Secure Applications on an Untrusted Operating System Owen Hofmann, Sangman Kim, Alan

InkTag: Secure Applications on an Untrusted Operating System Owen Hofmann, Sangman Kim, Alan Dunn, Mike Lee, Emmett Witchel UT Austin You trust your OS... should you? The OS is the software root of trust on most systems The OS is a

1.06k views • 79 slides
Proof-Carrying Data: secure computation on untrusted execution platforms Eran Tromer Joint work

Proof-Carrying Data: secure computation on untrusted execution platforms Eran Tromer Joint work

Proof-Carrying Data: secure computation on untrusted execution platforms Eran Tromer Joint work with Alessandro Chiesa Eli Ben-Sasson Daniel Genkin 1 Technion Cryptoday June 16, 2011 Motivation 3 Motivation INTEGRITY CONFIDENTIALITY

725 views • 50 slides
Plutus: scalable secure file sharing on untrusted storage Mahesh Kallahalla HP Labs Joint work

Plutus: scalable secure file sharing on untrusted storage Mahesh Kallahalla HP Labs Joint work

Plutus: scalable secure file sharing on untrusted storage Mahesh Kallahalla HP Labs Joint work with Erik Riedel (Seagate Research), Ram Swaminathan (HP Labs), Qian Wang (Penn State), Kevin Fu (MIT) March 31 2003 Why care about storage

399 views • 27 slides
Safe Loading A Foundation for Secure Execution of Untrusted Programs Mathias Payer, Tobias

Safe Loading A Foundation for Secure Execution of Untrusted Programs Mathias Payer, Tobias

Safe Loading A Foundation for Secure Execution of Untrusted Programs Mathias Payer, Tobias Hartmann, Thomas R. Gross Department of Computer Science ETH Zurich, Switzerland Motivation Application code Kernel 2 Motivation Application code

483 views • 30 slides
Secure Coding Patterns @andhallberg TrueSec Trust Domain-Driven Security The Untrusted Pa7ern

Secure Coding Patterns @andhallberg TrueSec Trust Domain-Driven Security The Untrusted Pa7ern

Secure Coding Patterns @andhallberg TrueSec Trust Domain-Driven Security The Untrusted Pa7ern Immutability The Inverse Life Coach Pa7ern Trust The founda>on of so?ware security 1. Hello! Im Businessman Bob! 2. Hello! Im the bank!

877 views • 69 slides
Secure Coding Patterns Andreas Hallberg, TrueSec Trust Domain-Driven Security The Untrusted

Secure Coding Patterns Andreas Hallberg, TrueSec Trust Domain-Driven Security The Untrusted

Secure Coding Patterns Andreas Hallberg, TrueSec Trust Domain-Driven Security The Untrusted Pattern Immutability The Inverse Life Coach Pattern Trust The foundation of software security 1. Hello! Im Businessman Bob! 2. Hello! Im the

666 views • 66 slides
Confluence of Layered Rewrite Systems Jean-Pierre Jouannaud Jiaxiang Liu and Mizuhito Ogawa 24th

Confluence of Layered Rewrite Systems Jean-Pierre Jouannaud Jiaxiang Liu and Mizuhito Ogawa 24th

Confluence of Layered Rewrite Systems Jean-Pierre Jouannaud Jiaxiang Liu and Mizuhito Ogawa 24th CSL, Berlin, September 6, 2015 Outline 1 Problem and Result 2 Layered rewrite systems 3 Sub-rewriting 4 Cyclic unification 5 Decreasing diagrams 6

437 views • 39 slides
Workflow for Piled Foundations in Hong Kong Tom Bush Ove Arup & Partners Hong Kong Ltd. 30

Workflow for Piled Foundations in Hong Kong Tom Bush Ove Arup & Partners Hong Kong Ltd. 30

An Automated Design Workflow for Piled Foundations in Hong Kong Tom Bush Ove Arup & Partners Hong Kong Ltd. 30 May 2019 Outline Digital Transformation of Design Planning for Automation Pile Design: Automated Reflections

586 views • 22 slides
MUFG Investors Day 2017 Main Q&A Retail Banking Business Q: Looking at European and American

MUFG Investors Day 2017 Main Q&A Retail Banking Business Q: Looking at European and American

MUFG Investors Day 2017 Main Q&A Retail Banking Business Q: Looking at European and American financial institutions with successful wealth management strategies, the key to success seems to be in developing experts (namely, private

506 views • 19 slides
OwnKit: Inferring Modularly Checkable Ownership Annotations for Java Constantine Dymnikov, David

OwnKit: Inferring Modularly Checkable Ownership Annotations for Java Constantine Dymnikov, David

OwnKit: Inferring Modularly Checkable Ownership Annotations for Java Constantine Dymnikov, David J. Pearce and Alex Potanin School of Engineering and Computer Science Victoria University of Wellington What is Ownership? Ownership is an approach

414 views • 15 slides
Framework Conditions and Potentials of ESCO Bioenergy Projects in Serbia for Public Buildings

Framework Conditions and Potentials of ESCO Bioenergy Projects in Serbia for Public Buildings

Framework Conditions and Potentials of ESCO Bioenergy Projects in Serbia for Public Buildings (Private-public Partnership Model of Financing) Aleksandar Durkovic Energy Consultant Augsburg Germany October 10, 2014 Content of the

390 views • 26 slides
Integrated test environment for a part of the LHCb calorimeter TWEPP 2009 Carlos Abellan Beteta

Integrated test environment for a part of the LHCb calorimeter TWEPP 2009 Carlos Abellan Beteta

Integrated test environment for a part of the LHCb calorimeter TWEPP 2009 Carlos Abellan Beteta La Salle, URL 22/9/2009 TWEPP09 Parallel session B2a - Production, testing and reliability Integrated test environment for a part of the LHCb

363 views • 18 slides
Appium Studio for Eclipse 1 Appium Studio for Eclipse A single tool for developing and executing

Appium Studio for Eclipse 1 Appium Studio for Eclipse A single tool for developing and executing

Appium Studio for Eclipse 1 Appium Studio for Eclipse A single tool for developing and executing Appium/Selenium/SeeTest mobile tests and automation frameworks on real physical devices Embedded mobile view within Eclipse: device reflection,

367 views • 13 slides
PKI in Action: Inter-bank Financial System The Bank of Thailand The Central Bank of Thailand

PKI in Action: Inter-bank Financial System The Bank of Thailand The Central Bank of Thailand

PKI in Action: Inter-bank Financial System The Bank of Thailand The Central Bank of Thailand Established in 1942 Operates Thailands Interbank High-value and High- volume Payment Systems 2 Ref:

571 views • 5 slides

More recommend