conscript
play

ConScript Specifying and Enforcing Fine-Grained Security Policies - PowerPoint PPT Presentation

Apr 14, 2023 •305 likes •727 views

ConScript Specifying and Enforcing Fine-Grained Security Policies for JavaScript in the Browser Leo Meyerovich Benjamin Livshits UC Berkeley Microsoft Research Web Programmability Platform openid.net yelp.com adsense.com Google maps 2

  1. ConScript Specifying and Enforcing Fine-Grained Security Policies for JavaScript in the Browser Leo Meyerovich Benjamin Livshits UC Berkeley Microsoft Research

  2. Web Programmability Platform openid.net yelp.com adsense.com Google maps 2

  3. Rich Internet Applications are Dynamic Yelp.com: main.js … jQuery.js … adSense.js … GoogleMaps.js … OpenID_API.js flexible runtime composition … but little control. 3

  4. Towards Safe Programmability for the Web Can’t trust other Mash-ups people’s code 4

  5. Goals and Contributions control loading • protect benign users • by giving control to hosting site and use of scripts • ConScript approach: aspects for security • 17 hand-written policies express many • correct policies are hard to write policies safely • proposed type system to catch common attacks • implemented 2 policy generators • built into IE 8 JavaScript interpreter browser support • runtime and space overheads under 1% (vs. 30-550%) • smaller trusted computing base (TCB) 5

  6. approach protect benign users by giving control to the hosting site : aspects for security 6

  7. ConScript • Approach – protect benign Web users – give control to the hosting site • How – Browser-supported aspects for security 7

  8. Contributions of ConScript A case for aspects • protect benign users by giving control to hosting site • ConScript approach: aspects for security in browser • built into IE 8 JavaScript interpreter Correctness • Policies are easy to get wrong checking • Type system to ensure policy correctness • 17 hand-written policies Expressiveness • Comprehensive catalog of policies from literature and practice • implemented 2 policy generators • Tested on real apps: Google Maps, Live Desktop, etc. Evaluation • runtime and space overheads under 1% (vs. 30-550%) • smaller trusted computing base (TCB) 8

  9. manifest of script URLs enforce public HTTP-only vs. private cookies resource no pop-ups blacklists Policies no URL limit eval redirection no foreign <noscript> links no hidden script whitelist frames 9

  10. C ON S CRIPT aspects implementing aspects in IE8 checking C ON S CRIPT policies generating C ON S CRIPT policies performance 10

  11. eval is evil function () { window.eval = throw „Disallowed‟ }; heap stack document window x eval y heap bar function foo z object … eval div eval 11

  12. No postMessage : A Simple Policy? Wrapping: [[Caja, DoCoMo, AOJS, lightweightjs , Web Sandbox, …]] window.postMessage = function () {}; frame1.postMessage(“ msg ”, “evil.com”) Aspects: [[AspectJ]] void around (String msg, String uri) : call DOM.postMessage (String m, String u) { /* do nothing instead of call */ } … no classes in JavaScript / DOM … 12

  13. Specifying Calls using References postMessage [Object window] function () { function () { [native code] throw ‘ exn ’; [Object } } frame] postMessage around(window.postMessage, function () { throw „ exn ‟; }); 13

  14. ConScript Interface 1. Functions DOM: a r o u n d E x t ( p o s t M e s s a g e, f u n c t i o n ( p m 2 , m , u r i ) { … } ) ; JS: a r o u n d N a t ( e v a l , f u n c t i o n ( e v a l , s t r ) { … } ) ; User-defined: a r o u n d F n c ( f o o , f u n c t i o n ( f o o 2 , a r g 1 ) { … } ) ; 2. Script introduction <script>: aroundScr(function (src) { return src + „;‟ + pol;}); inline: aroundInl(function (src) { return src + „;‟ + pol;}); 14

  15. C ON S CRIPT aspects implementing aspects in IE8 checking C ON S CRIPT policies generating C ON S CRIPT policies performance 15

  16. Problem: Implementation? Source Rewriting [[aojs, docomo, caja, sandbox, fbjs]] function f () { … } function f () {<before> … <after>}  50%-450% more to transfer, 30-70% slowdown  limited: native (DOM) functions, dynamic code?  big assumptions: adds parser to TCB, … 16

  17. Mediating DOM Functions window.postMessage IE8 libraries (HTML, Networking, …) JavaScript interpreter postMessage advice dispatch 0xff34e5 0xff34e5 arguments: “hello”, “evil.com” call advice off 0xff34e5 aroundExt(window.postMessage, ); [not found] off frame2.postMessage 17

  18. Resuming Calls function foo () { } function foo () { } advice off advice on } else throw ‘ ’; } function advice1 (foo2) { function advice2 (foo2) { if (ok()) { if (ok()) { bless(); foo2(); foo2(); } else throw ‘ exn ’; } } else throw ‘ exn ’; } throw ‘ ’; }} bless() temporarily disables advice for next call 18

  19. Optimizing the Critical Path function foo () { } function foo () { } advice on advice off advice on function advice3 (foo2) { function advice2 (foo2) { if (ok()) foo2(); if (ok()) { else { bless(); curse(); foo2(); throw ‘ exn ’; } } } else throw ‘ exn ’; } • calling advice turns advice off for next call • curse() enables advice for next call 19

  20. C ON S CRIPT aspects implementing aspects in IE8 checking C ON S CRIPT policies generating C ON S CRIPT policies performance 20

  21. Basic Usage script whitelist Yelp.com : main.js, index.html no eval … jQuery.js SURGEON GENERAL’S WARNING no innerHTML … adSense.js no hidden frames Policies are written in a small JavaScript subset. … GoogleMaps.js no inline scripts Applications only lose a few dangerous features. … OpenID_API.js only HTTP cookies <script src =“ main.js ” policy=“ noEval ()”/> 21

  22. Policy Integrity Objects defined with policy constructors do not flow out Old Policy around(postMessage, function (m, url) { w = {“ msn.com ”: true}; … 22

  23. Policy Integrity Objects defined with policy constructors do not flow out Old Policy around(postMessage, function (m, url) { w = {“ msn.com ”: true}; … policy object: must protect unknown: do not pass privileged objects! 23

  24. Policy Integrity Objects defined with policy constructors do not flow out Old Policy around(postMessage, function (m, url) { w = {“ msn.com ”: true}; … User Exploit postMessage (“”, “ msn.com ”); w [“evil.com”] = 1; postMessage (“”, “ evil.com ”); 24

  25. Policy Integrity Objects defined with policy constructors do not flow out New Policy around(postMessage, function (m, url) { window.w = {“ msn.com ”: true}; var w … User Exploit postMessage (“”, “ msn.com ”); w[“evil.com”] = 1; postMessage (“”, “ evil.com ”); 25

  26. Policy Integrity Objects defined with policy constructors do not flow out New Policy around(postMessage, function (m, url) { window.w = {“ msn.com ”: true}; var w … policy object: must protect unknown: do not pass privileged objects! 26

  27. Maintaining Integrity 1. Policy objects do not leak out of policies 2. Access path integrity of calls (no prototype hijacking) • ML-style type inference –  basic –  program unmodified –  only manually tested on policies • JavaScript interpreter support – call(ctx, fnc , arg1, …), hasOwnProperty(obj , “ fld ”) – caller 27

  28. Transparency • If running with policies throws no errors – … for same input, running without should be safe – empty advice should not be functionally detectable • Difficult with wrapping or rewriting – Function.prototype.apply, exn.stacktrace, myFunction.callee, arguments.caller, myFunction.toString, Function.prototype.call – correctness vs. compatibility vs. performance … • Simpler at interpreter level – rest up to developer – no proof 28

  29. C ON S CRIPT aspects implementing aspects in IE8 checking C ON S CRIPT policies generating C ON S CRIPT policies performance 29

  30. Automatically Generating Policies • Intrusion detection – can we infer and disable unneeded DOM functions? • C# access modifiers – can we enforce access modifiers like private ? • ASP policies – can we guarantee no scripts get run in <% echo %>? 30

  31. Intrusion Detection 1: Learn Blacklist log eval new Function(“string”) postMessage XDomainRequest audit xmlHttpRequest … 31

  32. Intrusion Detection 2: Enforce Blacklist 32

  33. Enforcing C# Access Modifiers function File () { … } class File { File.construct = … public File () { … } Script# compiler File.open = … private open () { … } … … C# JavaScript around(File, pubEntryPoint); around(File.construct, pubEntryPoint); around(File.open, privCall); ConScript 33

  34. C ON S CRIPT aspects implementing aspects in IE8 checking C ON S CRIPT policies generating C ON S CRIPT policies performance 34

  35. Performance Microbenchmarks: 1.2x (vs. 3.4x) Initialization time: 0-1% Runtime: 0-7% (vs. 30+%) File size blowup: < 1% (vs. 50+%) 35

  36. Microbenchmark: Mediation Overhead wrap bless autobless 3.42x var raw = obj.f; obj.f = function () { raw();} 4 3.5 3 2.5 1.44x function advice2 (foo2) { 2 1.5 bless(); 1 foo2(); 0.5 } 0 function advice3 (foo2) { 1.24x foo2(); } 36

  37. File Size Increase (IDS) MSN GMail Google Maps 10.4 11.0 10.0 9.0 8.0 7.0 6.0 4.8 4.4 5.0 3.9 4.0 3.0 1.7 1.5 1.5 1.5 2.0 1.2 1.0 1.0 1.0 1.0 0.0 ConScript Docomo Caja Sandbox 37

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Conscript Your Friends into Larger Anonymity Sets with JavaScript Henry Corrigan-Gibbs

Conscript Your Friends into Larger Anonymity Sets with JavaScript Henry Corrigan-Gibbs

Conscript Your Friends into Larger Anonymity Sets with JavaScript Henry Corrigan-Gibbs Bryan Ford Stanford Yale ACM Workshop on Privacy in the Electronic Society 4 November 2013 New Anonymity Systems Have a

563 views • 27 slides
.kr DNS Redirection 28. Oct, 2009 Korea Internet &amp; Security Agency Contents 1. DNS

.kr DNS Redirection 28. Oct, 2009 Korea Internet &amp; Security Agency Contents 1. DNS

.kr DNS Redirection 28. Oct, 2009 Korea Internet &amp; Security Agency Contents 1. DNS Redirection 2. Use of .kr DNS direction 3. Web-Navigation System 4. Market share of web browser in Korea 5. .kr DNS Redirection status 6. Query status for

164 views • 12 slides
Results in the Use and Practise of Composting Toilets in Multi Story Houses in Bielefeld and

Results in the Use and Practise of Composting Toilets in Multi Story Houses in Bielefeld and

Results in the Use and Practise of Composting Toilets in Multi Story Houses in Bielefeld and Rostock, Germany Dipl.-Ing. Wolfgang Berger Berger Biotechnik GmbH, Hamburg Ecological settlement Hamburg-Allermhe (started in 1986) Berger

532 views • 19 slides
Case Management Project Judicial and Public Safety Strategic Planning and Technology Commission

Case Management Project Judicial and Public Safety Strategic Planning and Technology Commission

Case Management Project Judicial and Public Safety Strategic Planning and Technology Commission History and Background 2010 - URL Review, Analysis and Recommendations 2012 NCSC RFP Requirements Drafted 2013 - RFP for New Court

312 views • 12 slides
20 th April 2011 Presentation On GREATER KARACHI SEWERAGE PLAN (S-III) KW&amp;SB v Karachi

20 th April 2011 Presentation On GREATER KARACHI SEWERAGE PLAN (S-III) KW&amp;SB v Karachi

20 th April 2011 Presentation On GREATER KARACHI SEWERAGE PLAN (S-III) KW&amp;SB v Karachi with an estimated population of around 22 million is presently facing a severe environmental crisis due to discharge of untreated sewage through

371 views • 26 slides
I ts Me 247 Online Banking is coming to your members on December 5! Rollout Update November

I ts Me 247 Online Banking is coming to your members on December 5! Rollout Update November

I ts Me 247 Online Banking is coming to your members on December 5! Rollout Update November 20, 2007 Beta Test Report 15 beta-sites testing with credit union staff Community GR Family Onaway CorePlus Kenowa

746 views • 20 slides
Adobe Forms Katrina Boyd, MPH, CAP-OM May 15, 2014 IAAP Table of Contents What is Adobe

Adobe Forms Katrina Boyd, MPH, CAP-OM May 15, 2014 IAAP Table of Contents What is Adobe

Adobe Forms Katrina Boyd, MPH, CAP-OM May 15, 2014 IAAP Table of Contents What is Adobe Forms? Pricing Tiers Nuts and Bolts Pros/Cons Adobe Forms vs. Google Forms FAQs Your Questions What is Adobe Forms? What is

857 views • 39 slides
WT02 - Software Citation: Principles, Usage, Benefits, and Challenges Daniel S. Katz and Martin

WT02 - Software Citation: Principles, Usage, Benefits, and Challenges Daniel S. Katz and Martin

WT02 - Software Citation: Principles, Usage, Benefits, and Challenges Daniel S. Katz and Martin Fenner Goals: After the course, attendees should be able to: Understand the software citation principles Lots of explanation and

335 views • 14 slides
Toward open smart IoT Systems Khalil Drira, LAASCNRS, Toulouse, France Workshop Blockchain

Toward open smart IoT Systems Khalil Drira, LAASCNRS, Toulouse, France Workshop Blockchain

Toward open smart IoT Systems Khalil Drira, LAASCNRS, Toulouse, France Workshop Blockchain and IoT opportunities for the SMEs, Turino, April 18, 2018 The evolution of IoT Shipped items Plants action are tracked on a tap to water the

981 views • 39 slides
The institutional context for Internet governance David Souter ict Development Associates

The institutional context for Internet governance David Souter ict Development Associates

The institutional context for Internet governance David Souter ict Development Associates david.souter@runbox.com ICT governance: once upon a time The evolution of the internet Geeks and Industrial Global Global mass countries market

440 views • 19 slides
We help tech companies start, grow and succeed. The transformation &gt;$22B 2013 total revenues

We help tech companies start, grow and succeed. The transformation &gt;$22B 2013 total revenues

We help tech companies start, grow and succeed. The transformation &gt;$22B 2013 total revenues $100M in total revenues &gt;1,000 tech firms 641 active startups 50 tech firms new tech jobs 30,000 (since `97) 1,800 employed tech jobs

714 views • 24 slides
Sentiment Analysis for Twitter using Hyrid Naive Bayes Harsh Thakkar 1 Dr. Dhiren Patel 2 1

Sentiment Analysis for Twitter using Hyrid Naive Bayes Harsh Thakkar 1 Dr. Dhiren Patel 2 1

Introduction Background Proposed approach Experimental setup Results Conclusion Sentiment Analysis for Twitter using Hyrid Naive Bayes Harsh Thakkar 1 Dr. Dhiren Patel 2 1 M.Tech. II Student 2 Professor &amp; Guide Computer Engineering

724 views • 41 slides
Wavelet &amp; SiZer Analyses of Internet Traffic Data Cheolwoo Park (Joint work with various

Wavelet &amp; SiZer Analyses of Internet Traffic Data Cheolwoo Park (Joint work with various

Statistical and Applied Mathematical Statistical and Applied Mathematical Sciences Institute Sciences Institute Wavelet &amp; SiZer Analyses of Internet Traffic Data Cheolwoo Park (Joint work with various researchers) SAMSI May 27, 2004 1

473 views • 34 slides
Session 5: Access to data and its dissemination, data presentation, including capacity building

Session 5: Access to data and its dissemination, data presentation, including capacity building

Session 5: Access to data and its dissemination, data presentation, including capacity building for data usage and public awareness Mara SILINA/European ECO Forum Get your right to a healthy community Second subregional workshop on the

589 views • 26 slides
Market Operator User Group Dublin, 16 January 2020 1 Agenda Item Presenter Welcome Anne

Market Operator User Group Dublin, 16 January 2020 1 Agenda Item Presenter Welcome Anne

Market Operator User Group Dublin, 16 January 2020 1 Agenda Item Presenter Welcome Anne Fitzgerald Release Program Update Mark Needham Balancing Market Performance Improvements Rory Cafferky Market Development Roadmap Mark Needham

921 views • 59 slides
Market Operator User Group Belfast, 27 th February 2020 1 Agenda Item Presenter Welcome Anne

Market Operator User Group Belfast, 27 th February 2020 1 Agenda Item Presenter Welcome Anne

Market Operator User Group Belfast, 27 th February 2020 1 Agenda Item Presenter Welcome Anne Fitzgerald Release Program Update Mark Needham Market Development Roadmap Mark Needham Ex-Ante Markets Liam McAllister Brexit Update Michael

742 views • 28 slides
2018 CEMS USERS GROUP MEETING: MAINTENANCE OF THE CEMS WALT BASTRON - PRESIDENT THEO CHAPMAN -

2018 CEMS USERS GROUP MEETING: MAINTENANCE OF THE CEMS WALT BASTRON - PRESIDENT THEO CHAPMAN -

2018 CEMS USERS GROUP MEETING: MAINTENANCE OF THE CEMS WALT BASTRON - PRESIDENT THEO CHAPMAN - PROPOSAL ENGINEER WHATS INCLUDED DESCRIPTION OF WORK PLANT SITE, CONTACT PERSON NUMBER OF VISITS MAINTENANCE ACTIVITIES PER

55 views • 4 slides
OUR ZUORA COMMUNITY Marlene Lee Summers VP, Global Support Agenda What is the Zuora Community?

OUR ZUORA COMMUNITY Marlene Lee Summers VP, Global Support Agenda What is the Zuora Community?

OUR ZUORA COMMUNITY Marlene Lee Summers VP, Global Support Agenda What is the Zuora Community? Benefits of the Community Integrations Specialized Programs An Introduction to Zuora Walk-Through Demonstration Next Steps WHAT IS THE ZUORA

606 views • 19 slides
Student Information System (SIS): Evaluations, Conclusions, and Recommendation February 13, 2020

Student Information System (SIS): Evaluations, Conclusions, and Recommendation February 13, 2020

Student Information System (SIS): Evaluations, Conclusions, and Recommendation February 13, 2020 Matthew Binder Director of Educational Technology Timeline Sept 24: Illuminate announces end of ISI - starting Fall, 2021 Sept 25:

433 views • 16 slides
72 Street Community Complex Virtual Public Presentation www.GOMBInfo.com Page 1 | May 19, 2020

72 Street Community Complex Virtual Public Presentation www.GOMBInfo.com Page 1 | May 19, 2020

72 STREET COMMUNITY COMPLEX 72 Street Community Complex Virtual Public Presentation www.GOMBInfo.com Page 1 | May 19, 2020 72 STREET COMMUNITY COMPLEX TODAY'S PRESENTER PANEL Kevin Pulido Neighborhood Affairs Division Manager

549 views • 22 slides
ISD #111 WATERTOWN MAYER PUBLIC SCHOOLS BOND IMPROVEMENTS Schematic Design Approval April

ISD #111 WATERTOWN MAYER PUBLIC SCHOOLS BOND IMPROVEMENTS Schematic Design Approval April

ISD #111 WATERTOWN MAYER PUBLIC SCHOOLS BOND IMPROVEMENTS Schematic Design Approval April 27, 2020 Agenda: Communication &amp; Decision-Making Structure Design Process Elementary Improvements Middle School Improvements High School

428 views • 40 slides
Outline Outline Consumer Expenditure Survey p y Why redesign the CE? Why redesign the CE?

Outline Outline Consumer Expenditure Survey p y Why redesign the CE? Why redesign the CE?

Outline Outline Consumer Expenditure Survey p y Why redesign the CE? Why redesign the CE? Data Users Need Forum The CE Redesign Process h d Michael W. Horrigan Associate Commissioner Associate Commissione The philosophy of

82 views • 4 slides
HL7 Immunization User Group MONTHLY MEETING MAY 11, 2017 2:00 PM ET Agenda Welcome

HL7 Immunization User Group MONTHLY MEETING MAY 11, 2017 2:00 PM ET Agenda Welcome

HL7 Immunization User Group MONTHLY MEETING MAY 11, 2017 2:00 PM ET Agenda Welcome Updates SISC Update HL7 Workgroup Meeting Update Call for EHR Contacts Discussion 2017 AIRA Assessment for IIS SISC Update

743 views • 43 slides
User Group October 18, 2012 1 User Thursday, October 18, 2012 Encounter Data Group 3:00 P.M.

User Group October 18, 2012 1 User Thursday, October 18, 2012 Encounter Data Group 3:00 P.M.

Encounter Data System User Group October 18, 2012 1 User Thursday, October 18, 2012 Encounter Data Group 3:00 P.M. 4:00 P.M. ET Encounter Data Agenda Agenda Introduction Session Guidelines CMS Updates Group EDS

675 views • 31 slides

More recommend