from e to ecmascript and back again
play

From E to EcmaScript and back again Mark S. Miller and the - PowerPoint PPT Presentation

Sep 10, 2022 •763 likes •1.49k views

From E to EcmaScript and back again Mark S. Miller and the Cajadores Overview Object-Capabilities Security as extreme modularity Securing JavaScript Why and How? E Caja ES5 SES Dr. SES Patterns of Safe Cooperation In

  1. From E to EcmaScript and back again Mark S. Miller and the Cajadores

  2. Overview Object-Capabilities Security as extreme modularity Securing JavaScript – Why and How? E  Caja  ES5  SES  Dr. SES Patterns of Safe Cooperation In Secure EcmaScript (SES) Distributed Cryptographic Capabilities In Distributed Resilient Secure EcmaScript (Dr. SES)

  3. Security as Extreme Modularity Modularity: Avoid needless dependencies Security: Avoid needless vulnerabilities Vulnerability is a form of dependency Mod: Principle of info hiding - need to know. Sec: Principle of least authority - need to do.

  4. How do I designate thee? by Introduction ref to Carol ref to Bob decides to share by Parenthood by Endowment by Initial Conditions How might object Bob come to know of object Carol?

  5. How do I designate thee? Alice says : bob.foo(carol) by Introduction ref to Carol ref to Bob decides to share by Parenthood by Endowment by Initial Conditions

  6. How do I designate thee? Alice says : bob.foo(carol) by Introduction ref to Carol ref to Bob decides to share by Parenthood by Endowment by Initial Conditions

  7. How do I designate thee? Alice says : bob.foo(carol) by Introduction ref to Carol ref to Bob decides to share by Parenthood by Endowment by Initial Conditions

  8. How do I designate thee? Alice says : bob.foo(carol) by Introduction ref to Carol ref to Bob decides to share by Parenthood by Endowment by Initial Conditions

  9. How do I designate thee? Alice says : bob.foo(carol) by Introduction ref to Carol ref to Bob decides to share by Parenthood by Endowment by Initial Conditions

  10. How do I designate thee? Bob says : var carol = { ... }; by Introduction ref to Carol ref to Bob decides to share by Parenthood by Endowment by Initial Conditions

  11. How do I designate thee? Alice says : var bob = { ... carol ... }; by Introduction ref to Carol ref to Bob decides to share by Parenthood by Endowment by Initial Conditions

  12. How do I designate thee? At t 0 : by Introduction ref to Carol ref to Bob decides to share by Parenthood by Endowment by Initial Conditions

  13. OCaps: Small step from pure objects Memory safety and encapsulation + Effects only by using held references + No powerful references by default

  14. OCaps: Small step from pure objects Memory safety and encapsulation + Effects only by using held references + No powerful references by default Reference graph ≡ Access graph Only connectivity begets connectivity Natural Least Authority OO expressiveness for security patterns

  15. The Mashup problem: Code as Media <html> <head> <title>Basic Mashup</title> <script> function animate ( id ) { var element = document.getElementById(id); var textNode = element.childNodes[0]; var text = textNode.data; var reverse = false; element.onclick = function() { reverse = !reverse; }; setInterval(function() { textNode.data = text = reverse ? text.substring(1) + text[0] : text[text.length-1] + text.substring(0, text.length-1); }, 100); } </script> </head> <body onload="animate('target')"> <pre id="target">Hello Programmable World! </pre> </body> </html>

  19. Improving JavaScript in Stages EcmaScript 3: One of the hardest oo languages to secure. Caja: Complex server-side translator. Runtime overhead. EcmaScript 5: One of the easiest oo languages to secure. <script src=“initSES.js”></script> Simple client-side init and verifier. No runtime overhead. Approx 3K download compressed.

  20. Objects as Closures makeCounter function makeCounter () { var count = 0; incr incr return { incr incr incr incr incr: function() { return ++count; }, count decr: function() { return –count; } count count }; decr decr decr decr } decr decr

  21. Objects as Closures makeCounter function makeCounter () { var count = 0; incr incr return { incr incr incr incr incr: function() { return ++count; }, count decr: function() { return –count; } count count }; decr decr decr decr } decr decr A record of closures hiding state is a fine representation of an object of methods hiding instance vars

  22. Objects as Closures in ES5/strict “use strict”; makeCounter function makeCounter () { var count = 0; incr incr return def( { incr incr incr incr incr: function() { return ++count; }, count decr: function() { return –count; } count count }); decr decr decr decr } decr decr A tamper-proof record of lexical closures encapsulating state is a defensive object

  23. Turning ES5 into SES <script src=“initSES.js”></script> Monkey patch away bad non-std behaviors Remove non-whitelisted primordials Install leaky WeakMap emulation Make virtual global root Freeze whitelisted global variables • Replace eval & Function with safe alternatives • Freeze accessible primordials

  24. Running ES5 & SES on old browsers

  25. Future objects on old browsers

  26. Revocable Function Forwarder function makeFnCaretaker ( target ) { makeCaretaker return def({ wrapper: function(…args) { revoke revoke revoke revoke wrapper wrapper wrapper wrapper revoke revoke revoke revoke wrapper wrapper wrapper wrapper revoke revoke revoke revoke wrapper wrapper wrapper wrapper return target(…args); }, target target target target target target revoke: function() { target = null; } }); }

  27. Unconditional Access Alice says: Alice Bob foo bob.foo(carol); Grants Bob full access to Carol forever Carol

  28. Revocability ≡ Temporal attenuation Alice says: Alice Bob foo var ct = makeCaretaker(carol); bob.foo(ct.wrapper); revoke revoke wrapper wrapper target Carol

  29. Revocability ≡ Temporal attenuation Alice says: Alice Bob var ct = makeCaretaker(carol); bob.foo(ct.wrapper); //… revoke revoke wrapper wrapper target Carol

  30. Revocability ≡ Temporal attenuation Alice says: Alice Bob var ct = makeCaretaker(carol); bob.foo(ct.wrapper); //… revoke revoke wrapper wrapper ct.revoke(); target Carol

  31. Revocability ≡ Temporal attenuation Alice says: Alice Bob var ct = makeCaretaker(carol); bob.foo(ct.wrapper); //… revoke revoke wrapper wrapper ct.revoke(); target Carol

  32. Attenuators ≡ Access Abstractions Alice says: Alice Bob foo var ct = makeCaretaker(carol); bob.foo(ct.wrapper); Express security policy by the behavior of the objects you provide Carol

  33. Abstractions extend vocabulary Primitives Abstraction Forms Extended Vocabulary procedural abstraction +, ., [] foo(bar, baz), … data abstraction int, struct, array Point, Window, … control abstraction if, while, switch addListener, … points-to access abstraction caretaker, membrane, …

  34. Membranes: Transitive Interposition Alice Bob function makeFnMembrane ( target ) { var enabled = true; function wrap ( wrapped ) { if (wrapped !== Object(wrapped)) { return wrapped; Dave } return function(… args ) { if (!enabled) { throw new Error(“revoked”); } return wrap(wrapped(…args.map(wrap)); } } return def({ wrapper: wrap(target), Carol revoke: function() { enabled = false; } }); }

  35. Attenuators Compose function makeROFile ( file ) { return def({ read: file.read, getLength: file.getLength }); } var rorFile = makeROFile(revocableFile);

  36. No powerful references by default Alice says: Alice Bob var bobSrc = //site B bob var carolSrc = //site C var bob = eval (bobSrc); Carol var carol = eval (carolSrc); carol

  37. No powerful references by default Alice says: Alice Bob var bobSrc = //site B bob var carolSrc = //site C var bob = eval (bobSrc); Carol var carol = eval (carolSrc); carol Bob and Carol are confined . Only Alice controls how they can interact or get more connected.

  38. No powerful references by default Alice says: Alice bob Bob carol Carol

  39. Only connectivity begets connectivity Alice says: bob Bob var counter = makeCounter(); counter incr incr bob(counter.incr); carol(counter.decr); carol count count Carol count bob = carol = null; decr decr

  40. Only connectivity begets connectivity Alice says: bob Bob var counter = makeCounter(); counter incr incr bob(counter.incr); carol(counter.decr); carol count count Carol count bob = carol = null; decr decr Bob can only count up and see result. Carol only down. Alice can only do both.

  41. Membrane eval → compartment var compartment = makeMembrane(eval); var vbob = compartment.wrapper(bobSrc); Bob Alice

  42. Membrane eval → compartment var compartment = makeMembrane(eval); var vbob = compartment.wrapper(bobSrc); //… Bob Alice

  43. Membrane eval → compartment var compartment = makeMembrane(eval); var vbob = compartment.wrapper(bobSrc); //… compartment.revoke(); Bob Alice GC

  44. Composing Authority +? Usually intersection

  45. Rights Amplification ≥ + + Authority conditional on other possessions. Enables more expressive power.

  46. Rights Amplification function makeBrand () { Alice Bob foo var amp = WeakMap(); return def({ seal: function( payload ) { var box = def({}); amp.set(box, payload); makeBrand return box; }, seal unseal seal unseal unseal: function( box ) { amp amp box return amp.get(box); box box } payload payload payload }); }

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

ADVANCED JS &amp; CSS flexb ox ES6 WHAT IS ES6? ES (ECMAScript) is a scripting language standard

ADVANCED JS &amp; CSS flexb ox ES6 WHAT IS ES6? ES (ECMAScript) is a scripting language standard

CS498RK SPRING 2020 e s 6 ADVANCED JS &amp; CSS flexb ox ES6 WHAT IS ES6? ES (ECMAScript) is a scripting language standard . JavaScript implements ECMAScript. ES6 means the 6th Edition of ECMAScript. Timelin e 6 years later, ES6! Started in

710 views • 42 slides
Modern JavaScript Shan-Hung Wu &amp; DataLab CS, NTHU ES5, ES6 and ES7 Javascript:

Modern JavaScript Shan-Hung Wu &amp; DataLab CS, NTHU ES5, ES6 and ES7 Javascript:

Modern JavaScript Shan-Hung Wu &amp; DataLab CS, NTHU ES5, ES6 and ES7 Javascript: implementation of ECMAScript (ES) ES5 = ECMAScript 5 (2009) ES6 = ECMAScript 6 = ES2015 ES7 = ECMAScript 7 = ES2016 2 Outline Project-based

730 views • 49 slides
CS/COE 1520 pitt.edu/~ach54/cs1520 Advanced JavaScript and ECMAScript ECMAScript and JavaScript

CS/COE 1520 pitt.edu/~ach54/cs1520 Advanced JavaScript and ECMAScript ECMAScript and JavaScript

CS/COE 1520 pitt.edu/~ach54/cs1520 Advanced JavaScript and ECMAScript ECMAScript and JavaScript ECMAScript is based on JavaScript, and JavaScript is based on ECMAScript ... 2 First of all, what is ECMA? Ecma International

779 views • 55 slides
ES6 JavaScript, Metaprogramming, &amp; Object Proxies Prof. Tom Austin San Jos State

ES6 JavaScript, Metaprogramming, &amp; Object Proxies Prof. Tom Austin San Jos State

CS 152: Programming Language Paradigm ES6 JavaScript, Metaprogramming, &amp; Object Proxies Prof. Tom Austin San Jos State University ECMAScript Schism ECMAScript 4 was divisive A group broke off to create ECMAScript 3.1 more

695 views • 37 slides
Remaining Hazards and Mitigating Patterns for Secure Mashups in EcmaScript 5 Mark S. Miller and

Remaining Hazards and Mitigating Patterns for Secure Mashups in EcmaScript 5 Mark S. Miller and

Remaining Hazards and Mitigating Patterns for Secure Mashups in EcmaScript 5 Mark S. Miller and the Cajadores Overview The Mashup Problem The Offensive and Defensive Code Problems JavaScript (EcmaScript) gets simpler ES3, ES5, ES5/strict,

716 views • 52 slides
Metaprogramming &amp; JavaScript Object Proxies Prof. Tom Austin San Jos State University

Metaprogramming &amp; JavaScript Object Proxies Prof. Tom Austin San Jos State University

CS 252: Advanced Programming Language Principles Metaprogramming &amp; JavaScript Object Proxies Prof. Tom Austin San Jos State University ECMAScript Schism ECMAScript 4 was divisive A group broke off to create ECMAScript 3.1

480 views • 32 slides
Securing EcmaScript 5: Adventures in Strategic Compromise Mark S. Miller and the Cajadores Thanks

Securing EcmaScript 5: Adventures in Strategic Compromise Mark S. Miller and the Cajadores Thanks

Securing EcmaScript 5: Adventures in Strategic Compromise Mark S. Miller and the Cajadores Thanks to many on EcmaScript committee Overview My Expression Security Constraints talk The What and Why of object-capabilities (ocaps) This talk

831 views • 71 slides
TypeScript - a look at SPA's and Angular 2 Christian Holm Diget Agenda EcmaScript 6

TypeScript - a look at SPA's and Angular 2 Christian Holm Diget Agenda EcmaScript 6

TypeScript - a look at SPA's and Angular 2 Christian Holm Diget Agenda EcmaScript 6 TypeScript Libraries: ImmutableJS + React SPA architecture Angular 2.0 EcmaScript 6/2015 Let + const function f() { { let x; { //

859 views • 48 slides
ECMAScript &quot;3.1&quot; Pratap Lakshman, ECMA TC39 Representative Microsoft Corp.

ECMAScript &quot;3.1&quot; Pratap Lakshman, ECMA TC39 Representative Microsoft Corp.

ECMAScript &quot;3.1&quot; Pratap Lakshman, ECMA TC39 Representative Microsoft Corp. pratapL@microsoft.com JAOO Aarhus 2008 1 ECMAScript A brief introduction to the language Standardization History, Motivation, and Status

1.12k views • 22 slides
SAFE Formal Specification and Implementation of a Scalable Analysis Framework for ECMAscript

SAFE Formal Specification and Implementation of a Scalable Analysis Framework for ECMAscript

SAFE Formal Specification and Implementation of a Scalable Analysis Framework for ECMAscript PLRG@KAIST Hongki Lee , Sooncheol Won, Joonho Jin, Junhee Cho, and Sukyoung Ryu Contents Introduction Big Picture Formal Specification

631 views • 25 slides
Javascript Thierry Sans Introduction Javascript (aka Ecmascript) Scripting language

Javascript Thierry Sans Introduction Javascript (aka Ecmascript) Scripting language

Javascript Thierry Sans Introduction Javascript (aka Ecmascript) Scripting language (dynamically and weakly typed) Object-oriented (first prototype-based and now class-based) Functional (first-class functions) Reflexive (eval method)

1.19k views • 18 slides
ECMAScript 6: whats next for JavaScript? Dr. Axel Rauschmayer rauschma.de 2014-06-13 QCon

ECMAScript 6: whats next for JavaScript? Dr. Axel Rauschmayer rauschma.de 2014-06-13 QCon

ECMAScript 6: whats next for JavaScript? Dr. Axel Rauschmayer rauschma.de 2014-06-13 QCon New York 2014 JavaScript has become dangerous Used everywhere: browsers, servers, devices, . . . For much more than it was created for Lets

669 views • 65 slides
JavaScript (a dialect of ECMAScript) JavaScript is an object-based scripting language. It works

JavaScript (a dialect of ECMAScript) JavaScript is an object-based scripting language. It works

CS125 Spring 2014 Interim JavaScript (a dialect of ECMAScript) JavaScript is an object-based scripting language. It works with the objects associated with a web page: the window, the document it contains, and the elements in the document (such

338 views • 13 slides
ECMASCRIPT HARMONY PlovdivConf 2015 https://github.com/ivanovyordan

ECMASCRIPT HARMONY PlovdivConf 2015 https://github.com/ivanovyordan

ECMASCRIPT HARMONY PlovdivConf 2015 https://github.com/ivanovyordan http://ivanovyordan.com ? http://kangax.github.io/compat-table/es6

642 views • 19 slides
PREVENTION OF LOW BACK PAIN : Back Education for Workplace and Home PRESENTED AT BODIJA-ASHI

PREVENTION OF LOW BACK PAIN : Back Education for Workplace and Home PRESENTED AT BODIJA-ASHI

PREVENTION OF LOW BACK PAIN : Back Education for Workplace and Home PRESENTED AT BODIJA-ASHI BAPTIST CHURCH, IBADAN MARCH 10, 2013 Ibidunni Alonge Olumide Dada WHY LOW BACK PAIN? 2 Knee Back Neck WHAT IS LOW BACK PAIN? 3 Low back

1.56k views • 61 slides
Back-Up Servicing www.1stservicing.com Back-Up Servicing A back-up servicer is a service

Back-Up Servicing www.1stservicing.com Back-Up Servicing A back-up servicer is a service

Back-Up Servicing www.1stservicing.com Back-Up Servicing A back-up servicer is a service provider who agrees to take over the servicing of a portfolio of assets on the occurrence of certain trigger events, most commonly failure of the

829 views • 5 slides
KF*: The natural level of capital flows J O H N B U R G E R ( L o y o l a U n i v e r s i t y

KF*: The natural level of capital flows J O H N B U R G E R ( L o y o l a U n i v e r s i t y

1 KF*: The natural level of capital flows J O H N B U R G E R ( L o y o l a U n i v e r s i t y M a r y l a n d ) F R A N K W A R N O C K ( U n i v e r s i t y o f V i r g i n i a D a r d e n B u s i n e s s S c h o o l a n d N B E

857 views • 33 slides
Leaders Forum: Local to Global San Diego Robert Miller CEO Amplifying Impact - backbone

Leaders Forum: Local to Global San Diego Robert Miller CEO Amplifying Impact - backbone

Leaders Forum: Local to Global San Diego Robert Miller CEO Amplifying Impact - backbone scale - DS lyrasis.org LYRASIS: Building and Convening Communities Forums Leaders Circle It Takes A Village Fearless Leaders micro

489 views • 11 slides
Fundamental Estimation and Detection Limits in Linear Non-Gaussian Systems Gustaf Hendeby

Fundamental Estimation and Detection Limits in Linear Non-Gaussian Systems Gustaf Hendeby

Licentiates Presentation Fundamental Estimation and Detection Limits in Linear Non-Gaussian Systems Gustaf Hendeby Automatic Control Department of Electrical Engineering Linkpings universitet AUTOMATIC CONTROL Gustaf Hendeby

698 views • 51 slides
Outline of Presentation What do we do? Why do we do it? What are the schemes? How have they

Outline of Presentation What do we do? Why do we do it? What are the schemes? How have they

Outline of Presentation What do we do? Why do we do it? What are the schemes? How have they worked? Where to from here? Roles of Government Agencies Department of Health and Ageing Policy development keep doctors practicing

366 views • 34 slides
The Ramsey (Cass-Koopmans) Model October 2007 () Ramsey October 2007 1 / 16 Assumptions

The Ramsey (Cass-Koopmans) Model October 2007 () Ramsey October 2007 1 / 16 Assumptions

The Ramsey (Cass-Koopmans) Model October 2007 () Ramsey October 2007 1 / 16 Assumptions Neoclassical production function: Y t = F ( K t , A t L t ) where A 0 = L 0 = 1, and A t L t = g = n and A t L t Aggregate resource constraint:

727 views • 16 slides
Navigate the Teams Journey Mike Erps | UC Solutions Manager January 2018 Housekeeping

Navigate the Teams Journey Mike Erps | UC Solutions Manager January 2018 Housekeeping

Navigate the Teams Journey Mike Erps | UC Solutions Manager January 2018 Housekeeping Technical Issues? Slides and webinar replay will be made available for future If you have any technical difficulties : reference or to share with

529 views • 41 slides
Rouven Essig C.N. Yang Institute for Theoretical Physics Stony Brook University Lepton Photon

Rouven Essig C.N. Yang Institute for Theoretical Physics Stony Brook University Lepton Photon

Exploring New Frontiers: New, Light Weakly-Coupled Particles (as DM) Rouven Essig C.N. Yang Institute for Theoretical Physics Stony Brook University Lepton Photon Symposium June 2013 New, light weakly-coupled particles are motivated by dark

1.4k views • 101 slides
M ANAGING C RITICAL I NFRASTRUCTURES THROUGH B EHAVIOURAL O BSERVATION W ILLIAM H

M ANAGING C RITICAL I NFRASTRUCTURES THROUGH B EHAVIOURAL O BSERVATION W ILLIAM H

M ANAGING C RITICAL I NFRASTRUCTURES THROUGH B EHAVIOURAL O BSERVATION W ILLIAM H URST w.hurst@2009.ljmu.ac.uk S UPERVISORS P ROF M ADJID M ERABTI D R P AUL F ERGUS P RESENTATION O UTLINE A BOUT OUR R ESEARCH M

642 views • 24 slides

More recommend