Privacy-Preserving Browser-Side Scripting BFlow Janusz Kudeka - - PowerPoint PPT Presentation

privacy preserving browser side scripting bflow
SMART_READER_LITE
LIVE PREVIEW

Privacy-Preserving Browser-Side Scripting BFlow Janusz Kudeka - - PowerPoint PPT Presentation

Oct 13, 2023 300 likes •1.66k views

Introduction Background Design Implementation Evaluation Summary Privacy-Preserving Browser-Side Scripting BFlow Janusz Kudeka December 21, 2011 Janusz Kudeka Privacy-Preserving Browser-Side Scripting BFlow Introduction Background

slide-1
SLIDE 1

Introduction Background Design Implementation Evaluation Summary

Privacy-Preserving Browser-Side Scripting BFlow

Janusz Kudełka December 21, 2011

Janusz Kudełka Privacy-Preserving Browser-Side Scripting BFlow

slide-2
SLIDE 2

Introduction Background Design Implementation Evaluation Summary

Outline

1

Introduction

2

Background

3

Design

4

Implementation

5

Evaluation

6

Summary

Janusz Kudełka Privacy-Preserving Browser-Side Scripting BFlow

slide-3
SLIDE 3

Introduction Background Design Implementation Evaluation Summary

Web sites

Web sites:

provide interactive scripts handle users confidential data display users confidential data

Those features contribute to the power of online services. ... but they also allow attackers to steal confidential data

Janusz Kudełka Privacy-Preserving Browser-Side Scripting BFlow

slide-4
SLIDE 4

Introduction Background Design Implementation Evaluation Summary

Web sites

Web sites:

provide interactive scripts handle users confidential data display users confidential data

Those features contribute to the power of online services. ... but they also allow attackers to steal confidential data

Janusz Kudełka Privacy-Preserving Browser-Side Scripting BFlow

slide-5
SLIDE 5

Introduction Background Design Implementation Evaluation Summary

Web sites

Web sites:

provide interactive scripts handle users confidential data display users confidential data

Those features contribute to the power of online services. ... but they also allow attackers to steal confidential data

Janusz Kudełka Privacy-Preserving Browser-Side Scripting BFlow

slide-6
SLIDE 6

Introduction Background Design Implementation Evaluation Summary

Web sites

Web sites:

provide interactive scripts handle users confidential data display users confidential data

Those features contribute to the power of online services. ... but they also allow attackers to steal confidential data

Janusz Kudełka Privacy-Preserving Browser-Side Scripting BFlow

slide-7
SLIDE 7

Introduction Background Design Implementation Evaluation Summary

Web sites

Web sites:

provide interactive scripts handle users confidential data display users confidential data

Those features contribute to the power of online services. ... but they also allow attackers to steal confidential data

Janusz Kudełka Privacy-Preserving Browser-Side Scripting BFlow

slide-8
SLIDE 8

Introduction Background Design Implementation Evaluation Summary

Web sites

Web sites:

provide interactive scripts handle users confidential data display users confidential data

Those features contribute to the power of online services. ... but they also allow attackers to steal confidential data

Janusz Kudełka Privacy-Preserving Browser-Side Scripting BFlow

slide-9
SLIDE 9

Introduction Background Design Implementation Evaluation Summary

BFlow

BFlow

allows to use the features ... while preventing attacks on confidential data.

Janusz Kudełka Privacy-Preserving Browser-Side Scripting BFlow

slide-10
SLIDE 10

Introduction Background Design Implementation Evaluation Summary

BFlow

BFlow

allows to use the features ... while preventing attacks on confidential data.

Janusz Kudełka Privacy-Preserving Browser-Side Scripting BFlow

slide-11
SLIDE 11

Introduction Background Design Implementation Evaluation Summary

BFlow

BFlow

allows to use the features ... while preventing attacks on confidential data.

Janusz Kudełka Privacy-Preserving Browser-Side Scripting BFlow

slide-12
SLIDE 12

Introduction Background Design Implementation Evaluation Summary

BFlow

BFlow:

allows untrusted JavaScript tracks confidential data prevents scripts to leak the data augments browsers with "protection zone"

Janusz Kudełka Privacy-Preserving Browser-Side Scripting BFlow

slide-13
SLIDE 13

Introduction Background Design Implementation Evaluation Summary

BFlow

BFlow:

allows untrusted JavaScript tracks confidential data prevents scripts to leak the data augments browsers with "protection zone"

Janusz Kudełka Privacy-Preserving Browser-Side Scripting BFlow

slide-14
SLIDE 14

Introduction Background Design Implementation Evaluation Summary

BFlow

BFlow:

allows untrusted JavaScript tracks confidential data prevents scripts to leak the data augments browsers with "protection zone"

Janusz Kudełka Privacy-Preserving Browser-Side Scripting BFlow

slide-15
SLIDE 15

Introduction Background Design Implementation Evaluation Summary

BFlow

BFlow:

allows untrusted JavaScript tracks confidential data prevents scripts to leak the data augments browsers with "protection zone"

Janusz Kudełka Privacy-Preserving Browser-Side Scripting BFlow

slide-16
SLIDE 16

Introduction Background Design Implementation Evaluation Summary

BFlow

BFlow:

allows untrusted JavaScript tracks confidential data prevents scripts to leak the data augments browsers with "protection zone"

Janusz Kudełka Privacy-Preserving Browser-Side Scripting BFlow

slide-17
SLIDE 17

Introduction Background Design Implementation Evaluation Summary

Why BFlow, why now?

Web sites are hosting sensitive user data User Interface code runs mostly in the browser Web sites use JavaScript they do not understand

Janusz Kudełka Privacy-Preserving Browser-Side Scripting BFlow

slide-18
SLIDE 18

Introduction Background Design Implementation Evaluation Summary

Why BFlow, why now?

Web sites are hosting sensitive user data User Interface code runs mostly in the browser Web sites use JavaScript they do not understand

Janusz Kudełka Privacy-Preserving Browser-Side Scripting BFlow

slide-19
SLIDE 19

Introduction Background Design Implementation Evaluation Summary

Why BFlow, why now?

Web sites are hosting sensitive user data User Interface code runs mostly in the browser Web sites use JavaScript they do not understand

Janusz Kudełka Privacy-Preserving Browser-Side Scripting BFlow

slide-20
SLIDE 20

Introduction Background Design Implementation Evaluation Summary

Browser

Browser consists of one or more frames. Every window or tab is a top-level frame. Each frame contains separate HTML document and JavaScript interpreter. Browser represents the displayed document in each frame as DOM.

Janusz Kudełka Privacy-Preserving Browser-Side Scripting BFlow

slide-21
SLIDE 21

Introduction Background Design Implementation Evaluation Summary

Browser

Browser consists of one or more frames. Every window or tab is a top-level frame. Each frame contains separate HTML document and JavaScript interpreter. Browser represents the displayed document in each frame as DOM.

Janusz Kudełka Privacy-Preserving Browser-Side Scripting BFlow

slide-22
SLIDE 22

Introduction Background Design Implementation Evaluation Summary

Browser

Browser consists of one or more frames. Every window or tab is a top-level frame. Each frame contains separate HTML document and JavaScript interpreter. Browser represents the displayed document in each frame as DOM.

Janusz Kudełka Privacy-Preserving Browser-Side Scripting BFlow

slide-23
SLIDE 23

Introduction Background Design Implementation Evaluation Summary

Browser

Browser consists of one or more frames. Every window or tab is a top-level frame. Each frame contains separate HTML document and JavaScript interpreter. Browser represents the displayed document in each frame as DOM.

Janusz Kudełka Privacy-Preserving Browser-Side Scripting BFlow

slide-24
SLIDE 24

Introduction Background Design Implementation Evaluation Summary

How JavaScript communicates

DOM Cookies Intra browser channel AJAX FID channels

Janusz Kudełka Privacy-Preserving Browser-Side Scripting BFlow

slide-25
SLIDE 25

Introduction Background Design Implementation Evaluation Summary

How JavaScript communicates

DOM Cookies Intra browser channel AJAX FID channels

Janusz Kudełka Privacy-Preserving Browser-Side Scripting BFlow

slide-26
SLIDE 26

Introduction Background Design Implementation Evaluation Summary

How JavaScript communicates

DOM Cookies Intra browser channel AJAX FID channels

Janusz Kudełka Privacy-Preserving Browser-Side Scripting BFlow

slide-27
SLIDE 27

Introduction Background Design Implementation Evaluation Summary

How JavaScript communicates

DOM Cookies Intra browser channel AJAX FID channels

Janusz Kudełka Privacy-Preserving Browser-Side Scripting BFlow

slide-28
SLIDE 28

Introduction Background Design Implementation Evaluation Summary

How JavaScript communicates

DOM Cookies Intra browser channel AJAX FID channels

Janusz Kudełka Privacy-Preserving Browser-Side Scripting BFlow

slide-29
SLIDE 29

Introduction Background Design Implementation Evaluation Summary

Same-origin policy

Origin is a triple: <domain name, protocol, port> SOP is to guard the web sites JavaScript from interference by other sites JavaScript. SOP still allows communication by requests or intra-browser channels. In result scripts that have access to confidential data, can leak that data.

Janusz Kudełka Privacy-Preserving Browser-Side Scripting BFlow

slide-30
SLIDE 30

Introduction Background Design Implementation Evaluation Summary

Same-origin policy

Origin is a triple: <domain name, protocol, port> SOP is to guard the web sites JavaScript from interference by other sites JavaScript. SOP still allows communication by requests or intra-browser channels. In result scripts that have access to confidential data, can leak that data.

Janusz Kudełka Privacy-Preserving Browser-Side Scripting BFlow

slide-31
SLIDE 31

Introduction Background Design Implementation Evaluation Summary

Same-origin policy

Origin is a triple: <domain name, protocol, port> SOP is to guard the web sites JavaScript from interference by other sites JavaScript. SOP still allows communication by requests or intra-browser channels. In result scripts that have access to confidential data, can leak that data.

Janusz Kudełka Privacy-Preserving Browser-Side Scripting BFlow

slide-32
SLIDE 32

Introduction Background Design Implementation Evaluation Summary

Same-origin policy

Origin is a triple: <domain name, protocol, port> SOP is to guard the web sites JavaScript from interference by other sites JavaScript. SOP still allows communication by requests or intra-browser channels. In result scripts that have access to confidential data, can leak that data.

Janusz Kudełka Privacy-Preserving Browser-Side Scripting BFlow

slide-33
SLIDE 33

Introduction Background Design Implementation Evaluation Summary Janusz Kudełka Privacy-Preserving Browser-Side Scripting BFlow

slide-34
SLIDE 34

Introduction Background Design Implementation Evaluation Summary

Basic challanges

BFlow requires stronger policy than the SOP . BFlow has to accomplish this without encumbering deployment.

Janusz Kudełka Privacy-Preserving Browser-Side Scripting BFlow

slide-35
SLIDE 35

Introduction Background Design Implementation Evaluation Summary

Basic challanges

BFlow requires stronger policy than the SOP . BFlow has to accomplish this without encumbering deployment.

Janusz Kudełka Privacy-Preserving Browser-Side Scripting BFlow

slide-36
SLIDE 36

Introduction Background Design Implementation Evaluation Summary

Adversary

The goal of the adversary is to read data that he should not be able to. Adversary capabilities are limited to:

creating his own account running his own web server writing the JavaScript that the page includes

Janusz Kudełka Privacy-Preserving Browser-Side Scripting BFlow

slide-37
SLIDE 37

Introduction Background Design Implementation Evaluation Summary

Adversary

The goal of the adversary is to read data that he should not be able to. Adversary capabilities are limited to:

creating his own account running his own web server writing the JavaScript that the page includes

Janusz Kudełka Privacy-Preserving Browser-Side Scripting BFlow

slide-38
SLIDE 38

Introduction Background Design Implementation Evaluation Summary

Adversary

The goal of the adversary is to read data that he should not be able to. Adversary capabilities are limited to:

creating his own account running his own web server writing the JavaScript that the page includes

Janusz Kudełka Privacy-Preserving Browser-Side Scripting BFlow

slide-39
SLIDE 39

Introduction Background Design Implementation Evaluation Summary

Adversary

The goal of the adversary is to read data that he should not be able to. Adversary capabilities are limited to:

creating his own account running his own web server writing the JavaScript that the page includes

Janusz Kudełka Privacy-Preserving Browser-Side Scripting BFlow

slide-40
SLIDE 40

Introduction Background Design Implementation Evaluation Summary

Adversary

The goal of the adversary is to read data that he should not be able to. Adversary capabilities are limited to:

creating his own account running his own web server writing the JavaScript that the page includes

Janusz Kudełka Privacy-Preserving Browser-Side Scripting BFlow

slide-41
SLIDE 41

Introduction Background Design Implementation Evaluation Summary

Adversary

... well adversary capabilities aren’t only limited to this. He can still:

compromise host site eavesdrop infect user’s operating system with malware use social-engineering attacks

BFlow doesn’t protect against such attacks

Janusz Kudełka Privacy-Preserving Browser-Side Scripting BFlow

slide-42
SLIDE 42

Introduction Background Design Implementation Evaluation Summary

Adversary

... well adversary capabilities aren’t only limited to this. He can still:

compromise host site eavesdrop infect user’s operating system with malware use social-engineering attacks

BFlow doesn’t protect against such attacks

Janusz Kudełka Privacy-Preserving Browser-Side Scripting BFlow

slide-43
SLIDE 43

Introduction Background Design Implementation Evaluation Summary

Adversary

... well adversary capabilities aren’t only limited to this. He can still:

compromise host site eavesdrop infect user’s operating system with malware use social-engineering attacks

BFlow doesn’t protect against such attacks

Janusz Kudełka Privacy-Preserving Browser-Side Scripting BFlow

slide-44
SLIDE 44

Introduction Background Design Implementation Evaluation Summary

Adversary

... well adversary capabilities aren’t only limited to this. He can still:

compromise host site eavesdrop infect user’s operating system with malware use social-engineering attacks

BFlow doesn’t protect against such attacks

Janusz Kudełka Privacy-Preserving Browser-Side Scripting BFlow

slide-45
SLIDE 45

Introduction Background Design Implementation Evaluation Summary

Adversary

... well adversary capabilities aren’t only limited to this. He can still:

compromise host site eavesdrop infect user’s operating system with malware use social-engineering attacks

BFlow doesn’t protect against such attacks

Janusz Kudełka Privacy-Preserving Browser-Side Scripting BFlow

slide-46
SLIDE 46

Introduction Background Design Implementation Evaluation Summary

Adversary

... well adversary capabilities aren’t only limited to this. He can still:

compromise host site eavesdrop infect user’s operating system with malware use social-engineering attacks

BFlow doesn’t protect against such attacks

Janusz Kudełka Privacy-Preserving Browser-Side Scripting BFlow

slide-47
SLIDE 47

Introduction Background Design Implementation Evaluation Summary

Attacks Paths

JavaScript injections Third party malicious JavaScript Intra-browser communication

Janusz Kudełka Privacy-Preserving Browser-Side Scripting BFlow

slide-48
SLIDE 48

Introduction Background Design Implementation Evaluation Summary

Attacks Paths

JavaScript injections Third party malicious JavaScript Intra-browser communication

Janusz Kudełka Privacy-Preserving Browser-Side Scripting BFlow

slide-49
SLIDE 49

Introduction Background Design Implementation Evaluation Summary

Attacks Paths

JavaScript injections Third party malicious JavaScript Intra-browser communication

Janusz Kudełka Privacy-Preserving Browser-Side Scripting BFlow

slide-50
SLIDE 50

Introduction Background Design Implementation Evaluation Summary

Attacks Paths

JavaScript injections Third party malicious JavaScript Intra-browser communication

Janusz Kudełka Privacy-Preserving Browser-Side Scripting BFlow

slide-51
SLIDE 51

Introduction Background Design Implementation Evaluation Summary

Flexibility and Adoption

The system has to be adopted by:

developers web sites users

Janusz Kudełka Privacy-Preserving Browser-Side Scripting BFlow

slide-52
SLIDE 52

Introduction Background Design Implementation Evaluation Summary

Flexibility and Adoption

The system has to be adopted by:

developers web sites users

Janusz Kudełka Privacy-Preserving Browser-Side Scripting BFlow

slide-53
SLIDE 53

Introduction Background Design Implementation Evaluation Summary

Flexibility and Adoption

The system has to be adopted by:

developers web sites users

Janusz Kudełka Privacy-Preserving Browser-Side Scripting BFlow

slide-54
SLIDE 54

Introduction Background Design Implementation Evaluation Summary

Flexibility and Adoption

The system has to be adopted by:

developers web sites users

Janusz Kudełka Privacy-Preserving Browser-Side Scripting BFlow

slide-55
SLIDE 55

Introduction Background Design Implementation Evaluation Summary

Flexibility and Adoption

The system has to be adopted by:

developers web sites users

Janusz Kudełka Privacy-Preserving Browser-Side Scripting BFlow

slide-56
SLIDE 56

Introduction Background Design Implementation Evaluation Summary

Flexibility and Adoption - Developers

Design a system that preserves features:

popular JavaScript constructions communication among concurrent browser scripts communication with remote web servers

Janusz Kudełka Privacy-Preserving Browser-Side Scripting BFlow

slide-57
SLIDE 57

Introduction Background Design Implementation Evaluation Summary

Flexibility and Adoption - Developers

Design a system that preserves features:

popular JavaScript constructions communication among concurrent browser scripts communication with remote web servers

Janusz Kudełka Privacy-Preserving Browser-Side Scripting BFlow

slide-58
SLIDE 58

Introduction Background Design Implementation Evaluation Summary

Flexibility and Adoption - Developers

Design a system that preserves features:

popular JavaScript constructions communication among concurrent browser scripts communication with remote web servers

Janusz Kudełka Privacy-Preserving Browser-Side Scripting BFlow

slide-59
SLIDE 59

Introduction Background Design Implementation Evaluation Summary

Flexibility and Adoption - Developers

Design a system that preserves features:

popular JavaScript constructions communication among concurrent browser scripts communication with remote web servers

Janusz Kudełka Privacy-Preserving Browser-Side Scripting BFlow

slide-60
SLIDE 60

Introduction Background Design Implementation Evaluation Summary

Flexibility and Adoption - Developers

Design a system that preserves features:

popular JavaScript constructions communication among concurrent browser scripts communication with remote web servers

Janusz Kudełka Privacy-Preserving Browser-Side Scripting BFlow

slide-61
SLIDE 61

Introduction Background Design Implementation Evaluation Summary

Flexibility and Adoption

The design should be easy:

for users to install for site developers to adopt for extension developers to adopt

Janusz Kudełka Privacy-Preserving Browser-Side Scripting BFlow

slide-62
SLIDE 62

Introduction Background Design Implementation Evaluation Summary

Flexibility and Adoption

The design should be easy:

for users to install for site developers to adopt for extension developers to adopt

Janusz Kudełka Privacy-Preserving Browser-Side Scripting BFlow

slide-63
SLIDE 63

Introduction Background Design Implementation Evaluation Summary

Flexibility and Adoption

The design should be easy:

for users to install for site developers to adopt for extension developers to adopt

Janusz Kudełka Privacy-Preserving Browser-Side Scripting BFlow

slide-64
SLIDE 64

Introduction Background Design Implementation Evaluation Summary

Flexibility and Adoption

The design should be easy:

for users to install for site developers to adopt for extension developers to adopt

Janusz Kudełka Privacy-Preserving Browser-Side Scripting BFlow

slide-65
SLIDE 65

Introduction Background Design Implementation Evaluation Summary

Flexibility and Adoption

The design should be easy:

for users to install for site developers to adopt for extension developers to adopt

Janusz Kudełka Privacy-Preserving Browser-Side Scripting BFlow

slide-66
SLIDE 66

Introduction Background Design Implementation Evaluation Summary

Deployment effort goal

Users installing a browser plugin Site developers decide which data is confidential Third-party developers designing extension that handle BFlow

Janusz Kudełka Privacy-Preserving Browser-Side Scripting BFlow

slide-67
SLIDE 67

Introduction Background Design Implementation Evaluation Summary

Deployment effort goal

Users installing a browser plugin Site developers decide which data is confidential Third-party developers designing extension that handle BFlow

Janusz Kudełka Privacy-Preserving Browser-Side Scripting BFlow

slide-68
SLIDE 68

Introduction Background Design Implementation Evaluation Summary

Deployment effort goal

Users installing a browser plugin Site developers decide which data is confidential Third-party developers designing extension that handle BFlow

Janusz Kudełka Privacy-Preserving Browser-Side Scripting BFlow

slide-69
SLIDE 69

Introduction Background Design Implementation Evaluation Summary

Deployment effort goal

Users installing a browser plugin Site developers decide which data is confidential Third-party developers designing extension that handle BFlow

Janusz Kudełka Privacy-Preserving Browser-Side Scripting BFlow

slide-70
SLIDE 70

Introduction Background Design Implementation Evaluation Summary

Design

Design of BFlow consists of:

Labels Zones Reference Monitor Gateways

Janusz Kudełka Privacy-Preserving Browser-Side Scripting BFlow

slide-71
SLIDE 71

Introduction Background Design Implementation Evaluation Summary

Design

Design of BFlow consists of:

Labels Zones Reference Monitor Gateways

Janusz Kudełka Privacy-Preserving Browser-Side Scripting BFlow

slide-72
SLIDE 72

Introduction Background Design Implementation Evaluation Summary

Design

Design of BFlow consists of:

Labels Zones Reference Monitor Gateways

Janusz Kudełka Privacy-Preserving Browser-Side Scripting BFlow

slide-73
SLIDE 73

Introduction Background Design Implementation Evaluation Summary

Design

Design of BFlow consists of:

Labels Zones Reference Monitor Gateways

Janusz Kudełka Privacy-Preserving Browser-Side Scripting BFlow

slide-74
SLIDE 74

Introduction Background Design Implementation Evaluation Summary

Design

Design of BFlow consists of:

Labels Zones Reference Monitor Gateways

Janusz Kudełka Privacy-Preserving Browser-Side Scripting BFlow

slide-75
SLIDE 75

Introduction Background Design Implementation Evaluation Summary

Design

Design of BFlow consists of:

Labels Zones Reference Monitor Gateways

Janusz Kudełka Privacy-Preserving Browser-Side Scripting BFlow

slide-76
SLIDE 76

Introduction Background Design Implementation Evaluation Summary Janusz Kudełka Privacy-Preserving Browser-Side Scripting BFlow

slide-77
SLIDE 77

Introduction Background Design Implementation Evaluation Summary

Design - Label

Label is a set of tags Tag is a token indicating category of confidentiality

Janusz Kudełka Privacy-Preserving Browser-Side Scripting BFlow

slide-78
SLIDE 78

Introduction Background Design Implementation Evaluation Summary

Design - Label

Label is a set of tags Tag is a token indicating category of confidentiality

Janusz Kudełka Privacy-Preserving Browser-Side Scripting BFlow

slide-79
SLIDE 79

Introduction Background Design Implementation Evaluation Summary

Design - Label

Label is a set of tags Tag is a token indicating category of confidentiality

Janusz Kudełka Privacy-Preserving Browser-Side Scripting BFlow

slide-80
SLIDE 80

Introduction Background Design Implementation Evaluation Summary

Design - Zone

Zone is a set of frames Zone label reflects data it has seen Zone explicitly asks to change its own label

Janusz Kudełka Privacy-Preserving Browser-Side Scripting BFlow

slide-81
SLIDE 81

Introduction Background Design Implementation Evaluation Summary

Design - Zone

Zone is a set of frames Zone label reflects data it has seen Zone explicitly asks to change its own label

Janusz Kudełka Privacy-Preserving Browser-Side Scripting BFlow

slide-82
SLIDE 82

Introduction Background Design Implementation Evaluation Summary

Design - Zone

Zone is a set of frames Zone label reflects data it has seen Zone explicitly asks to change its own label

Janusz Kudełka Privacy-Preserving Browser-Side Scripting BFlow

slide-83
SLIDE 83

Introduction Background Design Implementation Evaluation Summary

Design - Zone

Zone is a set of frames Zone label reflects data it has seen Zone explicitly asks to change its own label

Janusz Kudełka Privacy-Preserving Browser-Side Scripting BFlow

slide-84
SLIDE 84

Introduction Background Design Implementation Evaluation Summary

Design - Invariant

Top level frame is always in trusted zone Parent frame must be able to send messages to children

Janusz Kudełka Privacy-Preserving Browser-Side Scripting BFlow

slide-85
SLIDE 85

Introduction Background Design Implementation Evaluation Summary

Design - Invariant

Top level frame is always in trusted zone Parent frame must be able to send messages to children

Janusz Kudełka Privacy-Preserving Browser-Side Scripting BFlow

slide-86
SLIDE 86

Introduction Background Design Implementation Evaluation Summary

Design - Invariant

Top level frame is always in trusted zone Parent frame must be able to send messages to children

Janusz Kudełka Privacy-Preserving Browser-Side Scripting BFlow

slide-87
SLIDE 87

Introduction Background Design Implementation Evaluation Summary Janusz Kudełka Privacy-Preserving Browser-Side Scripting BFlow

slide-88
SLIDE 88

Introduction Background Design Implementation Evaluation Summary

Design - Intra-browser Communication

Top level frame is always in trusted zone Parent frame must be able to send messages to children postMessage -> postMessageBF

Janusz Kudełka Privacy-Preserving Browser-Side Scripting BFlow

slide-89
SLIDE 89

Introduction Background Design Implementation Evaluation Summary

Design - Intra-browser Communication

Top level frame is always in trusted zone Parent frame must be able to send messages to children postMessage -> postMessageBF

Janusz Kudełka Privacy-Preserving Browser-Side Scripting BFlow

slide-90
SLIDE 90

Introduction Background Design Implementation Evaluation Summary

Design - Intra-browser Communication

Top level frame is always in trusted zone Parent frame must be able to send messages to children postMessage -> postMessageBF

Janusz Kudełka Privacy-Preserving Browser-Side Scripting BFlow

slide-91
SLIDE 91

Introduction Background Design Implementation Evaluation Summary

Design - Intra-browser Communication

Top level frame is always in trusted zone Parent frame must be able to send messages to children postMessage -> postMessageBF

Janusz Kudełka Privacy-Preserving Browser-Side Scripting BFlow

slide-92
SLIDE 92

Introduction Background Design Implementation Evaluation Summary Janusz Kudełka Privacy-Preserving Browser-Side Scripting BFlow

slide-93
SLIDE 93

Introduction Background Design Implementation Evaluation Summary

Design - control browser-server communication

Data can flow between browser and web servers RM and the server includes labels in HTTP requests and response

Janusz Kudełka Privacy-Preserving Browser-Side Scripting BFlow

slide-94
SLIDE 94

Introduction Background Design Implementation Evaluation Summary

Design - control browser-server communication

Data can flow between browser and web servers RM and the server includes labels in HTTP requests and response

Janusz Kudełka Privacy-Preserving Browser-Side Scripting BFlow

slide-95
SLIDE 95

Introduction Background Design Implementation Evaluation Summary

Design - control browser-server communication

Data can flow between browser and web servers RM and the server includes labels in HTTP requests and response

Janusz Kudełka Privacy-Preserving Browser-Side Scripting BFlow

slide-96
SLIDE 96

Introduction Background Design Implementation Evaluation Summary

Design -external server communication

BFlow forbids communication after script have seen confidential data ... this is too restrictive for some applications ... so the developer can create a request declassification

Janusz Kudełka Privacy-Preserving Browser-Side Scripting BFlow

slide-97
SLIDE 97

Introduction Background Design Implementation Evaluation Summary

Design -external server communication

BFlow forbids communication after script have seen confidential data ... this is too restrictive for some applications ... so the developer can create a request declassification

Janusz Kudełka Privacy-Preserving Browser-Side Scripting BFlow

slide-98
SLIDE 98

Introduction Background Design Implementation Evaluation Summary

Design -external server communication

BFlow forbids communication after script have seen confidential data ... this is too restrictive for some applications ... so the developer can create a request declassification

Janusz Kudełka Privacy-Preserving Browser-Side Scripting BFlow

slide-99
SLIDE 99

Introduction Background Design Implementation Evaluation Summary

Design -external server communication

BFlow forbids communication after script have seen confidential data ... this is too restrictive for some applications ... so the developer can create a request declassification

Janusz Kudełka Privacy-Preserving Browser-Side Scripting BFlow

slide-100
SLIDE 100

Introduction Background Design Implementation Evaluation Summary

Implementation

Implementation includes:

Client Server Server Storage

Janusz Kudełka Privacy-Preserving Browser-Side Scripting BFlow

slide-101
SLIDE 101

Introduction Background Design Implementation Evaluation Summary

Implementation

Implementation includes:

Client Server Server Storage

Janusz Kudełka Privacy-Preserving Browser-Side Scripting BFlow

slide-102
SLIDE 102

Introduction Background Design Implementation Evaluation Summary

Implementation

Implementation includes:

Client Server Server Storage

Janusz Kudełka Privacy-Preserving Browser-Side Scripting BFlow

slide-103
SLIDE 103

Introduction Background Design Implementation Evaluation Summary

Implementation

Implementation includes:

Client Server Server Storage

Janusz Kudełka Privacy-Preserving Browser-Side Scripting BFlow

slide-104
SLIDE 104

Introduction Background Design Implementation Evaluation Summary

Implementation

Implementation includes:

Client Server Server Storage

Janusz Kudełka Privacy-Preserving Browser-Side Scripting BFlow

slide-105
SLIDE 105

Introduction Background Design Implementation Evaluation Summary

Client Implementation

Portable JavaScript and XML package Takes advantage of existing SOP 1003 lines of JavaScript and 89 lines of XML

Janusz Kudełka Privacy-Preserving Browser-Side Scripting BFlow

slide-106
SLIDE 106

Introduction Background Design Implementation Evaluation Summary

Client Implementation

Portable JavaScript and XML package Takes advantage of existing SOP 1003 lines of JavaScript and 89 lines of XML

Janusz Kudełka Privacy-Preserving Browser-Side Scripting BFlow

slide-107
SLIDE 107

Introduction Background Design Implementation Evaluation Summary

Client Implementation

Portable JavaScript and XML package Takes advantage of existing SOP 1003 lines of JavaScript and 89 lines of XML

Janusz Kudełka Privacy-Preserving Browser-Side Scripting BFlow

slide-108
SLIDE 108

Introduction Background Design Implementation Evaluation Summary

Client Implementation

Portable JavaScript and XML package Takes advantage of existing SOP 1003 lines of JavaScript and 89 lines of XML

Janusz Kudełka Privacy-Preserving Browser-Side Scripting BFlow

slide-109
SLIDE 109

Introduction Background Design Implementation Evaluation Summary

User Authentication

Problem with cookies RM has to attach those cookies to HTTP requests

Janusz Kudełka Privacy-Preserving Browser-Side Scripting BFlow

slide-110
SLIDE 110

Introduction Background Design Implementation Evaluation Summary

User Authentication

Problem with cookies RM has to attach those cookies to HTTP requests

Janusz Kudełka Privacy-Preserving Browser-Side Scripting BFlow

slide-111
SLIDE 111

Introduction Background Design Implementation Evaluation Summary

User Authentication

Problem with cookies RM has to attach those cookies to HTTP requests

Janusz Kudełka Privacy-Preserving Browser-Side Scripting BFlow

slide-112
SLIDE 112

Introduction Background Design Implementation Evaluation Summary

Server Implementation

Gateway processes to handle each request Each gateway is a Python FastCGI process Gateway has read privileges of the user Gateway is 4144 lines of Python

Janusz Kudełka Privacy-Preserving Browser-Side Scripting BFlow

slide-113
SLIDE 113

Introduction Background Design Implementation Evaluation Summary

Server Implementation

Gateway processes to handle each request Each gateway is a Python FastCGI process Gateway has read privileges of the user Gateway is 4144 lines of Python

Janusz Kudełka Privacy-Preserving Browser-Side Scripting BFlow

slide-114
SLIDE 114

Introduction Background Design Implementation Evaluation Summary

Server Implementation

Gateway processes to handle each request Each gateway is a Python FastCGI process Gateway has read privileges of the user Gateway is 4144 lines of Python

Janusz Kudełka Privacy-Preserving Browser-Side Scripting BFlow

slide-115
SLIDE 115

Introduction Background Design Implementation Evaluation Summary

Server Implementation

Gateway processes to handle each request Each gateway is a Python FastCGI process Gateway has read privileges of the user Gateway is 4144 lines of Python

Janusz Kudełka Privacy-Preserving Browser-Side Scripting BFlow

slide-116
SLIDE 116

Introduction Background Design Implementation Evaluation Summary

Server Implementation

Gateway processes to handle each request Each gateway is a Python FastCGI process Gateway has read privileges of the user Gateway is 4144 lines of Python

Janusz Kudełka Privacy-Preserving Browser-Side Scripting BFlow

slide-117
SLIDE 117

Introduction Background Design Implementation Evaluation Summary

Server Storage

Allows untrusted scripts to store data with associated labels Implements a key-value storage 3288 lines of Python

Janusz Kudełka Privacy-Preserving Browser-Side Scripting BFlow

slide-118
SLIDE 118

Introduction Background Design Implementation Evaluation Summary

Server Storage

Allows untrusted scripts to store data with associated labels Implements a key-value storage 3288 lines of Python

Janusz Kudełka Privacy-Preserving Browser-Side Scripting BFlow

slide-119
SLIDE 119

Introduction Background Design Implementation Evaluation Summary

Server Storage

Allows untrusted scripts to store data with associated labels Implements a key-value storage 3288 lines of Python

Janusz Kudełka Privacy-Preserving Browser-Side Scripting BFlow

slide-120
SLIDE 120

Introduction Background Design Implementation Evaluation Summary

Server Storage

Allows untrusted scripts to store data with associated labels Implements a key-value storage 3288 lines of Python

Janusz Kudełka Privacy-Preserving Browser-Side Scripting BFlow

slide-121
SLIDE 121

Introduction Background Design Implementation Evaluation Summary

Evaluation

BF-Blogger BF-Socialnet Untrusted JavaScript extensions

Janusz Kudełka Privacy-Preserving Browser-Side Scripting BFlow

slide-122
SLIDE 122

Introduction Background Design Implementation Evaluation Summary

Evaluation

BF-Blogger BF-Socialnet Untrusted JavaScript extensions

Janusz Kudełka Privacy-Preserving Browser-Side Scripting BFlow

slide-123
SLIDE 123

Introduction Background Design Implementation Evaluation Summary

Evaluation

BF-Blogger BF-Socialnet Untrusted JavaScript extensions

Janusz Kudełka Privacy-Preserving Browser-Side Scripting BFlow

slide-124
SLIDE 124

Introduction Background Design Implementation Evaluation Summary

Evaluation

BF-Blogger BF-Socialnet Untrusted JavaScript extensions

Janusz Kudełka Privacy-Preserving Browser-Side Scripting BFlow

slide-125
SLIDE 125

Introduction Background Design Implementation Evaluation Summary Janusz Kudełka Privacy-Preserving Browser-Side Scripting BFlow

slide-126
SLIDE 126

Introduction Background Design Implementation Evaluation Summary

Limitations

BFlow does not support browser plugins Enforces use of multiple frames

Janusz Kudełka Privacy-Preserving Browser-Side Scripting BFlow

slide-127
SLIDE 127

Introduction Background Design Implementation Evaluation Summary

Limitations

BFlow does not support browser plugins Enforces use of multiple frames

Janusz Kudełka Privacy-Preserving Browser-Side Scripting BFlow

slide-128
SLIDE 128

Introduction Background Design Implementation Evaluation Summary

Limitations

BFlow does not support browser plugins Enforces use of multiple frames

Janusz Kudełka Privacy-Preserving Browser-Side Scripting BFlow

slide-129
SLIDE 129

Introduction Background Design Implementation Evaluation Summary

Summary

Stops the leaking of confidential data Tracks the confidential data flow Doesn’t support browser plugins Requires to use frames by the web site developers and write BFlow compatible code

Janusz Kudełka Privacy-Preserving Browser-Side Scripting BFlow

slide-130
SLIDE 130

Introduction Background Design Implementation Evaluation Summary

Summary

Stops the leaking of confidential data Tracks the confidential data flow Doesn’t support browser plugins Requires to use frames by the web site developers and write BFlow compatible code

Janusz Kudełka Privacy-Preserving Browser-Side Scripting BFlow

slide-131
SLIDE 131

Introduction Background Design Implementation Evaluation Summary

Summary

Stops the leaking of confidential data Tracks the confidential data flow Doesn’t support browser plugins Requires to use frames by the web site developers and write BFlow compatible code

Janusz Kudełka Privacy-Preserving Browser-Side Scripting BFlow

slide-132
SLIDE 132

Introduction Background Design Implementation Evaluation Summary

Summary

Stops the leaking of confidential data Tracks the confidential data flow Doesn’t support browser plugins Requires to use frames by the web site developers and write BFlow compatible code

Janusz Kudełka Privacy-Preserving Browser-Side Scripting BFlow

slide-133
SLIDE 133

Introduction Background Design Implementation Evaluation Summary

Summary

Stops the leaking of confidential data Tracks the confidential data flow Doesn’t support browser plugins Requires to use frames by the web site developers and write BFlow compatible code

Janusz Kudełka Privacy-Preserving Browser-Side Scripting BFlow

slide-134
SLIDE 134

Introduction Background Design Implementation Evaluation Summary

Questions

Questions ?

Janusz Kudełka Privacy-Preserving Browser-Side Scripting BFlow