the web of confusion
play

The Web of Confusion Douglas Crockford Yahoo! Inc. - PowerPoint PPT Presentation

Apr 22, 2023 •190 likes •585 views

The Web of Confusion Douglas Crockford Yahoo! Inc. http://crockford.com/codecamp/confusion.ppt Web 2.0 Security and Privacy The problems started in 1995. We have made no progress on the fundamental problems since then. Will the web ever

  1. The Web of Confusion Douglas Crockford Yahoo! Inc. http://crockford.com/codecamp/confusion.ppt

  2. Web 2.0 Security and Privacy The problems started in 1995. We have made no progress on the fundamental problems since then.

  3. Will the web ever reach the Threshold of Goodenoughness? + Discovery of vulnerabilities leads to corrections. + If the rate at which correcting vulnerabilities introduces new vulnerabilities, eventually goodenoughness should be achieved. - Adding new features tends to introduce vulnerabilities at a higher rate: Unintended consequences. - If the fundamental assumptions are faulty, incremental correction never converges onto goodenoughness.

  4. We are compiling an evergrowing corpus of hazards.

  6. Perfection is not an option. It is unreasonable to require developers to have an adequate understanding of the current model.

  7. Is the web too big to fail?

  8. The web came closer to getting it right than everything else.

  9. But first: What goes wrong?

  10. The Standard Mistake "We will add security in 2.0."

  11. The Itty Bitty -ity Committee Quality Modularity Reliability Maintainability Security

  12. Confusion of Cryptography and Security. Digital Living Room

  13. Confusion of Identity and Authority.

  14. Blame the Victim

  15. Confusion of Interest

  16. Confusion of Interest System Mode Computer

  17. Confusion of Interest System Mode User System

  18. Confusion of Interest System Mode User User User System

  19. Confusion of Interest System Mode CP/M MS-DOS MacOS Windows

  20. The system cannot distinguish between the interests of the user and the interests of the program. This mostly works when software is expensive and intentionally installed.

  21. It is not unusual for the purpose or use or scope of software to change over its life. Rarely are the security properties of software systems reexamined in the context of new or evolving missions. This leads to insecure systems.

  22. On the web we have casual, promiscuous, automatic, unintentional installation of programs. The interests of the user and of the program must be distinguished.

  23. The browser successfully distinguishes the interests of the user and the interests of the program.

  24. Confusion of Interest The browser is a significant improvement, able to distinguish the interests of users and sites (usually). System Mode Site Site Site User Browser

  25. But within a page, interests are confused. An ad or a widget or an Ajax library gets the same rights as the site's own scripts.

  26. Turducken

  27. This is not a Web 2.0 problem. All of these problems came with Netscape 2 in 1995.

  28. We are mashing things up. There are many more interested parties represented in the page.

  29. A mashup is a self-inflicted XSS attack. (Advertising is a mashup.)

  30. JavaScript got close to getting it right. A secure dialect is obtainable. ADsafe and Caja leading the way.

  31. ADsafe A system for safe web advertising. http://www.ADsafe.org/

  32. ADsafe • ADsafe is a JavaScript subset that adds capability discipline by deleting features that cause capability leakage. • No global variables or functions may be defined. • No global variables or functions can be accessed except the ADSAFE object. • These words cannot be used: apply arguments call callee caller constructor eval prototype unwatch valueOf watch • Words starting with _ cannot be used. • Use of the [] subscript operator is restricted.

  33. ADsafe DOM Interface • Light weight. • Query-oriented. • Scope of queries is strictly limited to the contents of a widget's <div> . • Guest code cannot get direct access to any DOM node.

  34. The DOM is much less close • But the Ajax libraries are converging on a much better API. • We need to replace the DOM with something that is more portable, more rational, more modular, and safer. • We need to replace the DOM with something that is less complicated, less exceptional, less grotesque.

  35. W3C is moving in the opposite direction HTML5 needs to be reset. Or W3C needs to be abolished.

  36. We need a new security model: Object Capabilities. Robust Composition , Mark Miller http://erights.org/talks/thesis/

  37. Cooperation under mutual suspicion.

  38. We have gone as far as we can go on luck and good intentions. We need, at very long last, to get it right.

  39. Doing this will be very hard. Not doing this will be even harder.

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Pedestrian Pedestrian Pedestrian C Pedestrian C C Crossing confusion rossing confusion

Pedestrian Pedestrian Pedestrian C Pedestrian C C Crossing confusion rossing confusion

Pedestrian Pedestrian Pedestrian C Pedestrian C C Crossing confusion rossing confusion rossing confusion rossing confusion Bevan Woodward Transport Planner Whats happening overseas in countries with far better road safer and higher

312 views • 27 slides
Trademark Law as to source) (are these forms of irrelevant confusion?): Prof. Madison 1.

Trademark Law as to source) (are these forms of irrelevant confusion?): Prof. Madison 1.

Creative confusion theories (other than confusion Trademark Law as to source) (are these forms of irrelevant confusion?): Prof. Madison 1. Initial interest confusion: The defendants (junior) use of the mark attracts consumers to

431 views • 5 slides
Trademark and Unfair Competition Law Slides 19: Surveys &amp; More Confusion LAWS 7341-001

Trademark and Unfair Competition Law Slides 19: Surveys &amp; More Confusion LAWS 7341-001

Trademark and Unfair Competition Law Slides 19: Surveys &amp; More Confusion LAWS 7341-001 Prof. Kristelia Garca Class Outline Consumer Surveys For/Against Confusion Different Types of Confusion: Palming/Passing Off

258 views • 24 slides
LEARNING Outline Confusion Matrix F1 Score Gain and Lift Charts Kolmogorov Smirnov

LEARNING Outline Confusion Matrix F1 Score Gain and Lift Charts Kolmogorov Smirnov

Measuring Performance CSCI 447/547 MACHINE LEARNING Outline Confusion Matrix F1 Score Gain and Lift Charts Kolmogorov Smirnov Chart ROC / AUC Regression Metrics Kappa Statistic Confusion Matrix Confusion Matrix

357 views • 11 slides
Stark Law Stark Law Stark Law Stark Law Making the Confusion Understandable Making the

Stark Law Stark Law Stark Law Stark Law Making the Confusion Understandable Making the

Stark Law Stark Law Stark Law Stark Law Making the Confusion Understandable Making the Confusion Understandable Robert A. Wade Partner Krieg DeVault LLP 4101 Edison Lakes Parkway, Suite 100 Mishawaka, IN 46545 Telephone: 574-485-2002

1.17k views • 112 slides
Trademark Confusion: Proving or Defending Against Infringement Addressing Forward, Reverse,

Trademark Confusion: Proving or Defending Against Infringement Addressing Forward, Reverse,

Presenting a live 90-minute webinar with interactive Q&amp;A Trademark Confusion: Proving or Defending Against Infringement Addressing Forward, Reverse, Initial Interest, Post-Sale and Affiliation Confusion Challenges THURSDAY, JUNE 6, 2013 1pm

1.29k views • 104 slides
Trademark Confusion: Proving or Defending Against Infringement Addressing Forward, Reverse,

Trademark Confusion: Proving or Defending Against Infringement Addressing Forward, Reverse,

Presenting a live 90-minute webinar with interactive Q&amp;A Trademark Confusion: Proving or Defending Against Infringement Addressing Forward, Reverse, Initial Interest, Post-Sale and Affiliation Confusion Challenges THURSDAY, MAY 22, 2014 1pm

1.1k views • 108 slides
Diffusion and Confusion Two properties that a good cryptosystem should have: Diffusion: change of

Diffusion and Confusion Two properties that a good cryptosystem should have: Diffusion: change of

Diffusion and Confusion Two properties that a good cryptosystem should have: Diffusion: change of one character in the plaintext results in several characters changed in the ciphertext Confusion: the key does not relate in a simple way to the

512 views • 6 slides
Visualization for Classification ROC, AUC, Confusion Matrix Mahdi Roozbahani Lecturer,

Visualization for Classification ROC, AUC, Confusion Matrix Mahdi Roozbahani Lecturer,

Class Website CX4242: Visualization for Classification ROC, AUC, Confusion Matrix Mahdi Roozbahani Lecturer, Computational Science and Engineering, Georgia Tech Visualizing Classification Performance Confusion matrix

147 views • 13 slides
Trademark and Unfair Competition Law Slides 18: Confusion-Based Infringement LAWS 7341-001

Trademark and Unfair Competition Law Slides 18: Confusion-Based Infringement LAWS 7341-001

Trademark and Unfair Competition Law Slides 18: Confusion-Based Infringement LAWS 7341-001 Prof. Kristelia Garca Class Outline Likelihood of Confusion Polaroid factors 2 To make a successful claim of trademark infringement, you

369 views • 13 slides
Prevalence of Confusing Code in Software Projects Atoms of Confusion in the Wild Dan Gopstein

Prevalence of Confusing Code in Software Projects Atoms of Confusion in the Wild Dan Gopstein

Prevalence of Confusing Code in Software Projects Atoms of Confusion in the Wild Dan Gopstein NYU Hongwei Henry Zhou, Phyllis Frankl, Justin Cappos AtomsOfConfusion.com 1 Atoms of Confusion in the Wild if ((err =

834 views • 50 slides
Shannons Idea of Confusion and Diffusion The DES, AES and many block ciphers are designed

Shannons Idea of Confusion and Diffusion The DES, AES and many block ciphers are designed

Shannons Idea of Confusion and Diffusion The DES, AES and many block ciphers are designed using Shannons idea of confusion and diffusion. The objectives of this document is to introduce linear and nonlinear functions; and

451 views • 11 slides
Type Confusion: Discovery, Abuse, Protection Mathias Payer, @gannimo http://hexhive.github.io

Type Confusion: Discovery, Abuse, Protection Mathias Payer, @gannimo http://hexhive.github.io

Type Confusion: Discovery, Abuse, Protection Mathias Payer, @gannimo http://hexhive.github.io Type confusion leads to RCE https://en.wikipedia.org/wiki/Pwn2Own Attack surface is huge Google Chrome: 76 MLoC Gnome: 8.6 MLoC Xorg:

676 views • 36 slides
Type Confusion: Discovery, Abuse, Protection Mathias Payer, @gannimo http://hexhive.github.io

Type Confusion: Discovery, Abuse, Protection Mathias Payer, @gannimo http://hexhive.github.io

Type Confusion: Discovery, Abuse, Protection Mathias Payer, @gannimo http://hexhive.github.io Type confusion leads to RCE Attack surface is huge Google Chrome: 76 MLoC Gnome: 9 MLoC Xorg: 1 MLoC glibc: 2 MLoC Linux

684 views • 43 slides
Indifferentiability of Confusion- Diffusion Networks Yevgeniy Dodis (NYU), Martijn Stam

Indifferentiability of Confusion- Diffusion Networks Yevgeniy Dodis (NYU), Martijn Stam

Indifferentiability of Confusion- Diffusion Networks Yevgeniy Dodis (NYU), Martijn Stam (Bristol), John Steinberger (Tsinghua), Tianren Liu (MIT) Wednesday, May 11, 16 Indifferentiability of Confusion- Diffusion Networks Yevgeniy Dodis (NYU),

1.23k views • 77 slides
Confusion and Old Age: A Practical Approach to Diagnosis and Management DR. SHAH MD, MPH

Confusion and Old Age: A Practical Approach to Diagnosis and Management DR. SHAH MD, MPH

Confusion and Old Age: A Practical Approach to Diagnosis and Management DR. SHAH MD, MPH DIRECTOR OF PALLIATIVE CARE BROADLAWNS MEDICAL CENTER Relevant to the content of this educational activity, I do not have any relationships with

1.07k views • 83 slides
The Future of JavaScript I mean ECMAScript Douglas Crockford Yahoo! Welcome to the Future!

The Future of JavaScript I mean ECMAScript Douglas Crockford Yahoo! Welcome to the Future!

The Future of JavaScript I mean ECMAScript Douglas Crockford Yahoo! Welcome to the Future! Such as it is. The Worlds Most Popular Programming Language The Worlds Most Popular Programming Language The Worlds Most Unpopular

716 views • 58 slides
Gulfstream Staged Sta4c Analysis for Streaming JavaScript Applica4ons

Gulfstream Staged Sta4c Analysis for Streaming JavaScript Applica4ons

Gulfstream Staged Sta4c Analysis for Streaming JavaScript Applica4ons Salvatore Guarnieri Ben Livshits University of Washington Microso3 Research Web applica4on

661 views • 27 slides
ADsafety Type-based Verification of JavaScript Sandboxing Joe Gibbs Politz Spiridon Aristides

ADsafety Type-based Verification of JavaScript Sandboxing Joe Gibbs Politz Spiridon Aristides

ADsafety Type-based Verification of JavaScript Sandboxing Joe Gibbs Politz Spiridon Aristides Eliopoulos Arjun Guha Shriram Krishnamurthi 1 2 3 third-party ad third-party ad 4 Who is running code in your browser? 5 Who is running

1.26k views • 95 slides
Analysing Object-Capability Security Toby Murray Oxford University Computing Laboratory

Analysing Object-Capability Security Toby Murray Oxford University Computing Laboratory

Analysing Object-Capability Security 01 Analysing Object-Capability Security Toby Murray Oxford University Computing Laboratory Analysing Object-Capability Security 02 Cooperation and Vulnerability Much of the power and utility of modern

542 views • 50 slides
JavaScript Security: Lets Fix It Brendan Eich CTO, Mozilla Corporation (We could bundle it)

JavaScript Security: Lets Fix It Brendan Eich CTO, Mozilla Corporation (We could bundle it)

JavaScript Security: Lets Fix It Brendan Eich CTO, Mozilla Corporation (We could bundle it) bugs to fix &lt;script&gt; injection: perl.com pr0n.com (http://radar.oreilly.com/2008/01/dangers-of-remote-javascript.html) lure.org

345 views • 17 slides
A Widely Used Machine Translation Service and its Migration to a Free/Open-Source Solution: the

A Widely Used Machine Translation Service and its Migration to a Free/Open-Source Solution: the

A Widely Used Machine Translation Service and its Migration to a Free/Open-Source Solution: the Case of Softcatal Xavier Ivars-Ribes Victor M. Snchez-Cartagena II FreeRBMT (Barcelona) January 21, 2011 Table of Contents Brief History of

417 views • 23 slides
Verify what? Navigating the Attack Surface Mark S. Miller, Google Formal Methods meets JavaScript

Verify what? Navigating the Attack Surface Mark S. Miller, Google Formal Methods meets JavaScript

Verify what? Navigating the Attack Surface Mark S. Miller, Google Formal Methods meets JavaScript Imperial College, March 2018 Risk as Attack Surface a Expected Risk: likelihood * damage Potential damage Likelihood of exploitable

592 views • 48 slides
Object Capabilities and Isolation of Untrusted Web Applications Ankur Taly Dept. of Computer

Object Capabilities and Isolation of Untrusted Web Applications Ankur Taly Dept. of Computer

Isolation problem for Web Mashups Formal definition of Capability Safe languages Solving the Isolation problem using Capabilit Object Capabilities and Isolation of Untrusted Web Applications Ankur Taly Dept. of Computer Science, Stanford

1.01k views • 43 slides

More recommend