crossing the chasm
play

Crossing the Chasm Pitching Security Research to Mainstream Browser - PowerPoint PPT Presentation

Feb 04, 2024 •354 likes •825 views

Crossing the Chasm Pitching Security Research to Mainstream Browser Vendors Collin Jackson Carnegie Mellon University Why a security feature is like a startup <10 users ~1 million users >1 billion users Ideas trying to cross the chasm

  1. Crossing the Chasm Pitching Security Research to Mainstream Browser Vendors Collin Jackson Carnegie Mellon University

  2. Why a security feature is like a startup <10 users ~1 million users >1 billion users

  3. Ideas trying to cross the chasm For every idea here there are 100 that never got any adoption

  4. Good ideas get adopted very quickly X-Frame-Options History Privacy Two years after One year after

  5. Not all ideas are so lucky... ● Browser-based identity management ○ Password generators ○ Client certs ○ PAKE ● Fine-grained sandbox architectures ○ Plugin isolation ○ Origin isolation ● Automatic clickjacking protection ○ Wait, what?

  6. NoScript has 90m downloads! ● Less than <0.1% of active internet users ● Dumping ground for chasm-challenged features ● Fundamentally different outlook than mainstream browsers ○ Extensive user interaction ○ Highly complex behavior ○ Breaks sites... by design! flattr.com/profile/ma1

  7. Are browser vendors too conservative? ● Features are not free! ○ Simplicity as a selling point ○ Rely on addons for niche functionality ● Breakage is very expensive ○ Web sites slow to adapt ○ Switching costs are low

  8. What program committees care about ● Novel ○ Not substantially similar to previous work ○ Opens new avenues of research ○ Unconstrained by conventional thinking ● Non-trivial ○ Makes clever use of advanced tools and techniques ○ Substantial work involved in system implementation These will get you a conference paper... ... but they actively harm a proposal's mainstream appeal

  9. What browser vendors care about ● Must-have ○ Replaces broken, band-aid approaches that are nevertheless already being widely used ○ No browser wants to be the only one without it ● Easy ○ Deployable unilaterally , with little effort ○ Everyone can implement in the same way ○ Can determine if implementation is correct ● Low-risk ○ Doesn't break anything important, even in the long tail ○ Any change that's not opt-in is risky

  10. Make your proposal a must-have ● Can always find someone who likes your idea... ○ Early adoption not a sure-fire sign of mainstream need ● Addons are a final resting place for many niche features ○ A vendor needs to be embarrassed not to have it ○ Browser vendors are like dominos ● Marketing ○ Compelling demos ○ Mainstream press ○ Large web sites who will champion it

  11. Must-have #1: Same-origin policy ● Origin = protocol://host:port ● Full access to same origin ○ Full network access ○ Read/write DOM ○ Storage ● Limited interaction with other origins ○ Import of library resources (e.g. scripts) ○ Forms, hyperlinks ● Introduced by Netscape in 1996 in response to media reports of cross-origin scripting attacks

  12. How postMessage became must-have ● Allows client-side messaging between origins ● Increasingly popular web sites like Facebook build mechanisms around hacks (fragment identifier messaging) ● Microsoft decided it was safe, implemented in IE8 ● Firefox wanted HTML5 feature parity with IE ● Safari wanted HTML5 feature parity with Firefox/IE ● By the time we dropped this bomb, it was too late to stop it

  13. How history privacy became must-have ● Compelling demos ● Real-world attacks ● Lawmakers and media interested Perfect ingredients for competition among browser vendors ● Only partial solution but easy and low-risk

  14. Make your proposal easy Strongly preferable: ● Deployable unilaterally: doesn't require cooperation among multiple vendors ● Web sites don't have to adopt right away ● Everyone can implement it exactly the same Non-examples ● Taint tracking ● toStaticHTML ● DNSSEC

  15. X-Frame-Options versus ClearClick

  16. Strict Transport Security Original ForceHTTPS involved ● Cookies ● User-configurable options ● Mixed content protection Stripped down proposal to make it easer to implement

  17. Make your proposal low-risk ● Does it break functionality? ● Does it slow things down? Credit: Lauren Marin ● Does it interfere with getting stuff done? ● Are you making more people sad than happy?

  18. De-risking a security proposal Choose one: 1. Make the security opt-in ○ Huge evangelism cost ○ Yet another thing to forget to do 1. Create brand new functionality ○ Sidesteps legacy considerations ○ Adoption barrier? 2. Very thorough performance & compatibility evaluation ○ Often ~5x harder than the actual implementation ○ Some features just weren't meant to be!

  19. Opt-in security X-Secure-Me-Harder: yes! ● Extremely popular approach! X-Frame-Options, X-Content- Type-Options, Strict-Transport-Security, etc. ● Header bloat problem How many opt-in features had an impact on the world? ● Trickling down from the PayPals and Twitters ● Long tail takes many years Alternative policy delivery mechanisms ● Host-meta ● New HTML tags/attributes ● Content Security Policy

  20. New platforms

  21. Web Sockets

  22. On-by-default security? Yikes. ● Things fail mysteriously, and more often than you'd think ● Failures are (usually) not attacks ● For every bug filed, how many users just give up or switch browsers?

  23. How securing Gmail ruined my Korean class ● Get a website to host your SWF http://victim.com/attack.swf ● User logs in to victim.com ● Get user to visit http://attack.com/ ● Embed the SWF and hijack the session <embed src="http://victim.com/attack.swf"/>

  24. Another on-by-default fail: OCSP ● Validating certificate takes >1sec for 10% of HTTPS requests ● Adds to initial page load time dramatically when dependent scripts, images, etc. are on other hostnames ● Must-have, yet high-risk. Browsers don't enforce ● Defeating OCSP with the number 3

  25. Compatibility Evaluation Failures "I checked the Alexa top 100" "I changed the plugin security policy and I played a YouTube video" "I went to 10 websites and only 2 of them broke"

  26. Better ideas ● Deep crawl ○ Get beyond login pages ○ Execute JavaScript (Kudzu) ● Client-side measurement ○ Google Chrome User Metrics ○ Firefox Test Pilot ● Ad networks ○ Flash Player ads ○ Iframe ads

  27. What a real evaluation looks like Content Sniffing Algorithm ● Searched the entire Google crawl index for common mime type mismatches; eliminated unused sniffing rules ● QA team visited the top 500 sites and tested extensively while logged in ● Google Chrome user metrics study found less than 0.004% compatibility impact

  28. If you don't have the Google index... Alexa top 100,000

  29. If you don't have your own browser...

  30. Sometimes the answer is "no" ● Only showed links as visited if you visited from the current site ● Perfect protection from attack, but at what cost?

  31. Compatibility numbers aren't good? An unlikely savior...

  33. Frame navigation

  34. Mixed content

  35. Origin contamination

  36. Taking one for the team

  37. Dangers of chasm thinking

  38. Should researchers bother with nice-to-have, difficult, risky ideas?

  39. Yes! but...

  40. Let your idea be hacked apart ● Don't expect the final solution to resemble the original form ○ Rebranded ○ User interface changed/removed ○ Unnecessary complexity dropped ● The best ideas are easily tweaked and repurposed ● Sometimes just a problem statement is a contribution ● Celebrate indirect impact!

  41. Perspectives ● Firefox addon topped out at ~10,000 users ● Crossed the chasm in another form: ~100,000,000 Chrome users benefiting from HTTPS monitoring

  42. MashupOS ● Never went anywhere in original form ● Key ideas survived ○ postMessage(message, targetOrigin ) ○ text/html-sandboxed MIME type ● Gazelle may find a similar fate

  43. What you can do right now to help ● Analyze existing new proposals in standardization ● Catch problems before legacy concerns creep in ● WebRTC - direct network communication between web clients ● Component Model - lets you construct your DOM out of mutually distrusting components with security boundaries between them ● ECMAScript 6 - have untrusted JavaScript run in your page ● Content Security Policy - protect the developer from themselves ● Web Intents - allow one web application to invoke another The time to get involved is now!

  44. Show up! ● Meet the decision-makers ○ Many are in this room! ○ Many Mozilla meetings are open ● Join mailing lists ○ WHATWG ○ W3C public-web-security ○ IETF WebRTC ○ IETF Web Security Working Group ● Write code! ○ Firefox, Google Chrome, and most of Safari are open source ○ Nothing says "implement me now" like a patch ready for approval

  45. collin.jackson@sv.cmu.edu http://websec.sv.cmu.edu/

  46. Controversial things I just said ● NoScript is a niche browser... not the browser of the future ● Program committees actively harm good ideas ● OCSP is risky ● Taint tracking is hard ● SafeHistory is undeployable ● Breaking web sockets for 6 months was not a mistake ● You should crash Mozilla team meetings

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Moving from Innovation to Mainstream Part 1 Eric Siow Crossing the Chasm Part 2

Moving from Innovation to Mainstream Part 1 Eric Siow Crossing the Chasm Part 2

Next Steps for The Web of Things: Moving from Innovation to Mainstream Part 1 Eric Siow Crossing the Chasm Part 2 Michael McCool Standards Development Prioritization PART 1 Crossing the Chasm 2 Outline Part 1 State of the

473 views • 19 slides
Crossing the chasm with {&quot;no&quot;:&quot;SQL&quot;} Akmal B. Chaudhri ( )

Crossing the chasm with {&quot;no&quot;:&quot;SQL&quot;} Akmal B. Chaudhri ( )

Crossing the chasm with {&quot;no&quot;:&quot;SQL&quot;} Akmal B. Chaudhri ( ) Introduction My background ~25 years experience in IT Client-facing roles Developer (Reuters) Developers Academic (City

1.41k views • 106 slides
Crossing the chasm with {&quot;no&quot;:&quot;SQL&quot;} Akmal B. Chaudhri ( )

Crossing the chasm with {&quot;no&quot;:&quot;SQL&quot;} Akmal B. Chaudhri ( )

Crossing the chasm with {&quot;no&quot;:&quot;SQL&quot;} Akmal B. Chaudhri ( ) Abstract This presentation will discuss the reasons for the rise and development of NoSQL technology, and compare and contrast the alternative

1.62k views • 137 slides
Crossing the SDN/NFV Deployment Chasm Initiation -&gt; Ideation -&gt; Implementation? NFV white

Crossing the SDN/NFV Deployment Chasm Initiation -&gt; Ideation -&gt; Implementation? NFV white

Getting past Ideation; Crossing the SDN/NFV Deployment Chasm Initiation -&gt; Ideation -&gt; Implementation? NFV white paper published in October 2012 implementations globally, at scale remains a successfully initiated the SDN/NFV industry and

277 views • 3 slides
Crossing the chasm(s): A single approach to quality in Wales Public Board meeting 29 th November

Crossing the chasm(s): A single approach to quality in Wales Public Board meeting 29 th November

Crossing the chasm(s): A single approach to quality in Wales Public Board meeting 29 th November 2018 A Healthier Wales Focus on the quality cycle in six key areas: o Safer medicines management o Frail elderly care o Equitable health and

384 views • 24 slides
Kubernetes Crossing the Chasm 05.03.2018 Ian Crosby @IanDCrosby info@container-solutions.com

Kubernetes Crossing the Chasm 05.03.2018 Ian Crosby @IanDCrosby info@container-solutions.com

Kubernetes Crossing the Chasm 05.03.2018 Ian Crosby @IanDCrosby info@container-solutions.com container-solutions.com container-solutions.com info@container-solutions.com Kubernetes: Crossing the Chasm @IanDCrosby container-solutions.com

424 views • 40 slides
From the patients experience Going from patient room to radiology in a gurney

From the patients experience Going from patient room to radiology in a gurney

I.C.U. Can you See Me? I never knew when a doctor was going to come in and do something to me. Crossing the Chasm from the Patients Perspective Patient Della M. Lin, M.D. She seemed very frustrated that she When I asked

458 views • 7 slides
CHASM Taylor Jaraczewski Background Yet again.. Drivers vs. passengers Only a very

CHASM Taylor Jaraczewski Background Yet again.. Drivers vs. passengers Only a very

CHASM Taylor Jaraczewski Background Yet again.. Drivers vs. passengers Only a very small fraction of tumors drives proliferation (hill vs. mountains) Need ways to determine drivers NOT based on frequency CHASM focuses on

302 views • 9 slides
From our view From the patients experience Going from patient Patient focus groups

From our view From the patients experience Going from patient Patient focus groups

I.C.U. Can you See Me? I never knew when a doctor was going to come in and do something to me. Crossing the Chasm from the Patients Perspective Patient Della M. Lin, M.D. She seemed very frustrated that she When I asked

277 views • 7 slides
Crossing boundaries Crossing Boundaries 12.08.2008 Eva Brucherseifer Seite 1 Crossing

Crossing boundaries Crossing Boundaries 12.08.2008 Eva Brucherseifer Seite 1 Crossing

Crossing boundaries Crossing Boundaries 12.08.2008 Eva Brucherseifer Seite 1 Crossing Bounderies Making KDE Technology Available to Embedded Devices Eva Brucherseifer l Just another Platform? basysKom GmbH l Strategies for cross device

864 views • 19 slides
The Gap between Crossing Numbers and Outerplanar Crossing Numbers EPSRC GR/R37395/01:

The Gap between Crossing Numbers and Outerplanar Crossing Numbers EPSRC GR/R37395/01:

The Gap between Crossing Numbers and Outerplanar Crossing Numbers EPSRC GR/R37395/01: Parallel and Sequential Algorithms for Low Crossing Graph Drawing (2001-2004) EPSRC - GR/S76694/01: Outerplanar Crossing Numbers (2003-2006) Farhad

238 views • 19 slides
VERDI CROSSING LOCATION AT-GRADE CROSSING UNDERCROSSING ALT # 1 UNDERCROSSING ALT# 2 RAIL

VERDI CROSSING LOCATION AT-GRADE CROSSING UNDERCROSSING ALT # 1 UNDERCROSSING ALT# 2 RAIL

VERDI CROSSING LOCATION AT-GRADE CROSSING UNDERCROSSING ALT # 1 UNDERCROSSING ALT# 2 RAIL CROSSING LOCATION CRITERIA Facilities of Feeder Streets Proximity to Existing Impact to Coastal Rail Trail Crossings Environmental Impacts

225 views • 7 slides
Level Crossing Removal Project Kevin Devlin CEO, Level Crossing Removal Authority Level Crossing

Level Crossing Removal Project Kevin Devlin CEO, Level Crossing Removal Authority Level Crossing

Level Crossing Removal Project Kevin Devlin CEO, Level Crossing Removal Authority Level Crossing Removal Project Status Update 1 level crossing completed Over $2.8 billion in contracts awarded 18 in construction The

219 views • 8 slides
The Promiscuous PM VS . 35% Confidence != Competence Jens Rolodex....Strategy Jobs To Be

The Promiscuous PM VS . 35% Confidence != Competence Jens Rolodex....Strategy Jobs To Be

The Promiscuous PM VS . 35% Confidence != Competence Jens Rolodex....Strategy Jobs To Be Done Network Effects Competitive Moats Market Segmentation Crossing the Chasm The Scientific Method Aggregation Theory Bayesian Probability Game

1.29k views • 94 slides
Insertion layout Reminder: - Option with beam crossing need lower at crossing point (parallel

Insertion layout Reminder: - Option with beam crossing need lower at crossing point (parallel

Insertion layout Reminder: - Option with beam crossing need lower at crossing point (parallel separation and crossing angle) - Option without beam crossing can have simpler lattice (but keep DS) Insertion layout beta 250 &quot;old2&quot;

315 views • 5 slides
Section 130 Railroad Crossing Safety Program Overview of the Section 130 Program Railroad

Section 130 Railroad Crossing Safety Program Overview of the Section 130 Program Railroad

Section 130 Railroad Crossing Safety Program Overview of the Section 130 Program Railroad Crossing Inventory Mission: Enhance the safety of railroad crossings. THE SAFEST CROSSING IS A CLOSED CROSSING!!! Limited funds: upgrades

839 views • 48 slides
JACKSON PARK GREENHOUSE COMPLEX Glos Associates Inc. 325 Devonshire Road, Suite 410 2449

JACKSON PARK GREENHOUSE COMPLEX Glos Associates Inc. 325 Devonshire Road, Suite 410 2449

JACKSON PARK GREENHOUSE COMPLEX Glos Associates Inc. 325 Devonshire Road, Suite 410 2449 MCDOUGALL STREET Windsor, ON N8Y 2L3 10/09/2020 REFUSE BINS W/ LOCKABLE SWING ENCLOSURE GATE ON ROLLERS DETENTION YARD WASTE C/W EXISTING BASIN

358 views • 8 slides
kotlinx.serialization 1.0 Leonid Startsev @sandwwraith October 13, 2020 Kotlin multiplatform /

kotlinx.serialization 1.0 Leonid Startsev @sandwwraith October 13, 2020 Kotlin multiplatform /

Kotlin 1.4 Online Event kotlinx.serialization 1.0 Leonid Startsev @sandwwraith October 13, 2020 Kotlin multiplatform / multi-format reflectionless serialization Kotlin multiplatform / multi-format reflectionless serialization Things well

1.02k views • 71 slides
Classroom Experience and Expectations Welcome to Michigan Tech! This session will be led by Mike

Classroom Experience and Expectations Welcome to Michigan Tech! This session will be led by Mike

Classroom Experience and Expectations Welcome to Michigan Tech! This session will be led by Mike Meyer. Mike is a Senior Lecturer in Physics and directs the Jackson Center for Teaching and Learning. Thanks for attending this session! Jackson

425 views • 7 slides
Plangrid: best practices for mechanical contractors Construction Jackson Technology ASTI

Plangrid: best practices for mechanical contractors Construction Jackson Technology ASTI

Plangrid: best practices for mechanical contractors Construction Jackson Technology ASTI Implementation Sensat Specialist About Me Texas A&amp;M University BS in Construction Science Experience as a GC and Subcontractor

614 views • 16 slides
Enterprise-wide Optimization: Strategies for Integration, Uncertainty, and Decomposition Ignacio

Enterprise-wide Optimization: Strategies for Integration, Uncertainty, and Decomposition Ignacio

Enterprise-wide Optimization: Strategies for Integration, Uncertainty, and Decomposition Ignacio E. Grossmann Center for Advanced Process Decision-making Department of Chemical Engineering Carnegie Mellon University Pittsburgh, PA 15213,

1.27k views • 109 slides
Public Information Meeting WIS 60 CORRIDOR STUDY Washington and Ozaukee Counties Welcome

Public Information Meeting WIS 60 CORRIDOR STUDY Washington and Ozaukee Counties Welcome

Public Information Meeting WIS 60 CORRIDOR STUDY Washington and Ozaukee Counties Welcome PLEASE SIGN IN Y our participation is important Meeting purpose Introduce the study team Identify goals for this study Describe

515 views • 22 slides
Agenda Cash Flow, Projections &amp; Forecasting Managing Revenue &amp; Expenses

Agenda Cash Flow, Projections &amp; Forecasting Managing Revenue &amp; Expenses

COVID-19 Response Financial Planning &amp; Operational T ools April 2020 Agenda Cash Flow, Projections &amp; Forecasting Managing Revenue &amp; Expenses Business Continuity &amp; Contingency Planning

527 views • 8 slides
Hamiltonian Cycles in Triangulations Gunnar Brinkmann, Craig Larson, Jasper Souffriau, Nico Van

Hamiltonian Cycles in Triangulations Gunnar Brinkmann, Craig Larson, Jasper Souffriau, Nico Van

Hamiltonian Cycles in Triangulations Gunnar Brinkmann, Craig Larson, Jasper Souffriau, Nico Van Cleemput Combinatorial Algorithms and Algorithmic Graph Theory Department of Applied Mathematics and Computer Science Ghent University G.

668 views • 44 slides

More recommend