the browser as a secure platform
play

The Browser as a Secure Platform for Loosely Coupled, Private-Data - PowerPoint PPT Presentation

Aug 19, 2023 •560 likes •745 views

The Browser as a Secure Platform for Loosely Coupled, Private-Data Mashups Ben Adida C enter for R esearch on C omputation and S ociety Harvard University 24 May 2007 web mashups : interesting combinations. Aggressive web 2.0

  1. The Browser as a Secure Platform for Loosely Coupled, Private-Data Mashups Ben Adida C enter for R esearch on C omputation and S ociety Harvard University 24 May 2007

  2. web mashups : interesting combinations.

  3. Aggressive “web 2.0” development will continue. Can we make the browser a better platform?

  4. Service #1 Service #2 • mashup service selects Mashup which sources to combine. Service • all data flows through the mashup service. • (most of) mashup logic on the mashup server. great for public data services

  5. web applications increasingly manage private data

  6. Mashup Service #1 Service #2 Service • authentication handled independently by each service • no data flows through the mashup service • logic runs in the browser. more interesting for private data.

  7. Mashup Service Service #1 Service #2 • Service #2 is “injected” into Service #1 • loose coupling : Service #2 doesn’t necessarily know about Service #1 ahead of time. • using a bookmarklet or a browser extension

  8. del.icio.us

  12. Problems • bookmarklet runs in current page’s context unstable API - bad for stability and security. • bookmarklet limited to on-the-fly downloads vulnerable to pharming attacks. • extension has full control over all browsing requires significant trust in extension!

  13. Suggested Enhancements

  14. 1. JavaScript Isolation with_cleanslate { // access DOM // call standard JavaScript API // ... }

  15. 2. Fine-Grained Permissions • Limited Awakening: extension takes control only when the user invokes it. • Limited Network Access: extension can access only hosts on which it is invoked.

  16. 3. Metadata-Mediated Extensions • web services contain structured data. • the data type triggers 1a 1b 1c Service #2 the appropriate extension. structured data • the extension can contact (microformat, RDFa,...) its own web-based service. • (extension may not even need to contact 1a, 1b, 1c.) watch for the Operator FF Extension

  17. Browser = Platform • Isolation • Fine-Grained Permissions • Structured Data for Inter-Application Communication Enhancements are backwards-compatible with today’s web

  18. http://flickr.com/photos/hollywoodpoodle/373053089/ Questions? http://ben.adida.net/presentations/

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

GWT-Gears The Browser is the Platform The Browser is the Platform Didier Girard

GWT-Gears The Browser is the Platform The Browser is the Platform Didier Girard

GWT-Gears The Browser is the Platform The Browser is the Platform Didier Girard girard.d@sfeir.com Sfeir CTO Member of OSSGTP Before starting, some questions Who knows javascript ? Who is a javascript expert ? Who knows java ?

1.57k views • 93 slides
Run Any Software in a Browser NVIDIA GTC, April 7, 2016 What is Frame? Frame is a secure cloud

Run Any Software in a Browser NVIDIA GTC, April 7, 2016 What is Frame? Frame is a secure cloud

Run Any Software in a Browser NVIDIA GTC, April 7, 2016 What is Frame? Frame is a secure cloud platform that lets organizations deliver amazing experiences and workflows to users on all connected devices . Pixels user input Confidential Why

540 views • 21 slides
Corey Clark PhD Daniel Montgomery Web Dev Platform Cross Cross Platform Browser HTML5 Web

Corey Clark PhD Daniel Montgomery Web Dev Platform Cross Cross Platform Browser HTML5 Web

Corey Clark PhD Daniel Montgomery Web Dev Platform Cross Cross Platform Browser HTML5 Web Web WebGL Socket Worker Optimized Parallel Hardware Communication Acceleration Processing Channel Web Workers JaHOVA OS Internal APIs

957 views • 38 slides
Requirements for Secure Device Authentication Iden&ty in the browser

Requirements for Secure Device Authentication Iden&ty in the browser

Requirements for Secure Device Authentication Iden&ty in the browser workshop, 24-25 May 2011, Mountain View Mark Watson, Mitch Zollinger, Wesley Miaw 1

327 views • 9 slides
Network and Information Security (NIS) Platform WG3 Secure ICT Research & Innovation Fabio

Network and Information Security (NIS) Platform WG3 Secure ICT Research & Innovation Fabio

Network and Information Security (NIS) Platform WG3 Secure ICT Research & Innovation Fabio Martinelli CNR Raul Riesco Granadino INCIBE (Chairs) NIS Platform WG3 Secure ICT Research & Innovation Outline WG3 Main deliverables

392 views • 17 slides
jsprobes cross-platform browser instrumentation using JavaScript Brian Burg (@brrian /

jsprobes cross-platform browser instrumentation using JavaScript Brian Burg (@brrian /

jsprobes cross-platform browser instrumentation using JavaScript Brian Burg (@brrian / burg@cs.uw.edu) Background: browser research template 1 2 3

781 views • 23 slides
Virtels Browser -Based 3270 Terminal Emulation Working from Home: Virtels Secure 3270 TE

Virtels Browser -Based 3270 Terminal Emulation Working from Home: Virtels Secure 3270 TE

Webinar Working from Home with Virtels Browser -Based 3270 Terminal Emulation Working from Home: Virtels Secure 3270 TE Limited Time Offer Shelter-in-place Plan Our Offer Everyone works from home Virtel Web Access = browser-based

219 views • 21 slides
Student Presentation WHO ARE TURBULENZ? US 1 A revolutionary new gaming platform based entirely

Student Presentation WHO ARE TURBULENZ? US 1 A revolutionary new gaming platform based entirely

Student Presentation WHO ARE TURBULENZ? US 1 A revolutionary new gaming platform based entirely in the browser. 2 One of the fastest growing gaming technology companies in the world. 2011 PUBLIC LAUNCH A new generation of browser games

434 views • 7 slides
Google Chrome The Invisible Browser Ben Goodger Tech Lead, User Interface Google Inc.

Google Chrome The Invisible Browser Ben Goodger Tech Lead, User Interface Google Inc.

Google Chrome The Invisible Browser Ben Goodger Tech Lead, User Interface Google Inc. Beginnings A new browser... a new opportunity A modern platform for web applications Objective: An Invisible Browser Deliver a transparent experience:

557 views • 9 slides
Secure Web Applications with AWA Stphane Carrez FOSDEM 2019 What is a Web Application

Secure Web Applications with AWA Stphane Carrez FOSDEM 2019 What is a Web Application

Secure Web Applications with AWA Stphane Carrez FOSDEM 2019 What is a Web Application Client server program with browser as client Examples: Gmail, Dropbox, Netflix, Zoho,... Server Server Database Client Front Back Browser End

1.09k views • 34 slides
SECURE ENTERPRISE MOBILITY CONTENT PLATFORM AGENDA About us Solution overview

SECURE ENTERPRISE MOBILITY CONTENT PLATFORM AGENDA About us Solution overview

ANY DEVICE ANY STORAGE ONE PLATFORM SECURE ENTERPRISE MOBILITY CONTENT PLATFORM AGENDA About us Solution overview Supported platforms Use cases Contacts ABOUT US ABOUT CLOUDFUZE CloudFuze Inc. Founded in 2012 Based in

655 views • 24 slides
Browser as Renderer W3C Paris, 2013 Adam Hyde Book Sprint Facilitator, Platform Designer

Browser as Renderer W3C Paris, 2013 Adam Hyde Book Sprint Facilitator, Platform Designer

Browser as Renderer W3C Paris, 2013 Adam Hyde Book Sprint Facilitator, Platform Designer www.adamhyde.net www.adamhyde.net Browser as Renderer www.adamhyde.net Browser as Renderer Book Sprints, zero to book in 3-5 days

225 views • 9 slides
A Secure Architecture for Untrusted Web Browser Plugins Achim Weimert SECT/TU-Berlin March 18,

A Secure Architecture for Untrusted Web Browser Plugins Achim Weimert SECT/TU-Berlin March 18,

A Secure Architecture for Untrusted Web Browser Plugins Achim Weimert SECT/TU-Berlin March 18, 2011 Achim Weimert (SECT/TU-Berlin) Web Browser Plugin Architecture March 18, 2011 1 / 21 Outline Introduction 1 Design 2 3 Implementation

424 views • 24 slides
Secure Data Sharing and Distribution Platform for Integrated Big Data Utilization - Handling all

Secure Data Sharing and Distribution Platform for Integrated Big Data Utilization - Handling all

Secure Data Sharing and Distribution Platform for Integrated Big Data Utilization Oct.2015-Mar.2021 funded by Japan Science and Technology Agency Secure Data Sharing and Distribution Platform for Integrated Big Data Utilization - Handling all

312 views • 17 slides
The Multi-Principal OS Construction of the Gazelle Web Browser Helen J. Wang, Chris Grier, Alex

The Multi-Principal OS Construction of the Gazelle Web Browser Helen J. Wang, Chris Grier, Alex

The Multi-Principal OS Construction of the Gazelle Web Browser Helen J. Wang, Chris Grier, Alex Moshchuk, Sam King, Piali Choudhury, Herman Venter Browser as an application platform Single stop for many computing needs banking,

850 views • 30 slides
Securing The Web Browser Keeping the Phish in the Sea What is Wrong With This? Where to Begin?

Securing The Web Browser Keeping the Phish in the Sea What is Wrong With This? Where to Begin?

Securing The Web Browser Keeping the Phish in the Sea What is Wrong With This? Where to Begin? Security indicator only in the content region Notice that it is used for personal data that should be secure No access to the location or

933 views • 21 slides
Modelling Dependence with Copulas and Applications to Risk Management Filip Lindskog, RiskLab,

Modelling Dependence with Copulas and Applications to Risk Management Filip Lindskog, RiskLab,

Modelling Dependence with Copulas and Applications to Risk Management Filip Lindskog, RiskLab, ETH Z urich 02-07-2000 Home page: http://www.math.ethz.ch/ lindskog E-mail: lindskog@math.ethz.ch RiskLab: http://www.risklab.ch Copula

816 views • 35 slides
Estimating risk Maximilian Kasy Department of Economics, Harvard University May 4, 2018 1 / 17

Estimating risk Maximilian Kasy Department of Economics, Harvard University May 4, 2018 1 / 17

Estimating risk Estimating risk Maximilian Kasy Department of Economics, Harvard University May 4, 2018 1 / 17 Estimating risk Introduction Introduction Some of the topics about which I learned from Gary: The normal means model.

554 views • 17 slides
1 BP treatment for up to 5 years: Treatment Beyond 5 Years the Bottom Line Benefits for BP

1 BP treatment for up to 5 years: Treatment Beyond 5 Years the Bottom Line Benefits for BP

Financial Disclosures Controversies in Long Term Osteoporosis Treatment - Advisory Boards or consulting: Radius , Amgen, Merck Dennis M. Black, PhD Dept. of Epidemiology and Biostatistics - Research Grants UCSF Alexion, Asahi-Kasei 2 *

189 views • 7 slides
Orientations of Planar Graphs Doc-Course Bellaterra March 11, 2009 Stefan Felsner Technische

Orientations of Planar Graphs Doc-Course Bellaterra March 11, 2009 Stefan Felsner Technische

Orientations of Planar Graphs Doc-Course Bellaterra March 11, 2009 Stefan Felsner Technische Universit at Berlin felsner@math.tu-berlin.de Topics -Orientations Sample Applications Counting I: Bounds Counting II: Exact Lattices

801 views • 79 slides
Th The Boll ll Weevil vil In 1892 a great deal of attention both national and local was

Th The Boll ll Weevil vil In 1892 a great deal of attention both national and local was

Th The Boll ll Weevil vil In 1892 a great deal of attention both national and local was focused on the South when the boll weevil arrived in the US from Mexico. This insect pest started to attack the cotton fields of Texas, wiping out

497 views • 38 slides
Sequence Data Continuous Aggregates Distance-based sampling Transformation-based

Sequence Data Continuous Aggregates Distance-based sampling Transformation-based

Sequence Data Continuous Aggregates Distance-based sampling Transformation-based Model-based filtering and sampling Frequent sequential patterns CS573 Data Privacy and Security Differential Privacy Sequence Data Li Xiong

595 views • 41 slides
Extending Cloud Foundry with new Services #cloudcredo #cloudfoundry 4832 Roadmap What is

Extending Cloud Foundry with new Services #cloudcredo #cloudfoundry 4832 Roadmap What is

Extending Cloud Foundry with new Services #cloudcredo #cloudfoundry 4832 Roadmap What is Cloud Foundry? Why would I want one? Your PaaS should be hackable Extending with new Services The Future 4832 Why Cloud

452 views • 27 slides
Peer Review Professional Development of Academic Teaching Staff in the Netherlands Setting a

Peer Review Professional Development of Academic Teaching Staff in the Netherlands Setting a

Peer Review Professional Development of Academic Teaching Staff in the Netherlands Setting a benchmark for further improvements Riekje de Jong Jaap Mulder Impression peer review conference in the Netherlands, June 2017 Structure

558 views • 20 slides

More recommend