[PPT] - Security Types for Web Applications Introduction Goals Browser PowerPoint Presentation

SLIDE 1

Security Types for Web Applications Antoine Delignat- Lavaud Introduction

Goals Browser security Our contribution

Review of Host-Proof Web Applications

Host-Proof Application Design Ciphertext Integrity URL Authentication Code/data separation Key management

Defensive JavaScript

Attacks to defend against Type system Applications

Conclusion and Future Work

Security Types for Web Applications

Antoine Delignat-Lavaud

Under the supervision of S. Maffeis and K. Bhargavan PROSECCO, INRIA Paris-Rocquencourt

September 3, 2012

1 / 40 ∨

SLIDE 2

Security Types for Web Applications Antoine Delignat- Lavaud Introduction

Goals Browser security Our contribution

Review of Host-Proof Web Applications

Host-Proof Application Design Ciphertext Integrity URL Authentication Code/data separation Key management

Defensive JavaScript

Attacks to defend against Type system Applications

Conclusion and Future Work

Introduction: Our Goals

Security of Web Applications

◮ Application logic shared between web server

and browser client.

◮ Complex interaction over HTTP between at

least 2 main principals, often more.

◮ Other interactions between client / server

and third parties.

◮ Security goals: confidentiality and integrity of

communication, authentication, data access control, sharing...

◮ Use of cryptography to achieve these goals.

2 / 40 ∨

SLIDE 3

Security Types for Web Applications Antoine Delignat- Lavaud Introduction

Goals Browser security Our contribution

Review of Host-Proof Web Applications

Host-Proof Application Design Ciphertext Integrity URL Authentication Code/data separation Key management

Defensive JavaScript

Attacks to defend against Type system Applications

Conclusion and Future Work

Introduction: Our Goals

Security of Web Applications

◮ Application logic shared between web server

and browser client.

◮ Complex interaction over HTTP between at

least 2 main principals, often more.

◮ Other interactions between client / server

and third parties.

◮ Security goals: confidentiality and integrity of

communication, authentication, data access control, sharing...

◮ Use of cryptography to achieve these goals.

2 / 40 ∨

SLIDE 4

Security Types for Web Applications Antoine Delignat- Lavaud Introduction

Goals Browser security Our contribution

Review of Host-Proof Web Applications

Host-Proof Application Design Ciphertext Integrity URL Authentication Code/data separation Key management

Defensive JavaScript

Attacks to defend against Type system Applications

Conclusion and Future Work

Introduction: Our Goals

Security of Web Applications

◮ Application logic shared between web server

and browser client.

◮ Complex interaction over HTTP between at

least 2 main principals, often more.

◮ Other interactions between client / server

and third parties.

◮ Security goals: confidentiality and integrity of

communication, authentication, data access control, sharing...

◮ Use of cryptography to achieve these goals.

2 / 40 ∨

SLIDE 5

Security Types for Web Applications Antoine Delignat- Lavaud Introduction

Goals Browser security Our contribution

Review of Host-Proof Web Applications

Host-Proof Application Design Ciphertext Integrity URL Authentication Code/data separation Key management

Defensive JavaScript

Attacks to defend against Type system Applications

Conclusion and Future Work

Introduction: Our Goals

Security of Web Applications

◮ Application logic shared between web server

and browser client.

◮ Complex interaction over HTTP between at

least 2 main principals, often more.

◮ Other interactions between client / server

and third parties.

◮ Security goals: confidentiality and integrity of

communication, authentication, data access control, sharing...

◮ Use of cryptography to achieve these goals.

2 / 40 ∨

SLIDE 6

Security Types for Web Applications Antoine Delignat- Lavaud Introduction

Goals Browser security Our contribution

Review of Host-Proof Web Applications

Host-Proof Application Design Ciphertext Integrity URL Authentication Code/data separation Key management

Defensive JavaScript

Attacks to defend against Type system Applications

Conclusion and Future Work

Introduction: Our Goals

Security of Web Applications

◮ Application logic shared between web server

and browser client.

◮ Complex interaction over HTTP between at

least 2 main principals, often more.

◮ Other interactions between client / server

and third parties.

◮ Security goals: confidentiality and integrity of

communication, authentication, data access control, sharing...

◮ Use of cryptography to achieve these goals.

2 / 40 ∨

SLIDE 7

Security Types for Web Applications Antoine Delignat- Lavaud Introduction

Goals Browser security Our contribution

Review of Host-Proof Web Applications

Host-Proof Application Design Ciphertext Integrity URL Authentication Code/data separation Key management

Defensive JavaScript

Attacks to defend against Type system Applications

Conclusion and Future Work

Web application overview

Server Browser

PHP JavaScript HTML markup JavaScript CSS, images AJAX

Web services SSO... Mashups Like button...

3 / 40 ∨

SLIDE 8

Security Types for Web Applications Antoine Delignat- Lavaud Introduction

Goals Browser security Our contribution

Review of Host-Proof Web Applications

Host-Proof Application Design Ciphertext Integrity URL Authentication Code/data separation Key management

Defensive JavaScript

Attacks to defend against Type system Applications

Conclusion and Future Work

Web application overview

Server Browser

PHP JavaScript HTML markup JavaScript CSS, images AJAX

Web services SSO... Mashups Like button...

3 / 40 ∨

SLIDE 9

Security Types for Web Applications Antoine Delignat- Lavaud Introduction

Goals Browser security Our contribution

Review of Host-Proof Web Applications

Host-Proof Application Design Ciphertext Integrity URL Authentication Code/data separation Key management

Defensive JavaScript

Attacks to defend against Type system Applications

Conclusion and Future Work

Web application overview

Server Browser

PHP JavaScript HTML markup JavaScript CSS, images AJAX

Web services SSO... Mashups Like button...

3 / 40 ∨

SLIDE 10

Security Types for Web Applications Antoine Delignat- Lavaud Introduction

Goals Browser security Our contribution

Review of Host-Proof Web Applications

Host-Proof Application Design Ciphertext Integrity URL Authentication Code/data separation Key management

Defensive JavaScript

Attacks to defend against Type system Applications

Conclusion and Future Work

Browser security

4 / 40 ∨

SLIDE 11

Security Types for Web Applications Antoine Delignat- Lavaud Introduction

Goals Browser security Our contribution

Review of Host-Proof Web Applications

Host-Proof Application Design Ciphertext Integrity URL Authentication Code/data separation Key management

Defensive JavaScript

Attacks to defend against Type system Applications

Conclusion and Future Work

Our contribution

◮ We focus our attention on the client-side

interactions.

◮ We conducted a review on the security of

host-proof web applications and found a variety of attack vectors.

◮ We investigated the problem of loading

trusted JavaScript code into an untrusted environment.

◮ We propose a subset of JavaScript we belive

is safe to use in such environments.

◮ We implemented a type system able to

check if a given script belongs to that subset.

5 / 40 ∨

SLIDE 12

Security Types for Web Applications Antoine Delignat- Lavaud Introduction

Goals Browser security Our contribution

Review of Host-Proof Web Applications

Host-Proof Application Design Ciphertext Integrity URL Authentication Code/data separation Key management

Defensive JavaScript

Attacks to defend against Type system Applications

Conclusion and Future Work

Our contribution

◮ We focus our attention on the client-side

interactions.

◮ We conducted a review on the security of

host-proof web applications and found a variety of attack vectors.

◮ We investigated the problem of loading

trusted JavaScript code into an untrusted environment.

◮ We propose a subset of JavaScript we belive

is safe to use in such environments.

◮ We implemented a type system able to

check if a given script belongs to that subset.

5 / 40 ∨

SLIDE 13

Security Types for Web Applications Antoine Delignat- Lavaud Introduction

Goals Browser security Our contribution

Review of Host-Proof Web Applications

Host-Proof Application Design Ciphertext Integrity URL Authentication Code/data separation Key management

Defensive JavaScript

Attacks to defend against Type system Applications

Conclusion and Future Work

Our contribution

◮ We focus our attention on the client-side

interactions.

◮ We conducted a review on the security of

host-proof web applications and found a variety of attack vectors.

◮ We investigated the problem of loading

trusted JavaScript code into an untrusted environment.

◮ We propose a subset of JavaScript we belive

is safe to use in such environments.

◮ We implemented a type system able to

check if a given script belongs to that subset.

5 / 40 ∨

SLIDE 14

Security Types for Web Applications Antoine Delignat- Lavaud Introduction

Goals Browser security Our contribution

Review of Host-Proof Web Applications

Host-Proof Application Design Ciphertext Integrity URL Authentication Code/data separation Key management

Defensive JavaScript

Attacks to defend against Type system Applications

Conclusion and Future Work

Our contribution

◮ We focus our attention on the client-side

interactions.

◮ We conducted a review on the security of

host-proof web applications and found a variety of attack vectors.

◮ We investigated the problem of loading

trusted JavaScript code into an untrusted environment.

◮ We propose a subset of JavaScript we belive

is safe to use in such environments.

◮ We implemented a type system able to

check if a given script belongs to that subset.

5 / 40 ∨

SLIDE 15

Security Types for Web Applications Antoine Delignat- Lavaud Introduction

Goals Browser security Our contribution

Review of Host-Proof Web Applications

Host-Proof Application Design Ciphertext Integrity URL Authentication Code/data separation Key management

Defensive JavaScript

Attacks to defend against Type system Applications

Conclusion and Future Work

Our contribution

◮ We focus our attention on the client-side

interactions.

◮ We conducted a review on the security of

host-proof web applications and found a variety of attack vectors.

◮ We investigated the problem of loading

trusted JavaScript code into an untrusted environment.

◮ We propose a subset of JavaScript we belive

is safe to use in such environments.

◮ We implemented a type system able to

check if a given script belongs to that subset.

5 / 40 ∨

SLIDE 16

Security Types for Web Applications Antoine Delignat- Lavaud Introduction

Goals Browser security Our contribution

Review of Host-Proof Web Applications

Host-Proof Application Design Ciphertext Integrity URL Authentication Code/data separation Key management

Defensive JavaScript

Attacks to defend against Type system Applications

Conclusion and Future Work

Host-Proof Application Design

User

Content Server Application Client

Sensitive data Hacker X

6 / 40 ∨

SLIDE 17

Security Types for Web Applications Antoine Delignat- Lavaud Introduction

Goals Browser security Our contribution

Review of Host-Proof Web Applications

Host-Proof Application Design Ciphertext Integrity URL Authentication Code/data separation Key management

Defensive JavaScript

Attacks to defend against Type system Applications

Conclusion and Future Work

Host-Proof Application Design

User

Content Server Application Client

Sensitive data Hacker X

6 / 40 ∨

SLIDE 18

Security Types for Web Applications Antoine Delignat- Lavaud Introduction

Goals Browser security Our contribution

Review of Host-Proof Web Applications

Host-Proof Application Design Ciphertext Integrity URL Authentication Code/data separation Key management

Defensive JavaScript

Attacks to defend against Type system Applications

Conclusion and Future Work

Encrypted cloud storage

User

Server App Website

Decrypted Data

authentication encrypted data decryption script decryption

Hacker

CSRF XSS

Hacker

key

Friends?

sharing

7 / 40 ∨

SLIDE 19

Security Types for Web Applications Antoine Delignat- Lavaud Introduction

Goals Browser security Our contribution

Review of Host-Proof Web Applications

Host-Proof Application Design Ciphertext Integrity URL Authentication Code/data separation Key management

Defensive JavaScript

Attacks to defend against Type system Applications

Conclusion and Future Work

Encrypted cloud storage

User

Server App Website

Decrypted Data

authentication encrypted data decryption script decryption

Hacker

CSRF XSS

Hacker

key

Friends?

sharing

7 / 40 ∨

SLIDE 20

Security Types for Web Applications Antoine Delignat- Lavaud Introduction

Goals Browser security Our contribution

Review of Host-Proof Web Applications

Host-Proof Application Design Ciphertext Integrity URL Authentication Code/data separation Key management

Defensive JavaScript

Attacks to defend against Type system Applications

Conclusion and Future Work

Encrypted cloud storage

User

Server App Website

Decrypted Data

authentication encrypted data malicious script decryption

Hacker

CSRF XSS

Hacker

key

Friends?

sharing

7 / 40 ∨

SLIDE 21

Security Types for Web Applications Antoine Delignat- Lavaud Introduction

Goals Browser security Our contribution

Review of Host-Proof Web Applications

Host-Proof Application Design Ciphertext Integrity URL Authentication Code/data separation Key management

Defensive JavaScript

Attacks to defend against Type system Applications

Conclusion and Future Work

Encrypted cloud storage

User

Server App Website

Decrypted Data

authentication encrypted data decryption script decryption

Hacker

CSRF XSS

Hacker

key

Friends?

sharing

7 / 40 ∨

SLIDE 22

Security Types for Web Applications Antoine Delignat- Lavaud Introduction

Goals Browser security Our contribution

Review of Host-Proof Web Applications

Host-Proof Application Design Ciphertext Integrity URL Authentication Code/data separation Key management

Defensive JavaScript

Attacks to defend against Type system Applications

Conclusion and Future Work

Password Manager Browser Extension

Server Host Page App Code

User

session URL password

8 / 40 ∨

SLIDE 23

Security Types for Web Applications Antoine Delignat- Lavaud Introduction

Goals Browser security Our contribution

Review of Host-Proof Web Applications

Host-Proof Application Design Ciphertext Integrity URL Authentication Code/data separation Key management

Defensive JavaScript

Attacks to defend against Type system Applications

Conclusion and Future Work

Password Manager Browser Extension

Server Host Page App Code

User

session URL password

8 / 40 ∨

SLIDE 24

Security Types for Web Applications Antoine Delignat- Lavaud Introduction

Goals Browser security Our contribution

Review of Host-Proof Web Applications

Host-Proof Application Design Ciphertext Integrity URL Authentication Code/data separation Key management

Defensive JavaScript

Attacks to defend against Type system Applications

Conclusion and Future Work

Password Manager Browser Extension

Server Host Page App Code

User

session URL password

8 / 40 ∨

SLIDE 25

Security Types for Web Applications Antoine Delignat- Lavaud Introduction

Goals Browser security Our contribution

Review of Host-Proof Web Applications

Host-Proof Application Design Ciphertext Integrity URL Authentication Code/data separation Key management

Defensive JavaScript

Attacks to defend against Type system Applications

Conclusion and Future Work

Password Manager Browser Extension

Server Host Page App Code

User

session URL password

8 / 40 ∨

SLIDE 26

Security Types for Web Applications Antoine Delignat- Lavaud Introduction

Goals Browser security Our contribution

Review of Host-Proof Web Applications

Host-Proof Application Design Ciphertext Integrity URL Authentication Code/data separation Key management

Defensive JavaScript

Attacks to defend against Type system Applications

Conclusion and Future Work

Password Manager Bookmarklet

Server App Website Host Page App Code

User

secret session intention session URL password

9 / 40 ∨

SLIDE 27

Security Types for Web Applications Antoine Delignat- Lavaud Introduction

Goals Browser security Our contribution

Review of Host-Proof Web Applications

Host-Proof Application Design Ciphertext Integrity URL Authentication Code/data separation Key management

Defensive JavaScript

Attacks to defend against Type system Applications

Conclusion and Future Work

Password Manager Bookmarklet

Server App Website Host Page App Code

User

secret session intention session URL password

9 / 40 ∨

SLIDE 28

Security Types for Web Applications Antoine Delignat- Lavaud Introduction

Goals Browser security Our contribution

Review of Host-Proof Web Applications

Host-Proof Application Design Ciphertext Integrity URL Authentication Code/data separation Key management

Defensive JavaScript

Attacks to defend against Type system Applications

Conclusion and Future Work

Password Manager Bookmarklet

Server App Website Host Page App Code

User

secret session intention session URL password

9 / 40 ∨

SLIDE 29

Security Types for Web Applications Antoine Delignat- Lavaud Introduction

Goals Browser security Our contribution

Review of Host-Proof Web Applications

Host-Proof Application Design Ciphertext Integrity URL Authentication Code/data separation Key management

Defensive JavaScript

Attacks to defend against Type system Applications

Conclusion and Future Work

Password Manager Bookmarklet

Server App Website Host Page App Code

User

secret session intention session URL password

9 / 40 ∨

SLIDE 30

Security Types for Web Applications Antoine Delignat- Lavaud Introduction

Goals Browser security Our contribution

Review of Host-Proof Web Applications

Host-Proof Application Design Ciphertext Integrity URL Authentication Code/data separation Key management

Defensive JavaScript

Attacks to defend against Type system Applications

Conclusion and Future Work

Password Manager Bookmarklet

Server App Website Host Page App Code

User

secret session intention session URL password

9 / 40 ∨

SLIDE 31

Security Types for Web Applications Antoine Delignat- Lavaud Introduction

Goals Browser security Our contribution

Review of Host-Proof Web Applications

Host-Proof Application Design Ciphertext Integrity URL Authentication Code/data separation Key management

Defensive JavaScript

Attacks to defend against Type system Applications

Conclusion and Future Work

Password Manager Bookmarklet

Server App Website Host Page App Code

User

secret session intention session URL password

9 / 40 ∨

SLIDE 32

Security Types for Web Applications Antoine Delignat- Lavaud Introduction

Goals Browser security Our contribution

Review of Host-Proof Web Applications

Host-Proof Application Design Ciphertext Integrity URL Authentication Code/data separation Key management

Defensive JavaScript

Attacks to defend against Type system Applications

Conclusion and Future Work

Password Manager Bookmarklet

Server App Website Host Page App Code

User

secret session intention session URL password

9 / 40 ∨

SLIDE 33

Security Types for Web Applications Antoine Delignat- Lavaud Introduction

Goals Browser security Our contribution

Review of Host-Proof Web Applications

Host-Proof Application Design Ciphertext Integrity URL Authentication Code/data separation Key management

Defensive JavaScript

Attacks to defend against Type system Applications

Conclusion and Future Work

Attacks

What can go wrong?

◮ Incorrect use of crypto. ◮ Usual web attacks (XSS/CSRF). ◮ No data/code separation. ◮ Bad key management.

10 / 40 ∨

SLIDE 34

Security Types for Web Applications Antoine Delignat- Lavaud Introduction

Goals Browser security Our contribution

Review of Host-Proof Web Applications

Host-Proof Application Design Ciphertext Integrity URL Authentication Code/data separation Key management

Defensive JavaScript

Attacks to defend against Type system Applications

Conclusion and Future Work

Attacks

What can go wrong?

◮ Incorrect use of crypto. ◮ Usual web attacks (XSS/CSRF). ◮ No data/code separation. ◮ Bad key management.

10 / 40 ∨

SLIDE 35

Security Types for Web Applications Antoine Delignat- Lavaud Introduction

Goals Browser security Our contribution

Review of Host-Proof Web Applications

Host-Proof Application Design Ciphertext Integrity URL Authentication Code/data separation Key management

Defensive JavaScript

Attacks to defend against Type system Applications

Conclusion and Future Work

Attacks

What can go wrong?

◮ Incorrect use of crypto. ◮ Usual web attacks (XSS/CSRF). ◮ No data/code separation. ◮ Bad key management.

10 / 40 ∨

SLIDE 36

Security Types for Web Applications Antoine Delignat- Lavaud Introduction

Goals Browser security Our contribution

Review of Host-Proof Web Applications

Host-Proof Application Design Ciphertext Integrity URL Authentication Code/data separation Key management

Defensive JavaScript

Attacks to defend against Type system Applications

Conclusion and Future Work

Attacks

What can go wrong?

◮ Incorrect use of crypto. ◮ Usual web attacks (XSS/CSRF). ◮ No data/code separation. ◮ Bad key management.

10 / 40 ∨

SLIDE 37

Security Types for Web Applications Antoine Delignat- Lavaud Introduction

Goals Browser security Our contribution

Review of Host-Proof Web Applications

Host-Proof Application Design Ciphertext Integrity URL Authentication Code/data separation Key management

Defensive JavaScript

Attacks to defend against Type system Applications

Conclusion and Future Work

No ciphertext integrity protection

RoboForm Passcard

❯❘▲✸✿❊♥❝♦❞❡✭❯❘▲✮ ✰P❘❖❚❊❈❚❊❉✲✷✰ ❁ENCk✭✉s❡r♥❛♠❡✱♣❛ss✇♦r❞✮❃

1Password Keychain

④✧✉✉✐❞✧✿✳✳✳✱✧t✐t❧❡✧✿✳✳✳✱ ✧❧♦❝❛t✐♦♥✧✿❯❘▲✱ ✧❡♥❝r②♣t❡❞✧✿❁ENCk✭✉s❡r♥❛♠❡✱♣❛ss✇♦r❞✮❃⑥

11 / 40 ∨

SLIDE 38

Security Types for Web Applications Antoine Delignat- Lavaud Introduction

Goals Browser security Our contribution

Review of Host-Proof Web Applications

Host-Proof Application Design Ciphertext Integrity URL Authentication Code/data separation Key management

Defensive JavaScript

Attacks to defend against Type system Applications

Conclusion and Future Work

No ciphertext integrity protection

User

Content Server ❣♦♦❣❧❡✳❝♦♠ ❊◆❈✭✉✱ ♣✮ Application Client

google.com p Hacker p

Friend ❣♦♦❣❧❡✳❝♦♠ ❊◆❈✭✉✱ ♣✮

share

12 / 40 ∨

SLIDE 39

Security Types for Web Applications Antoine Delignat- Lavaud Introduction

Goals Browser security Our contribution

Review of Host-Proof Web Applications

Host-Proof Application Design Ciphertext Integrity URL Authentication Code/data separation Key management

Defensive JavaScript

Attacks to defend against Type system Applications

Conclusion and Future Work

No ciphertext integrity protection

User

Content Server ❜❛❞✳❝♦♠ ❊◆❈✭✉✱ ♣✮ Application Client

bad.com p Hacker p

Friend ❣♦♦❣❧❡✳❝♦♠ ❊◆❈✭✉✱ ♣✮

share

12 / 40 ∨

SLIDE 40

Security Types for Web Applications Antoine Delignat- Lavaud Introduction

Goals Browser security Our contribution

Review of Host-Proof Web Applications

Host-Proof Application Design Ciphertext Integrity URL Authentication Code/data separation Key management

Defensive JavaScript

Attacks to defend against Type system Applications

Conclusion and Future Work

No ciphertext integrity protection

User

Content Server ❣♦♦❣❧❡✳❝♦♠ ❊◆❈✭✉✱ ♣✮ Application Client

google.com p Hacker p

Friend ❣♦♦❣❧❡✳❝♦♠ ❊◆❈✭✉✱ ♣✮

share

12 / 40 ∨

SLIDE 41

Security Types for Web Applications Antoine Delignat- Lavaud Introduction

Goals Browser security Our contribution

Review of Host-Proof Web Applications

Host-Proof Application Design Ciphertext Integrity URL Authentication Code/data separation Key management

Defensive JavaScript

Attacks to defend against Type system Applications

Conclusion and Future Work

Classic problem: URL authenticating

◮ Browser extension-based password managers; ◮ Match URL with password database in JS. ◮ Error-prone RegExp matching.

parseUri pattern

✴❫✭❄✿✭❬❫✿❭✴❄★❪✰✮✿✮❄✭❄✿❭✴❭✴✭✭❄✿✭✭❬❫✿❅❪✯✮ ✭❄✿✿✭❬❫✿❅❪✯✮✮❄✮❄❅✮❄✭❬❫✿❭✴❄★❪✯✮✭❄✿✿✭❭❞✯✮✮❄✮✮❄ ✭✭✭✭❄✿❬❫❄★❭✴❪✯❭✴✮✯✮✭❬❫❄★❪✯✮✮✭❄✿❭❄✭❬❫★❪✯✮✮❄ ✭❄✿★✭✳✯✮✮❄✮✴

Incorrect

❤tt♣✿✴✴❜❛❞✳❝♦♠✴★❅❛❝❝♦✉♥ts✳❣♦♦❣❧❡✳❝♦♠

13 / 40 ∨

SLIDE 42

Security Types for Web Applications Antoine Delignat- Lavaud Introduction

Goals Browser security Our contribution

Review of Host-Proof Web Applications

Host-Proof Application Design Ciphertext Integrity URL Authentication Code/data separation Key management

Defensive JavaScript

Attacks to defend against Type system Applications

Conclusion and Future Work

Classic problem: URL authenticating

◮ Browser extension-based password managers; ◮ Match URL with password database in JS. ◮ Error-prone RegExp matching.

parseUri pattern

✴❫✭❄✿✭❬❫✿❭✴❄★❪✰✮✿✮❄✭❄✿❭✴❭✴✭✭❄✿✭✭❬❫✿❅❪✯✮ ✭❄✿✿✭❬❫✿❅❪✯✮✮❄✮❄❅✮❄✭❬❫✿❭✴❄★❪✯✮✭❄✿✿✭❭❞✯✮✮❄✮✮❄ ✭✭✭✭❄✿❬❫❄★❭✴❪✯❭✴✮✯✮✭❬❫❄★❪✯✮✮✭❄✿❭❄✭❬❫★❪✯✮✮❄ ✭❄✿★✭✳✯✮✮❄✮✴

Incorrect

❤tt♣✿✴✴❜❛❞✳❝♦♠✴★❅❛❝❝♦✉♥ts✳❣♦♦❣❧❡✳❝♦♠

13 / 40 ∨

SLIDE 43

Security Types for Web Applications Antoine Delignat- Lavaud Introduction

Goals Browser security Our contribution

Review of Host-Proof Web Applications

Host-Proof Application Design Ciphertext Integrity URL Authentication Code/data separation Key management

Defensive JavaScript

Attacks to defend against Type system Applications

Conclusion and Future Work

Classic problem: URL authenticating

◮ Browser extension-based password managers; ◮ Match URL with password database in JS. ◮ Error-prone RegExp matching.

parseUri pattern

✴❫✭❄✿✭❬❫✿❭✴❄★❪✰✮✿✮❄✭❄✿❭✴❭✴✭✭❄✿✭✭❬❫✿❅❪✯✮ ✭❄✿✿✭❬❫✿❅❪✯✮✮❄✮❄❅✮❄✭❬❫✿❭✴❄★❪✯✮✭❄✿✿✭❭❞✯✮✮❄✮✮❄ ✭✭✭✭❄✿❬❫❄★❭✴❪✯❭✴✮✯✮✭❬❫❄★❪✯✮✮✭❄✿❭❄✭❬❫★❪✯✮✮❄ ✭❄✿★✭✳✯✮✮❄✮✴

Incorrect

❤tt♣✿✴✴❜❛❞✳❝♦♠✴★❅❛❝❝♦✉♥ts✳❣♦♦❣❧❡✳❝♦♠

13 / 40 ∨

SLIDE 44

Security Types for Web Applications Antoine Delignat- Lavaud Introduction

Goals Browser security Our contribution

Review of Host-Proof Web Applications

Host-Proof Application Design Ciphertext Integrity URL Authentication Code/data separation Key management

Defensive JavaScript

Attacks to defend against Type system Applications

Conclusion and Future Work

Classic problem: URL authenticating

◮ Browser extension-based password managers; ◮ Match URL with password database in JS. ◮ Error-prone RegExp matching.

parseUri pattern

✴❫✭❄✿✭❬❫✿❭✴❄★❪✰✮✿✮❄✭❄✿❭✴❭✴✭✭❄✿✭✭❬❫✿❅❪✯✮ ✭❄✿✿✭❬❫✿❅❪✯✮✮❄✮❄❅✮❄✭❬❫✿❭✴❄★❪✯✮✭❄✿✿✭❭❞✯✮✮❄✮✮❄ ✭✭✭✭❄✿❬❫❄★❭✴❪✯❭✴✮✯✮✭❬❫❄★❪✯✮✮✭❄✿❭❄✭❬❫★❪✯✮✮❄ ✭❄✿★✭✳✯✮✮❄✮✴

Incorrect

❤tt♣✿✴✴❜❛❞✳❝♦♠✴★❅❛❝❝♦✉♥ts✳❣♦♦❣❧❡✳❝♦♠

13 / 40 ∨

SLIDE 45

Security Types for Web Applications Antoine Delignat- Lavaud Introduction

Goals Browser security Our contribution

Review of Host-Proof Web Applications

Host-Proof Application Design Ciphertext Integrity URL Authentication Code/data separation Key management

Defensive JavaScript

Attacks to defend against Type system Applications

Conclusion and Future Work

Classic problem: URL authenticating

◮ Browser extension-based password managers; ◮ Match URL with password database in JS. ◮ Error-prone RegExp matching.

parseUri pattern

✴❫✭❄✿✭❬❫✿❭✴❄★❪✰✮✿✮❄✭❄✿❭✴❭✴✭✭❄✿✭✭❬❫✿❅❪✯✮ ✭❄✿✿✭❬❫✿❅❪✯✮✮❄✮❄❅✮❄✭❬❫✿❭✴❄★❪✯✮✭❄✿✿✭❭❞✯✮✮❄✮✮❄ ✭✭✭✭❄✿❬❫❄★❭✴❪✯❭✴✮✯✮✭❬❫❄★❪✯✮✮✭❄✿❭❄✭❬❫★❪✯✮✮❄ ✭❄✿★✭✳✯✮✮❄✮✴

Incorrect

❤tt♣✿✴✴❜❛❞✳❝♦♠✴★❅❛❝❝♦✉♥ts✳❣♦♦❣❧❡✳❝♦♠

13 / 40 ∨

SLIDE 46

Security Types for Web Applications Antoine Delignat- Lavaud Introduction

Goals Browser security Our contribution

Review of Host-Proof Web Applications

Host-Proof Application Design Ciphertext Integrity URL Authentication Code/data separation Key management

Defensive JavaScript

Attacks to defend against Type system Applications

Conclusion and Future Work

Fishing attack on 1Password extension

URL parsing code

✈❛r ❤r❡❢ ❂ ❣❡t❇r♦✇s❡r✭✮✳❝♦♥t❡♥t❲✐♥❞♦✇ ✳❧♦❝❛t✐♦♥✳❤r❡❢ ✰ ✧✴✧❀ ✈❛r ❞♦♠❛✐♥ ❂ ❤r❡❢✳r❡♣❧❛❝❡✭ ✴❫❤tt♣❬s❪✯✿❭✴❭✴✭✳✯❄✮❭✴✳✯✩✴✐✱ ✧✩✶✧✮❀ ✈❛r ♠✐❞❞❧❡ ❂ ❞♦♠❛✐♥✳r❡♣❧❛❝❡✭ ✴❫✭✇✇✇✳✮✯✭✳✯✮✴✐✱ ✧✩✷✧✮❀ r❡t✉r♥ ♠✐❞❞❧❡✳s✉❜str✐♥❣✭✵✱✶✮✳t♦❯♣♣❡r❈❛s❡✭✮ ✰ ♠✐❞❞❧❡✳s✉❜str✐♥❣✭✶✱♠✐❞❞❧❡✳❧❡♥❣t❤✮❀

Fishing URL

❤tt♣✿✴✴✇✇✇✳❣♦♦❣❧❡✳❝♦♠✿①①①❅❜❛❞✳❝♦♠

14 / 40 ∨

SLIDE 47

Security Types for Web Applications Antoine Delignat- Lavaud Introduction

Goals Browser security Our contribution

Review of Host-Proof Web Applications

Host-Proof Application Design Ciphertext Integrity URL Authentication Code/data separation Key management

Defensive JavaScript

Attacks to defend against Type system Applications

Conclusion and Future Work

Fishing attack on 1Password extension

URL parsing code

✈❛r ❤r❡❢ ❂ ❣❡t❇r♦✇s❡r✭✮✳❝♦♥t❡♥t❲✐♥❞♦✇ ✳❧♦❝❛t✐♦♥✳❤r❡❢ ✰ ✧✴✧❀ ✈❛r ❞♦♠❛✐♥ ❂ ❤r❡❢✳r❡♣❧❛❝❡✭ ✴❫❤tt♣❬s❪✯✿❭✴❭✴✭✳✯❄✮❭✴✳✯✩✴✐✱ ✧✩✶✧✮❀ ✈❛r ♠✐❞❞❧❡ ❂ ❞♦♠❛✐♥✳r❡♣❧❛❝❡✭ ✴❫✭✇✇✇✳✮✯✭✳✯✮✴✐✱ ✧✩✷✧✮❀ r❡t✉r♥ ♠✐❞❞❧❡✳s✉❜str✐♥❣✭✵✱✶✮✳t♦❯♣♣❡r❈❛s❡✭✮ ✰ ♠✐❞❞❧❡✳s✉❜str✐♥❣✭✶✱♠✐❞❞❧❡✳❧❡♥❣t❤✮❀

Fishing URL

❤tt♣✿✴✴✇✇✇✳❣♦♦❣❧❡✳❝♦♠✿①①①❅❜❛❞✳❝♦♠

14 / 40 ∨

SLIDE 48

Security Types for Web Applications Antoine Delignat- Lavaud Introduction

Goals Browser security Our contribution

Review of Host-Proof Web Applications

Host-Proof Application Design Ciphertext Integrity URL Authentication Code/data separation Key management

Defensive JavaScript

Attacks to defend against Type system Applications

Conclusion and Future Work

1Password fishing attack

Server Attacker 1Password

User

session Fishing URL Google password

15 / 40 ∨

SLIDE 49

Security Types for Web Applications Antoine Delignat- Lavaud Introduction

Goals Browser security Our contribution

Review of Host-Proof Web Applications

Host-Proof Application Design Ciphertext Integrity URL Authentication Code/data separation Key management

Defensive JavaScript

Attacks to defend against Type system Applications

Conclusion and Future Work

1Password fishing attack

Server Attacker 1Password

User

session Fishing URL Google password

15 / 40 ∨

SLIDE 50

Security Types for Web Applications Antoine Delignat- Lavaud Introduction

Goals Browser security Our contribution

Review of Host-Proof Web Applications

Host-Proof Application Design Ciphertext Integrity URL Authentication Code/data separation Key management

Defensive JavaScript

Attacks to defend against Type system Applications

Conclusion and Future Work

1Password fishing attack

Server Attacker 1Password

User

session Fishing URL Google password

15 / 40 ∨

SLIDE 51

Security Types for Web Applications Antoine Delignat- Lavaud Introduction

Goals Browser security Our contribution

Review of Host-Proof Web Applications

Host-Proof Application Design Ciphertext Integrity URL Authentication Code/data separation Key management

Defensive JavaScript

Attacks to defend against Type system Applications

Conclusion and Future Work

Code/data separation

Web interfaces

◮ Hard to maintain client-side decryption due

to Javascript limitations.

◮ Login form exposed to web attacks. ◮ Decryption in the same scope as various GUI

and user data.

16 / 40 ∨

SLIDE 52

Security Types for Web Applications Antoine Delignat- Lavaud Introduction

Goals Browser security Our contribution

Review of Host-Proof Web Applications

Host-Proof Application Design Ciphertext Integrity URL Authentication Code/data separation Key management

Defensive JavaScript

Attacks to defend against Type system Applications

Conclusion and Future Work

Code/data separation

Web interfaces

◮ Hard to maintain client-side decryption due

to Javascript limitations.

◮ Login form exposed to web attacks. ◮ Decryption in the same scope as various GUI

and user data.

16 / 40 ∨

SLIDE 53

Security Types for Web Applications Antoine Delignat- Lavaud Introduction

Goals Browser security Our contribution

Review of Host-Proof Web Applications

Host-Proof Application Design Ciphertext Integrity URL Authentication Code/data separation Key management

Defensive JavaScript

Attacks to defend against Type system Applications

Conclusion and Future Work

Code/data separation

Web interfaces

◮ Hard to maintain client-side decryption due

to Javascript limitations.

◮ Login form exposed to web attacks. ◮ Decryption in the same scope as various GUI

and user data.

16 / 40 ∨

SLIDE 54

Security Types for Web Applications Antoine Delignat- Lavaud Introduction

Goals Browser security Our contribution

Review of Host-Proof Web Applications

Host-Proof Application Design Ciphertext Integrity URL Authentication Code/data separation Key management

Defensive JavaScript

Attacks to defend against Type system Applications

Conclusion and Future Work

SpiderOak

User

Server SpiderOak

session JSON listing

Attacker

JSONP query JSON listing

17 / 40 ∨

SLIDE 55

Security Types for Web Applications Antoine Delignat- Lavaud Introduction

Goals Browser security Our contribution

Review of Host-Proof Web Applications

Host-Proof Application Design Ciphertext Integrity URL Authentication Code/data separation Key management

Defensive JavaScript

Attacks to defend against Type system Applications

Conclusion and Future Work

SpiderOak

User

Server SpiderOak

session JSON listing

Attacker

JSONP query JSON listing

17 / 40 ∨

SLIDE 56

Security Types for Web Applications Antoine Delignat- Lavaud Introduction

Goals Browser security Our contribution

Review of Host-Proof Web Applications

Host-Proof Application Design Ciphertext Integrity URL Authentication Code/data separation Key management

Defensive JavaScript

Attacks to defend against Type system Applications

Conclusion and Future Work

SpiderOak

User

Server SpiderOak

session JSON listing

Attacker

JSONP query JSON listing

17 / 40 ∨

SLIDE 57

Security Types for Web Applications Antoine Delignat- Lavaud Introduction

Goals Browser security Our contribution

Review of Host-Proof Web Applications

Host-Proof Application Design Ciphertext Integrity URL Authentication Code/data separation Key management

Defensive JavaScript

Attacks to defend against Type system Applications

Conclusion and Future Work

SpiderOak

Query

❤tt♣s✿✴✴s♣✐❞❡r♦❛❦✳❝♦♠✴st♦r❛❣❡✴❁✉✸✷❃✴❄❝❛❧❧❜❛❝❦❂❢

Result

❢✭④ ✧st❛ts✧✿ ④ ✧❢✐rst♥❛♠❡✧✿ ✧✳✳✳✧✱ ✧❧❛st♥❛♠❡✧✿ ✧✳✳✳✧✱ ✧❞❡✈✐❝❡s✧✿ ✳✳✳✱ ⑥✱ ✧❞❡✈✐❝❡s✧✿ ❬ ❬✧♣❝✶✧✱ ✧♣❝✶✴✧❪✱❬✧❧❛♣t♦♣✧✱ ✧❧❛♣t♦♣✴✧❪✱✳✳✳ ❪ ⑥✮

18 / 40 ∨

SLIDE 58

Security Types for Web Applications Antoine Delignat- Lavaud Introduction

Goals Browser security Our contribution

Review of Host-Proof Web Applications

Host-Proof Application Design Ciphertext Integrity URL Authentication Code/data separation Key management

Defensive JavaScript

Attacks to defend against Type system Applications

Conclusion and Future Work

SpiderOak

Query

❤tt♣s✿✴✴s♣✐❞❡r♦❛❦✳❝♦♠✴st♦r❛❣❡✴❁✉✸✷❃✴s❤❛r❡s

Result

④ ✧s❤❛r❡❴r♦♦♠s✧ ✿ ❬ ✧✉r❧✧ ✿ ✧✴❜r♦✇s❡✴s❤❛r❡✴❁✐❞❃✴❁❦❡②❃✧✱ ✧r♦♦♠❴❦❡②✧ ✿ ✧❁❦❡②❃✧✱ ✧r♦♦♠❴❞❡s❝r✐♣t✐♦♥✧ ✿ ✧✧ ✱ ✧r♦♦♠❴♥❛♠❡✧✿ ✧❁r♦♦♠❃✧ ❪✱ ✧s❤❛r❡❴✐❞✧ ✿ ✧❁✐❞❃✧✱ ✧s❤❛r❡❴✐❞❴❜✸✷✧ ✿ ✧❁✉✸✷❃✧ ⑥

19 / 40 ∨

SLIDE 59

Security Types for Web Applications Antoine Delignat- Lavaud Introduction

Goals Browser security Our contribution

Review of Host-Proof Web Applications

Host-Proof Application Design Ciphertext Integrity URL Authentication Code/data separation Key management

Defensive JavaScript

Attacks to defend against Type system Applications

Conclusion and Future Work

Key management

A difficult challenge

◮ All applications implement some form of

sharing.

◮ Full database vs per-entry dilemma. ◮ Bias towards features rather than security.

20 / 40 ∨

SLIDE 60

Security Types for Web Applications Antoine Delignat- Lavaud Introduction

Goals Browser security Our contribution

Review of Host-Proof Web Applications

Host-Proof Application Design Ciphertext Integrity URL Authentication Code/data separation Key management

Defensive JavaScript

Attacks to defend against Type system Applications

Conclusion and Future Work

Key management

A difficult challenge

◮ All applications implement some form of

sharing.

◮ Full database vs per-entry dilemma. ◮ Bias towards features rather than security.

20 / 40 ∨

SLIDE 61

Security Types for Web Applications Antoine Delignat- Lavaud Introduction

Goals Browser security Our contribution

Review of Host-Proof Web Applications

Host-Proof Application Design Ciphertext Integrity URL Authentication Code/data separation Key management

Defensive JavaScript

Attacks to defend against Type system Applications

Conclusion and Future Work

Key management

A difficult challenge

◮ All applications implement some form of

sharing.

◮ Full database vs per-entry dilemma. ◮ Bias towards features rather than security.

20 / 40 ∨

SLIDE 62

Security Types for Web Applications Antoine Delignat- Lavaud Introduction

Goals Browser security Our contribution

Review of Host-Proof Web Applications

Host-Proof Application Design Ciphertext Integrity URL Authentication Code/data separation Key management

Defensive JavaScript

Attacks to defend against Type system Applications

Conclusion and Future Work

LastPass login bookmarklet

Server App Website Attacker Bookmarklet

User

s

K

session intention session

D, Encs,r(K), r

rootkit K

21 / 40 ∨

SLIDE 63

Security Types for Web Applications Antoine Delignat- Lavaud Introduction

Goals Browser security Our contribution

Review of Host-Proof Web Applications

Host-Proof Application Design Ciphertext Integrity URL Authentication Code/data separation Key management

Defensive JavaScript

Attacks to defend against Type system Applications

Conclusion and Future Work

LastPass login bookmarklet

Server App Website Attacker Bookmarklet

User

s

K

session intention session

D, Encs,r(K), r

rootkit K

21 / 40 ∨

SLIDE 64

Security Types for Web Applications Antoine Delignat- Lavaud Introduction

Goals Browser security Our contribution

Review of Host-Proof Web Applications

Host-Proof Application Design Ciphertext Integrity URL Authentication Code/data separation Key management

Defensive JavaScript

Attacks to defend against Type system Applications

Conclusion and Future Work

LastPass login bookmarklet

Server App Website Attacker Bookmarklet

User

s

K

session intention session

D, Encs,r(K), r

rootkit K

21 / 40 ∨

SLIDE 65

Security Types for Web Applications Antoine Delignat- Lavaud Introduction

Goals Browser security Our contribution

Review of Host-Proof Web Applications

Host-Proof Application Design Ciphertext Integrity URL Authentication Code/data separation Key management

Defensive JavaScript

Attacks to defend against Type system Applications

Conclusion and Future Work

LastPass login bookmarklet

Server App Website Attacker Bookmarklet

User

s

K

session intention session

D, Encs,r(K), r

rootkit K

21 / 40 ∨

SLIDE 66

Security Types for Web Applications Antoine Delignat- Lavaud Introduction

Goals Browser security Our contribution

Review of Host-Proof Web Applications

Host-Proof Application Design Ciphertext Integrity URL Authentication Code/data separation Key management

Defensive JavaScript

Attacks to defend against Type system Applications

Conclusion and Future Work

LastPass login bookmarklet

Server App Website Attacker Bookmarklet

User

s

K

session intention session

D, Encs,r(K), r

rootkit K

21 / 40 ∨

SLIDE 67

Security Types for Web Applications Antoine Delignat- Lavaud Introduction

Goals Browser security Our contribution

Review of Host-Proof Web Applications

Host-Proof Application Design Ciphertext Integrity URL Authentication Code/data separation Key management

Defensive JavaScript

Attacks to defend against Type system Applications

Conclusion and Future Work

LastPass login bookmarklet

Server App Website Attacker Bookmarklet

User

s

K

session intention session

D, Encs,r(K), r

rootkit K

21 / 40 ∨

SLIDE 68

Security Types for Web Applications Antoine Delignat- Lavaud Introduction

Goals Browser security Our contribution

Review of Host-Proof Web Applications

Host-Proof Application Design Ciphertext Integrity URL Authentication Code/data separation Key management

Defensive JavaScript

Attacks to defend against Type system Applications

Conclusion and Future Work

Key recovery by rootkiting

❢✉♥❝t✐♦♥ ❴▲P❴❙❚❆❘❚✭✮ ④ ❴▲P ❂ ♥❡✇ ❴▲P❴❈❖◆❚❆■◆❊❘✭✮❀ ✈❛r ❞ ❂ ④❁❡♥❝r②♣t❡❞ ❢♦r♠ ❞❛t❛❃⑥❀ ❴▲P✳s❡t❱❛rs✭❞✱ ✬❁✉s❡r❃✬✱ ✬❁❡♥❝r②♣t❡❞❴❦❡②❃✬✱ ❴▲❆❙❚P❆❙❙❴❘❆◆❉✱ ✳✳✳✮❀ ❴▲P✳❜♠▼✉❧t✐✭♥✉❧❧✱ ♥✉❧❧✮❀ ⑥ Ben Adida, Adam Barth and Collin Jackson Rootkits for JavaScript environments WOOT’2009

22 / 40 ∨

SLIDE 69

Security Types for Web Applications Antoine Delignat- Lavaud Introduction

Goals Browser security Our contribution

Review of Host-Proof Web Applications

Host-Proof Application Design Ciphertext Integrity URL Authentication Code/data separation Key management

Defensive JavaScript

Attacks to defend against Type system Applications

Conclusion and Future Work

Defensive JavaScript

Challenges of JavaScript static analysis

◮ Implicit initialization and global definition of

undeclared variables.

◮ Dynamic property access and creation. ◮ Weak, dynamic types (✶✰✧①✧✱ ✧✶✳✶✧❂❂✶✳✶),

implicit function calls for conversions (✈❛❧✉❡❖❢✱ t♦❙tr✐♥❣).

◮ No distinction between functions, methods

and constructors.

◮ No static scoping (t❤✐s, ✇✐t❤). ◮ Prototype chain inheritence, redefineable

prototypes for base objects.

◮ Getters and setters.

23 / 40 ∨

SLIDE 70

Security Types for Web Applications Antoine Delignat- Lavaud Introduction

Goals Browser security Our contribution

Review of Host-Proof Web Applications

Host-Proof Application Design Ciphertext Integrity URL Authentication Code/data separation Key management

Defensive JavaScript

Attacks to defend against Type system Applications

Conclusion and Future Work

Defensive JavaScript

Challenges of JavaScript static analysis

◮ Implicit initialization and global definition of

undeclared variables.

◮ Dynamic property access and creation. ◮ Weak, dynamic types (✶✰✧①✧✱ ✧✶✳✶✧❂❂✶✳✶),

implicit function calls for conversions (✈❛❧✉❡❖❢✱ t♦❙tr✐♥❣).

◮ No distinction between functions, methods

and constructors.

◮ No static scoping (t❤✐s, ✇✐t❤). ◮ Prototype chain inheritence, redefineable

prototypes for base objects.

◮ Getters and setters.

23 / 40 ∨

SLIDE 71

Security Types for Web Applications Antoine Delignat- Lavaud Introduction

Goals Browser security Our contribution

Review of Host-Proof Web Applications

Host-Proof Application Design Ciphertext Integrity URL Authentication Code/data separation Key management

Defensive JavaScript

Attacks to defend against Type system Applications

Conclusion and Future Work

Defensive JavaScript

Challenges of JavaScript static analysis

◮ Implicit initialization and global definition of

undeclared variables.

◮ Dynamic property access and creation. ◮ Weak, dynamic types (✶✰✧①✧✱ ✧✶✳✶✧❂❂✶✳✶),

implicit function calls for conversions (✈❛❧✉❡❖❢✱ t♦❙tr✐♥❣).

◮ No distinction between functions, methods

and constructors.

◮ No static scoping (t❤✐s, ✇✐t❤). ◮ Prototype chain inheritence, redefineable

prototypes for base objects.

◮ Getters and setters.

23 / 40 ∨

SLIDE 72

Security Types for Web Applications Antoine Delignat- Lavaud Introduction

Goals Browser security Our contribution

Review of Host-Proof Web Applications

Host-Proof Application Design Ciphertext Integrity URL Authentication Code/data separation Key management

Defensive JavaScript

Attacks to defend against Type system Applications

Conclusion and Future Work

Defensive JavaScript

Challenges of JavaScript static analysis

◮ Implicit initialization and global definition of

undeclared variables.

◮ Dynamic property access and creation. ◮ Weak, dynamic types (✶✰✧①✧✱ ✧✶✳✶✧❂❂✶✳✶),

implicit function calls for conversions (✈❛❧✉❡❖❢✱ t♦❙tr✐♥❣).

◮ No distinction between functions, methods

and constructors.

◮ No static scoping (t❤✐s, ✇✐t❤). ◮ Prototype chain inheritence, redefineable

prototypes for base objects.

◮ Getters and setters.

23 / 40 ∨

SLIDE 73

Security Types for Web Applications Antoine Delignat- Lavaud Introduction

Goals Browser security Our contribution

Review of Host-Proof Web Applications

Host-Proof Application Design Ciphertext Integrity URL Authentication Code/data separation Key management

Defensive JavaScript

Attacks to defend against Type system Applications

Conclusion and Future Work

Defensive JavaScript

Challenges of JavaScript static analysis

◮ Implicit initialization and global definition of

undeclared variables.

◮ Dynamic property access and creation. ◮ Weak, dynamic types (✶✰✧①✧✱ ✧✶✳✶✧❂❂✶✳✶),

implicit function calls for conversions (✈❛❧✉❡❖❢✱ t♦❙tr✐♥❣).

◮ No distinction between functions, methods

and constructors.

◮ No static scoping (t❤✐s, ✇✐t❤). ◮ Prototype chain inheritence, redefineable

prototypes for base objects.

◮ Getters and setters.

23 / 40 ∨

SLIDE 74

Security Types for Web Applications Antoine Delignat- Lavaud Introduction

Goals Browser security Our contribution

Review of Host-Proof Web Applications

Host-Proof Application Design Ciphertext Integrity URL Authentication Code/data separation Key management

Defensive JavaScript

Attacks to defend against Type system Applications

Conclusion and Future Work

Defensive JavaScript

Challenges of JavaScript static analysis

◮ Implicit initialization and global definition of

undeclared variables.

◮ Dynamic property access and creation. ◮ Weak, dynamic types (✶✰✧①✧✱ ✧✶✳✶✧❂❂✶✳✶),

implicit function calls for conversions (✈❛❧✉❡❖❢✱ t♦❙tr✐♥❣).

◮ No distinction between functions, methods

and constructors.

◮ No static scoping (t❤✐s, ✇✐t❤). ◮ Prototype chain inheritence, redefineable

prototypes for base objects.

◮ Getters and setters.

23 / 40 ∨

SLIDE 75

Security Types for Web Applications Antoine Delignat- Lavaud Introduction

Goals Browser security Our contribution

Review of Host-Proof Web Applications

Host-Proof Application Design Ciphertext Integrity URL Authentication Code/data separation Key management

Defensive JavaScript

Attacks to defend against Type system Applications

Conclusion and Future Work

Defensive JavaScript

Challenges of JavaScript static analysis

◮ Implicit initialization and global definition of

undeclared variables.

◮ Dynamic property access and creation. ◮ Weak, dynamic types (✶✰✧①✧✱ ✧✶✳✶✧❂❂✶✳✶),

implicit function calls for conversions (✈❛❧✉❡❖❢✱ t♦❙tr✐♥❣).

◮ No distinction between functions, methods

and constructors.

◮ No static scoping (t❤✐s, ✇✐t❤). ◮ Prototype chain inheritence, redefineable

prototypes for base objects.

◮ Getters and setters.

23 / 40 ∨

SLIDE 76

Security Types for Web Applications Antoine Delignat- Lavaud Introduction

Goals Browser security Our contribution

Review of Host-Proof Web Applications

Host-Proof Application Design Ciphertext Integrity URL Authentication Code/data separation Key management

Defensive JavaScript

Attacks to defend against Type system Applications

Conclusion and Future Work

Attacks to defend against

Scoping problem

Undeclared variables are implicitely global.

Attack example

❢✉♥❝t✐♦♥ ❴▲P❴❙❚❆❘❚✭✮ ④ ❴▲P ❂ ♥❡✇ ❴▲P❴❈❖◆❚❆■◆❊❘✭✮❀ ✈❛r ❞ ❂ ④❁❡♥❝r②♣t❡❞ ❢♦r♠ ❞❛t❛❃⑥❀ ❴▲P✳s❡t❱❛rs✭❞✱ ✬❁✉s❡r❃✬✱ ✬❁❡♥❝r②♣t❡❞❴❦❡②❃✬✱ ❴▲❆❙❚P❆❙❙❴❘❆◆❉✱ ✳✳✳✮❀ ❴▲P✳❜♠▼✉❧t✐✭♥✉❧❧✱ ♥✉❧❧✮❀ ⑥

24 / 40 ∨

SLIDE 77

Security Types for Web Applications Antoine Delignat- Lavaud Introduction

Goals Browser security Our contribution

Review of Host-Proof Web Applications

Host-Proof Application Design Ciphertext Integrity URL Authentication Code/data separation Key management

Defensive JavaScript

Attacks to defend against Type system Applications

Conclusion and Future Work

Scoping problem

Solution

◮ We use a monomorphic type inference

system.

◮ We forbid features that break lexical scoping:

❛r❣✉♠❡♥ts✳❝❛❧❧❡r, ✇✐t❤✭♦✮

◮ We need to distinguish functions and

methods.

25 / 40 ∨

SLIDE 78

Security Types for Web Applications Antoine Delignat- Lavaud Introduction

Goals Browser security Our contribution

Review of Host-Proof Web Applications

Host-Proof Application Design Ciphertext Integrity URL Authentication Code/data separation Key management

Defensive JavaScript

Attacks to defend against Type system Applications

Conclusion and Future Work

Scoping problem

Solution

◮ We use a monomorphic type inference

system.

◮ We forbid features that break lexical scoping:

❛r❣✉♠❡♥ts✳❝❛❧❧❡r, ✇✐t❤✭♦✮

◮ We need to distinguish functions and

methods.

25 / 40 ∨

SLIDE 79

Security Types for Web Applications Antoine Delignat- Lavaud Introduction

Goals Browser security Our contribution

Review of Host-Proof Web Applications

Host-Proof Application Design Ciphertext Integrity URL Authentication Code/data separation Key management

Defensive JavaScript

Attacks to defend against Type system Applications

Conclusion and Future Work

Scoping problem

Solution

◮ We use a monomorphic type inference

system.

◮ We forbid features that break lexical scoping:

❛r❣✉♠❡♥ts✳❝❛❧❧❡r, ✇✐t❤✭♦✮

◮ We need to distinguish functions and

methods.

25 / 40 ∨

SLIDE 80

Security Types for Web Applications Antoine Delignat- Lavaud Introduction

Goals Browser security Our contribution

Review of Host-Proof Web Applications

Host-Proof Application Design Ciphertext Integrity URL Authentication Code/data separation Key management

Defensive JavaScript

Attacks to defend against Type system Applications

Conclusion and Future Work

Attacks to defend against

Implicit function calls

Some type casts implicitely call redefineable functions.

Attack example

✴✴ ❆tt❛❝❦❡r ❖❜❥❡❝t✳♣r♦t♦t②♣❡✳✈❛❧✉❡❖❢ ❂ ❢✉♥❝t✐♦♥✭✮④st❡❛❧✭t❤✐s✳s❡❝r❡t✮⑥❀ ✴✴ ❯♥s❛❢❡ ❝♦❞❡ ❛ ❂ ④s❡❝r❡t✿✧①✧⑥ ✰ ✶

26 / 40 ∨

SLIDE 81

Security Types for Web Applications Antoine Delignat- Lavaud Introduction

Goals Browser security Our contribution

Review of Host-Proof Web Applications

Host-Proof Application Design Ciphertext Integrity URL Authentication Code/data separation Key management

Defensive JavaScript

Attacks to defend against Type system Applications

Conclusion and Future Work

Implicit function calls

Solution

◮ Monomorphic operators. ◮ Exceptions for safe typecasts (logical

negation).

27 / 40 ∨

SLIDE 82

Security Types for Web Applications Antoine Delignat- Lavaud Introduction

Goals Browser security Our contribution

Review of Host-Proof Web Applications

Host-Proof Application Design Ciphertext Integrity URL Authentication Code/data separation Key management

Defensive JavaScript

Attacks to defend against Type system Applications

Conclusion and Future Work

Implicit function calls

Solution

◮ Monomorphic operators. ◮ Exceptions for safe typecasts (logical

negation).

27 / 40 ∨

SLIDE 83

Security Types for Web Applications Antoine Delignat- Lavaud Introduction

Goals Browser security Our contribution

Review of Host-Proof Web Applications

Host-Proof Application Design Ciphertext Integrity URL Authentication Code/data separation Key management

Defensive JavaScript

Attacks to defend against Type system Applications

Conclusion and Future Work

Attacks to defend against

Source code leaks

The source of functions published to the page is public.

Attack example

✴✴ ❆tt❛❝❦❡r ✇✐♥❞♦✇✳r❡❣✐st❡r❊✈❡♥t▲✐st❡♥❡r ❂ ❢✉♥❝t✐♦♥✭t✱❢✮④st❡❛❧✭❢✰✬✬✮⑥❀ ✴✴ ❯♥s❛❢❡ ❝♦❞❡ ✇✐♥❞♦✇✳r❡❣✐st❡r❊✈❡♥t▲✐st❡♥❡r✭✧♠❡ss❛❣❡✧✱ ❢✉♥❝t✐♦♥✭♠✮ ④ ✐❢✭♠❂❂✧s❡❝r❡t✧✮ ❞♦❆❝t✐♦♥✭✮❀ ⑥ ✮❀

28 / 40 ∨

SLIDE 84

Security Types for Web Applications Antoine Delignat- Lavaud Introduction

Goals Browser security Our contribution

Review of Host-Proof Web Applications

Host-Proof Application Design Ciphertext Integrity URL Authentication Code/data separation Key management

Defensive JavaScript

Attacks to defend against Type system Applications

Conclusion and Future Work

Source code leaks

Solution

Functions posted to the page must be wrapped in a function defined inside a ✇✐t❤ literal: ✇✐t❤✭④❢✿❢✉♥❝t✐♦♥✭♠✮④✐❢✭♠❂❂✧s❡❝r❡t✧✮ ❣✭✮❀⑥⑥✮ r❡❣✐st❡r❊✈❡♥t▲✐st❡♥❡r✭✧♠❡ss❛❣❡✧✱ ❢✉♥❝t✐♦♥✭♠✮④r❡t✉r♥ ❢✭♠✮❀⑥ ✮❀

29 / 40 ∨

SLIDE 85

Security Types for Web Applications Antoine Delignat- Lavaud Introduction

Goals Browser security Our contribution

Review of Host-Proof Web Applications

Host-Proof Application Design Ciphertext Integrity URL Authentication Code/data separation Key management

Defensive JavaScript

Attacks to defend against Type system Applications

Conclusion and Future Work

Attacks to defend against

Prototype poisoning

Accessing or creating a non-literal property can cause calls to prototype functions.

Attack example

✴✴ ❆tt❛❝❦❡r ❖❜❥❡❝t✳♣r♦t♦t②♣❡✳❴❴❞❡❢✐♥❡❙❡tt❡r❴❴✭✧s❡❝r❡t✧✱ ❢✉♥❝t✐♦♥✭✈✮④st❡❛❧✭✈✮❀⑥ ✮❀ ✴✴ ❯♥s❛❢❡ ❝♦❞❡ ✈❛r ♦ ❂ ④⑥❀ ♦✳s❡❝r❡t ❂ ✶✷✸❀

30 / 40 ∨

SLIDE 86

Security Types for Web Applications Antoine Delignat- Lavaud Introduction

Goals Browser security Our contribution

Review of Host-Proof Web Applications

Host-Proof Application Design Ciphertext Integrity URL Authentication Code/data separation Key management

Defensive JavaScript

Attacks to defend against Type system Applications

Conclusion and Future Work

Prototype poisoning

Solution

◮ Completely literal definition of objects and

arrays.

◮ No dynamic accessor (main restriction). ◮ Type inference infers minimal set of property

that must be defined in object.

◮ When applied to literal object, verify object

signatures are compatible.

◮ For arrays, check bounds on length.

31 / 40 ∨

SLIDE 87

Security Types for Web Applications Antoine Delignat- Lavaud Introduction

Goals Browser security Our contribution

Review of Host-Proof Web Applications

Host-Proof Application Design Ciphertext Integrity URL Authentication Code/data separation Key management

Defensive JavaScript

Attacks to defend against Type system Applications

Conclusion and Future Work

Prototype poisoning

Solution

◮ Completely literal definition of objects and

arrays.

◮ No dynamic accessor (main restriction). ◮ Type inference infers minimal set of property

that must be defined in object.

◮ When applied to literal object, verify object

signatures are compatible.

◮ For arrays, check bounds on length.

31 / 40 ∨

SLIDE 88

Security Types for Web Applications Antoine Delignat- Lavaud Introduction

Goals Browser security Our contribution

Review of Host-Proof Web Applications

Host-Proof Application Design Ciphertext Integrity URL Authentication Code/data separation Key management

Defensive JavaScript

Attacks to defend against Type system Applications

Conclusion and Future Work

Prototype poisoning

Solution

◮ Completely literal definition of objects and

arrays.

◮ No dynamic accessor (main restriction). ◮ Type inference infers minimal set of property

that must be defined in object.

◮ When applied to literal object, verify object

signatures are compatible.

◮ For arrays, check bounds on length.

31 / 40 ∨

SLIDE 89

Security Types for Web Applications Antoine Delignat- Lavaud Introduction

Goals Browser security Our contribution

Review of Host-Proof Web Applications

Host-Proof Application Design Ciphertext Integrity URL Authentication Code/data separation Key management

Defensive JavaScript

Attacks to defend against Type system Applications

Conclusion and Future Work

Prototype poisoning

Solution

◮ Completely literal definition of objects and

arrays.

◮ No dynamic accessor (main restriction). ◮ Type inference infers minimal set of property

that must be defined in object.

◮ When applied to literal object, verify object

signatures are compatible.

◮ For arrays, check bounds on length.

31 / 40 ∨

SLIDE 90

Security Types for Web Applications Antoine Delignat- Lavaud Introduction

Goals Browser security Our contribution

Review of Host-Proof Web Applications

Host-Proof Application Design Ciphertext Integrity URL Authentication Code/data separation Key management

Defensive JavaScript

Attacks to defend against Type system Applications

Conclusion and Future Work

Prototype poisoning

Solution

◮ Completely literal definition of objects and

arrays.

◮ No dynamic accessor (main restriction). ◮ Type inference infers minimal set of property

that must be defined in object.

◮ When applied to literal object, verify object

signatures are compatible.

◮ For arrays, check bounds on length.

31 / 40 ∨

SLIDE 91

Security Types for Web Applications Antoine Delignat- Lavaud Introduction

Goals Browser security Our contribution

Review of Host-Proof Web Applications

Host-Proof Application Design Ciphertext Integrity URL Authentication Code/data separation Key management

Defensive JavaScript

Attacks to defend against Type system Applications

Conclusion and Future Work

Attacks to defend against

Functions and methods

A method used outside an object binds t❤✐s to the global object.

Attack example

✴✴ ❯♥s❛❢❡ ❝♦❞❡ ✇✐t❤✭④s❡❝r❡t✿ ✧①✧✱ ❢✿❢✉♥❝t✐♦♥✭✮④t❤✐s✳s❡❝r❡t ❂ ✧②✧⑥⑥✮ ✭❢✉♥❝t✐♦♥✭✮④ ✈❛r ❣ ❂ ❢❀ ❣✭✮⑥✮✭✮❀

32 / 40 ∨

SLIDE 92

Security Types for Web Applications Antoine Delignat- Lavaud Introduction

Goals Browser security Our contribution

Review of Host-Proof Web Applications

Host-Proof Application Design Ciphertext Integrity URL Authentication Code/data separation Key management

Defensive JavaScript

Attacks to defend against Type system Applications

Conclusion and Future Work

Functions and methods

Solution

◮ Two sets of rules for functions and methods (if

t❤✐s is used).

◮ Methods have an an additional condition:

the object in which they are defined must have a signature compatible with the set of properties of t❤✐s used in the function.

◮ Annoying special case for ✇✐t❤-bound

methods.

33 / 40 ∨

SLIDE 93

Security Types for Web Applications Antoine Delignat- Lavaud Introduction

Goals Browser security Our contribution

Review of Host-Proof Web Applications

Host-Proof Application Design Ciphertext Integrity URL Authentication Code/data separation Key management

Defensive JavaScript

Attacks to defend against Type system Applications

Conclusion and Future Work

Functions and methods

Solution

◮ Two sets of rules for functions and methods (if

t❤✐s is used).

◮ Methods have an an additional condition:

the object in which they are defined must have a signature compatible with the set of properties of t❤✐s used in the function.

◮ Annoying special case for ✇✐t❤-bound

methods.

33 / 40 ∨

SLIDE 94

Security Types for Web Applications Antoine Delignat- Lavaud Introduction

Goals Browser security Our contribution

Review of Host-Proof Web Applications

Host-Proof Application Design Ciphertext Integrity URL Authentication Code/data separation Key management

Defensive JavaScript

Attacks to defend against Type system Applications

Conclusion and Future Work

Functions and methods

Solution

◮ Two sets of rules for functions and methods (if

t❤✐s is used).

◮ Methods have an an additional condition:

the object in which they are defined must have a signature compatible with the set of properties of t❤✐s used in the function.

◮ Annoying special case for ✇✐t❤-bound

methods.

33 / 40 ∨

SLIDE 95

Security Types for Web Applications Antoine Delignat- Lavaud Introduction

Goals Browser security Our contribution

Review of Host-Proof Web Applications

Host-Proof Application Design Ciphertext Integrity URL Authentication Code/data separation Key management

Defensive JavaScript

Attacks to defend against Type system Applications

Conclusion and Future Work

Type system

τ ::= number | boolean | string | undefined | α, β Type variable | ˜ τ → τ Arrow | ˜ τ[ρ] → τ Method | [τ]n Final Array | [τ]k Array schema | ρ∗ Final object | ρ Object schema ρ ::= {l1 : τ1, . . . , ln : τn}

34 / 40 ∨

SLIDE 96

Security Types for Web Applications Antoine Delignat- Lavaud Introduction

Goals Browser security Our contribution

Review of Host-Proof Web Applications

Host-Proof Application Design Ciphertext Integrity URL Authentication Code/data separation Key management

Defensive JavaScript

Attacks to defend against Type system Applications

Conclusion and Future Work

Scoping: function rule

Fun

body = (var y1 = e1, . . . ym = em; s; return r) λ = fresh() ˜ α = fresh() ∀j m, Γ, f : λ, ˜ x : ˜ α, (yi : µi)i<j ⊢ ej : µj Γ, f : λ, ˜ x : ˜ α, ˜ y : ˜ µ ⊢ s : undefined; r : τr U(λ, ˜ α → τr) Γ ⊢ function f(˜ x){body} : ˜ α → τr

35 / 40 ∨

SLIDE 97

Security Types for Web Applications Antoine Delignat- Lavaud Introduction

Goals Browser security Our contribution

Review of Host-Proof Web Applications

Host-Proof Application Design Ciphertext Integrity URL Authentication Code/data separation Key management

Defensive JavaScript

Attacks to defend against Type system Applications

Conclusion and Future Work

Object and Array accessors

PropR

τ = fresh() Γ ⊢ e : σ U({l : τ}, σ) Γ ⊢ e.l : τ

ArrR

τ = fresh() Γ ⊢ e : σ U([τ]n+1, σ) Γ ⊢ e[n] : τ

36 / 40 ∨

SLIDE 98

Security Types for Web Applications Antoine Delignat- Lavaud Introduction

Goals Browser security Our contribution

Review of Host-Proof Web Applications

Host-Proof Application Design Ciphertext Integrity URL Authentication Code/data separation Key management

Defensive JavaScript

Attacks to defend against Type system Applications

Conclusion and Future Work

Dynamic accessors

Adding dynamic checks

It’s impossible to program without dynamic array

accessors. We introduce a dynamic check that

can be safely typed: dyn_accessor ::= | (x = @identifier) ‘❬’ expression ‘✫’ @posint ‘✪’ x ‘✳❧❡♥❣t❤ ❪’ | @identifier ‘❬’ expression ‘✫’ @posint ‘❪’ Γ ⊢ x : [τ]1 Γ ⊢ e : int n ∈ N∗ Γ ⊢ x[e&n%x.length] : τ Γ ⊢ x : [τ]n Γ ⊢ e : int n ≡ 0[2] Γ ⊢ x[e&n] : τ

37 / 40 ∨

SLIDE 99

Security Types for Web Applications Antoine Delignat- Lavaud Introduction

Goals Browser security Our contribution

Review of Host-Proof Web Applications

Host-Proof Application Design Ciphertext Integrity URL Authentication Code/data separation Key management

Defensive JavaScript

Attacks to defend against Type system Applications

Conclusion and Future Work

Applications

Implementation

◮ We implemented a JavaScript parser and our

type system in OCaml.

◮ We implemented defensive versions of

HMAC-SHA-256 and AES-256-CBC and ensured that they were well-typed in our system.

◮ We used these primitives to build a safe

version of the LastPass bookmarklet.

38 / 40 ∨

SLIDE 100

Security Types for Web Applications Antoine Delignat- Lavaud Introduction

Goals Browser security Our contribution

Review of Host-Proof Web Applications

Host-Proof Application Design Ciphertext Integrity URL Authentication Code/data separation Key management

Defensive JavaScript

Attacks to defend against Type system Applications

Conclusion and Future Work

Applications

Implementation

◮ We implemented a JavaScript parser and our

type system in OCaml.

◮ We implemented defensive versions of

HMAC-SHA-256 and AES-256-CBC and ensured that they were well-typed in our system.

◮ We used these primitives to build a safe

version of the LastPass bookmarklet.

38 / 40 ∨

SLIDE 101

Security Types for Web Applications Antoine Delignat- Lavaud Introduction

Goals Browser security Our contribution

Review of Host-Proof Web Applications

Host-Proof Application Design Ciphertext Integrity URL Authentication Code/data separation Key management

Defensive JavaScript

Attacks to defend against Type system Applications

Conclusion and Future Work

Applications

Implementation

◮ We implemented a JavaScript parser and our

type system in OCaml.

◮ We implemented defensive versions of

HMAC-SHA-256 and AES-256-CBC and ensured that they were well-typed in our system.

◮ We used these primitives to build a safe

version of the LastPass bookmarklet.

38 / 40 ∨

SLIDE 102

Security Types for Web Applications Antoine Delignat- Lavaud Introduction

Goals Browser security Our contribution

Review of Host-Proof Web Applications

Host-Proof Application Design Ciphertext Integrity URL Authentication Code/data separation Key management

Defensive JavaScript

Attacks to defend against Type system Applications

Conclusion and Future Work

Perspectives

This work is incomplete

We are missing a formal security theorem about

ur type system.

Current problems

◮ Requires a formal semantics of JavaScript. ◮ Existing operational semantics by Sergio

Maffeis lacks features that are critical to the security of our subset (getters and setters).

◮ Other alternatives (λJS, related IBEX results at

Microsoft Research)?

39 / 40 ∨

SLIDE 103

Security Types for Web Applications Antoine Delignat- Lavaud Introduction

Goals Browser security Our contribution

Review of Host-Proof Web Applications

Host-Proof Application Design Ciphertext Integrity URL Authentication Code/data separation Key management

Defensive JavaScript

Attacks to defend against Type system Applications

Conclusion and Future Work

Perspectives

This work is incomplete

We are missing a formal security theorem about

ur type system.

Current problems

◮ Requires a formal semantics of JavaScript. ◮ Existing operational semantics by Sergio

Maffeis lacks features that are critical to the security of our subset (getters and setters).

◮ Other alternatives (λJS, related IBEX results at

Microsoft Research)?

39 / 40 ∨

SLIDE 104

Security Types for Web Applications Antoine Delignat- Lavaud Introduction

Goals Browser security Our contribution

Review of Host-Proof Web Applications

Host-Proof Application Design Ciphertext Integrity URL Authentication Code/data separation Key management

Defensive JavaScript

Attacks to defend against Type system Applications

Conclusion and Future Work

Perspectives

This work is incomplete

We are missing a formal security theorem about

ur type system.

Current problems

◮ Requires a formal semantics of JavaScript. ◮ Existing operational semantics by Sergio

Maffeis lacks features that are critical to the security of our subset (getters and setters).

◮ Other alternatives (λJS, related IBEX results at

Microsoft Research)?

39 / 40 ∨

SLIDE 105

Security Types for Web Applications Antoine Delignat- Lavaud Introduction

Goals Browser security Our contribution

Review of Host-Proof Web Applications

Host-Proof Application Design Ciphertext Integrity URL Authentication Code/data separation Key management

Defensive JavaScript

Attacks to defend against Type system Applications

Conclusion and Future Work

Perspectives

Other extensions

◮ Automatic defensiveness transformation,

automatic exploit generation.

◮ Subset extensions (constructors, dynamic

memory allocation with computational security).

◮ New applications (single sign-on, client-side

auth)

◮ Translation of JavaScript into the WebSpi

model in ProVerif.

40 / 40 ∨

SLIDE 106

Security Types for Web Applications Antoine Delignat- Lavaud Introduction

Goals Browser security Our contribution

Review of Host-Proof Web Applications

Host-Proof Application Design Ciphertext Integrity URL Authentication Code/data separation Key management

Defensive JavaScript

Attacks to defend against Type system Applications

Conclusion and Future Work

Perspectives

Other extensions

◮ Automatic defensiveness transformation,

automatic exploit generation.

◮ Subset extensions (constructors, dynamic

memory allocation with computational security).

◮ New applications (single sign-on, client-side

auth)

◮ Translation of JavaScript into the WebSpi

model in ProVerif.

40 / 40 ∨

SLIDE 107

Security Types for Web Applications Antoine Delignat- Lavaud Introduction

Goals Browser security Our contribution

Review of Host-Proof Web Applications

Host-Proof Application Design Ciphertext Integrity URL Authentication Code/data separation Key management

Defensive JavaScript

Attacks to defend against Type system Applications

Conclusion and Future Work

Perspectives

Other extensions

◮ Automatic defensiveness transformation,

automatic exploit generation.

◮ Subset extensions (constructors, dynamic

memory allocation with computational security).

◮ New applications (single sign-on, client-side

auth)

◮ Translation of JavaScript into the WebSpi

model in ProVerif.

40 / 40 ∨

SLIDE 108

Security Types for Web Applications Antoine Delignat- Lavaud Introduction

Goals Browser security Our contribution

Review of Host-Proof Web Applications

Host-Proof Application Design Ciphertext Integrity URL Authentication Code/data separation Key management