Presentation is loading. Please wait.

Presentation is loading. Please wait.

Sanzaru Capability-Based Interactions for Web Applications Raluca Sauciuc Shaunak Chatterjee University of California, Berkeley Motivation Limitations.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "Sanzaru Capability-Based Interactions for Web Applications Raluca Sauciuc Shaunak Chatterjee University of California, Berkeley Motivation Limitations."— Presentation transcript:

1 Sanzaru Capability-Based Interactions for Web Applications Raluca Sauciuc Shaunak Chatterjee University of California, Berkeley Motivation Limitations of Single-Origin Policy - Better suited for early client-server web architecture, mostly static web content - Current shift towards more distributed architectures (e.g. P2P systems), RIAs No fine-grained access control - All or nothing! Capabilities are an old and elegant concept but rarely used in real-world applications - Combine designation with authorization More on Capabilities A capability is a communicable, unforgeable token of authority It represents a reference to an object along with an associated set of access rights Example: int fd = open("/etc/passwd", O_RDWR); - File descriptor, fd, is a capability since its presence in the process’s file descriptor table legitimizes access Capabilities can be shared or passed around CS 261: Computer Security, Fall 2008 CS 262A: Advanced Topics in Computer Systems, Fall 2008 CS 261: Computer Security, Fall 2008 CS 262A: Advanced Topics in Computer Systems, Fall 2008 http://steppenwolf.cs.berkeley.edu/cs261 Applet Extension White-list Capabilities Identity + op Applet Extension White-list Capabilities Granted Denied Capability Applet Extension White-list Capabilities Granted Denied Capability-2 + Data Capability-1 + Data Match found No match found File-1File-2 Match found Step 1: Transaction Initiation Initiation Request sent - Identity of applet - Intended operation (e.g. read/write) Identity of applet source checked with list of friendly sites (White-list DB table) Step 2: Capability granted Request denied if identity not found Otherwise, request granted - A new capability created from hashing a random number (hence unforgeable) - Also, a read/write stream is opened with the particular file This capability is sent back to the requesting applet as a token of authorization and designation Step 3: Capability-enabled Transaction Transaction is allowed only if accompanied by valid capability Valid transaction can read or write to the file initially requested for Extension acts as File Access Control Manager File-1File-2 File-1File-2 Related Work Protection in Programming Languages - Information hiding based on Abstract Data Types - Modular composition to enable local reasoning - Joe-E: capability-secure subset of Java - CaJa: capability-secure subset of JavaScript Arrows or monads for secure information flow - Abstraction of control flow statically verifiable Conclusion and Future Work: Promising first prototype – A step towards the evolution of the browser as the OS for web apps Asynchronous I/O and a thread-pool in the extension (will result in performance benefits when web apps become I/O bound) Handle more usability issues – GUI improvement for policy management, machine learning for white-list maintenance Limitations Firefox extension APIs impose serialization restrictions on DB access - Effectively single-threaded access because of SQLite caching JavaScript is single-threaded - Synchronous I/O may become a bottleneck - Solution is to have a thread pool for I/O in the extension and use an asynchronous style (“applet waits for completion event”) Project Objectives Overcome the limitations currently imposed on web applications - Single origin policy, local device access, etc. - Accomplish this in a secure manner Use capabilities to implement fine-grained access control Overall design should be able to accommodate various policies for Access Control List (ACL) management Performance optimizations and fault tolerance Schematic for Applet File I/O on Client Machine Implementation A Firefox extension (Sanzaru) was implemented to act as the interface between web apps and native devices - Handles JS library requests (file I/O, network I/O) - Expresses policies with access control lists - Generates capabilities based on ACLs Java Applets were chosen as web applications Alternately, a proxy could have been used instead of the browser extension – but this would have performance limitations Architecture Overview Firefox Extension + Thin JS library Web Apps Java, JS, Flash etc Trusted Browser Components

Download ppt "Sanzaru Capability-Based Interactions for Web Applications Raluca Sauciuc Shaunak Chatterjee University of California, Berkeley Motivation Limitations."

Similar presentations

Netscape Application Server Application Server for Business-Critical Applications Presented By : Khalid Ahmed DS 520 - Fall 98.

Netscape Application Server Application Server for Business-Critical Applications Presented By : Khalid Ahmed DS Fall 98.
6/4/2015Page 1 Enterprise Service Bus (ESB) B. Ramamurthy.

6/4/2015Page 1 Enterprise Service Bus (ESB) B. Ramamurthy.
Technical Architectures

Technical Architectures
Notes to the presenter. I would like to thank Jim Waldo, Jon Bostrom, and Dennis Govoni. They helped me put this presentation together for the field.

Notes to the presenter. I would like to thank Jim Waldo, Jon Bostrom, and Dennis Govoni. They helped me put this presentation together for the field.
1 CS 502: Computing Methods for Digital Libraries Lecture 22 Web browsers.

1 CS 502: Computing Methods for Digital Libraries Lecture 22 Web browsers.
CSE331: Introduction to Networks and Security Lecture 28 Fall 2002.

CSE331: Introduction to Networks and Security Lecture 28 Fall 2002.
CS533 Concepts of Operating Systems Class 20 Summary.

CS533 Concepts of Operating Systems Class 20 Summary.
Extensible Scalable Monitoring for Clusters of Computers Eric Anderson U.C. Berkeley Summer 1997 NOW Retreat.

Extensible Scalable Monitoring for Clusters of Computers Eric Anderson U.C. Berkeley Summer 1997 NOW Retreat.
OS Spring’03 Introduction Operating Systems Spring 2003.

OS Spring’03 Introduction Operating Systems Spring 2003.
EEC-681/781 Distributed Computing Systems Lecture 3 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University

EEC-681/781 Distributed Computing Systems Lecture 3 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University
CS 5150 1 CS 5150 Software Engineering Lecture 13 System Architecture and Design 1.

CS CS 5150 Software Engineering Lecture 13 System Architecture and Design 1.
CS 5150 1 CS 5150 Software Engineering Lecture 13 System Architecture and Design 1.

CS CS 5150 Software Engineering Lecture 13 System Architecture and Design 1.
Figure 1.1 Interaction between applications and the operating system.

Figure 1.1 Interaction between applications and the operating system.
Course Map The Java Programming Language Basics Object-Oriented Programming Exception Handling Graphical User Interfaces and Applets Multithreading Communications.

Course Map The Java Programming Language Basics Object-Oriented Programming Exception Handling Graphical User Interfaces and Applets Multithreading Communications.
J2EE Java 2 Enterprise Edition. Relevant Topics in The Java Tutorial Topic Web Page JDBC orial/jdbc

J2EE Java 2 Enterprise Edition. Relevant Topics in The Java Tutorial Topic Web Page JDBC orial/jdbc
Distributed Systems: Client/Server Computing

Distributed Systems: Client/Server Computing
 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.

 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.
Web Application Architecture: multi-tier (2-tier, 3-tier) & mvc

Web Application Architecture: multi-tier (2-tier, 3-tier) & mvc
Client/Server Architectures

Client/Server Architectures
Windows.Net Programming Series Preview. Course Schedule - 2014 CourseDate Microsoft.Net Fundamentals 01/13/2014 Microsoft Windows/Web Fundamentals 01/20/2014.

Windows.Net Programming Series Preview. Course Schedule CourseDate Microsoft.Net Fundamentals 01/13/2014 Microsoft Windows/Web Fundamentals 01/20/2014.

Similar presentations

Ads by Google