Presentation is loading. Please wait.

Presentation is loading. Please wait.

Update on MIT-LL Integration Bill Harris and Rich Joiner.

Published byEvelyn Robbins Modified over 8 years ago

Similar presentations

Presentation on theme: "Update on MIT-LL Integration Bill Harris and Rich Joiner."— Presentation transcript:

1 Update on MIT-LL Integration Bill Harris and Rich Joiner

2 Schedule: JAM Deliverables: ◦ Policy for Secure Note application ◦ JAM weaver ◦ Chrome browser modified for enforcement Weaver/policy delivery planned for 9/3. Enforcement delivery planned for 9/10.

3 Application: Secure Note Written by MIT-LL crew Code comprises ◦ SNote application logic ◦ Midori UI library ◦ Google AES encryption library http://snote/SNoteSwindler.html

4 Policy Read-only, write-once for display elements Write-only, read-once for input elements

5 Policy state machine a: set(%x.textContent) && %x.className === “non-editable” 0 1 f: set(%x.textContent) && %x.className === “read-only” b: set(%x.innerHTML) && %x.className === “non-editable” e: set(%x.textContent) && %x.className === “read-only” c: get(%x.textContent) && %x.className === “destructive-read” h: get(%x.textContent) && %x.className === “write-only” d: get(%x.innerHTML) && %x.className === “destructive-read” g: get(%x.textContent) && %x.className === “write-only” 2 a|b e|f|g|h c|d

6 Policy specification 0,2: set(%x.textContent) && %x.className === "non-editable" 2,-1: set(%x.innerHTML) && %x.className === "non-editable" 0,2: set(%x.innerHTML) && %x.className === "non-editable" 2,-1: set(%x.textContent) && %x.className === "non-editable" 0,-1: set(%x.innerHTML) && %x.className === "read-only“ 0,-1: set(%x.textContent) && %x.className === "read-only" 0,1: get(%x.textContent) && %x.className === "destructive-read" 1,-1: get(%x.textContent) && %x.className === "destructive-read" 0,1: get(%x.innerHTML) && %x.className === "destructive-read" 1,-1: get(%x.innerHTML) && %x.className === "destructive-read" 0,-1: get(%x.textContent) && %x.className === "write-only" 0,-1: get(%x.innerHTML) && %x.className === "write-only"

7 JAM Weaver To be delivered as a virtual machine image ◦ Compiled JAM binaries ◦ Test cases ◦ Script to download and install dependencies ◦ Documentation  Policy specification language  General usage  Current limitations

8

9 Enforcement Checks are evaluated at runtime in an isolated forked process JavaScript native functions added to trigger the fork and evaluate policy predicates To be delivered as a stand-alone Chrome binary built on FreeBSD 9.

10

11 CapWeave in the CRASH System 1. Overview of CapWeave usage 2. Sketch of our approach 3. Discuss deliverables, requirements

12

13

14

15 CapWeave Usage CRASH server generates web content by running php scripts CRASH team defines policy for all php scripts CRASH team applies CapWeave to rewrite php interpreter to enforce policy

16 php workflow php filesystem web_script.cgi web content

17 php Requirements 1. Whitelist of system libs: read-only 2. php, MediaWiki config. files: read-only 3. MediaWiki php scripts: read-only 4. MediaWiki skin files: read-only 5. Scratch directories (e.g., /tmp): read- write 6. Sockets to database server: read-write

18 CapWeave in the CRASH System 1. Overview of CapWeave usage 2. Sketch of our approach 3. Discuss deliverables, requirements

19 UW Challenges 1. Express requirements in policy language 2. Rewrite/weave the php to satisfy the policy

20 int shim_open(char* path, int mode) { int fd = open(path, mode); if (sat_req_1(path)) { cw_act(0); } if (sat_req_2(path)) { … } return fd; } A Shim for open()

21 Requirement 1 Policy (* requirement 1 policy: *) let not_fd_read = … in any_act*. (cw_act 0). (any_prog_act with not_fd_read)

22 int shim_open(char* path, int mode) { int fd = open(path, mode); if (sat_req_1(path)) { cw_act(0); lc_limitfd(fd, CAP_READ); } if (sat_req_2(path)) { … } return fd; } A Weaved shim_open()

23 CapWeave in the CRASH System 1. Overview of CapWeave usage 2. Sketch of our approach 3. Discuss deliverables, requirements

24 Requirements Decision functions for each requirement E.g.: ◦ int is_whitelist_sys_lib(char* path) ◦ int is_mediawiki_config(char* path)

25 Deliverables Policy regex text file Capsicum 9 VMWare image with weaved php ◦ Capsicum team recently posted a working Capsicum VMWare image

26 Extra Slides

27

28

29

Download ppt "Update on MIT-LL Integration Bill Harris and Rich Joiner."

Similar presentations

JavaScript FaaDoOEngineers.com FaaDoOEngineers.com.

JavaScript FaaDoOEngineers.com FaaDoOEngineers.com.
Java Script Session1 INTRODUCTION.

Java Script Session1 INTRODUCTION.
Copyright © 2012 Certification Partners, LLC -- All Rights Reserved Lesson 4: Web Browsing.

Copyright © 2012 Certification Partners, LLC -- All Rights Reserved Lesson 4: Web Browsing.
Test Automation Framework Ashesh Jain 2007EE50403 Manager Amit Maheshwari.

Test Automation Framework Ashesh Jain 2007EE50403 Manager Amit Maheshwari.
Lesson 4: Web Browsing.

Lesson 4: Web Browsing.
INSTALLATION OF WORDPRESS. WORDPRESS WordPress is an open source CMS, often used as a blog publishing application powered by PHP and MySQL. It has many.

INSTALLATION OF WORDPRESS. WORDPRESS WordPress is an open source CMS, often used as a blog publishing application powered by PHP and MySQL. It has many.
Web applications. Javascript. Web 2.0: The dynamic, read-write web UC Santa Cruz CMPS 10 – Introduction to Computer Science www.soe.ucsc.edu/classes/cmps010/Spring11.

Web applications. Javascript. Web 2.0: The dynamic, read-write web UC Santa Cruz CMPS 10 – Introduction to Computer Science
Multiple Tiers in Action

Multiple Tiers in Action
Bending Binary Programs to your Will Rajeev Barua.

Bending Binary Programs to your Will Rajeev Barua.
Reference and Instruction Automated Statistics Gathering and Reporting System Members: Patrick Chen (pyc7) Soo-Yung Cho (sc444) Gregg Herlacher (gah24)

Reference and Instruction Automated Statistics Gathering and Reporting System Members: Patrick Chen (pyc7) Soo-Yung Cho (sc444) Gregg Herlacher (gah24)
4 Copyright © 2004, Oracle. All rights reserved. Creating a Basic Form Module.

4 Copyright © 2004, Oracle. All rights reserved. Creating a Basic Form Module.
Computer Science 101 Web Access to Databases Overview of Web Access to Databases.

Computer Science 101 Web Access to Databases Overview of Web Access to Databases.
Presented by Mina Haratiannezhadi 1.  publishing, editing and modifying content  maintenance  central interface  manage workflows 2.

Presented by Mina Haratiannezhadi 1.  publishing, editing and modifying content  maintenance  central interface  manage workflows 2.
Web Integration to an Appx Backend Server. Unix web servers + CGI Win2K web servers + ASP Win2K web servers + ODBC Processing requests Generating HTML.

Web Integration to an Appx Backend Server. Unix web servers + CGI Win2K web servers + ASP Win2K web servers + ODBC Processing requests Generating HTML.
WHAT IS PHP PHP is an HTML-embedded scripting language primarily used for dynamic Web applications.

WHAT IS PHP PHP is an HTML-embedded scripting language primarily used for dynamic Web applications.
PHP and MySQL Week#1  Course Plan.  Introduction to Dynamic Web Content.  Setting Up Development Server Eng. Mohamed Ahmed Black 1.

PHP and MySQL Week#1  Course Plan.  Introduction to Dynamic Web Content.  Setting Up Development Server Eng. Mohamed Ahmed Black 1.
Overview of JSP Technology. The need of JSP With servlets, it is easy to – Read form data – Read HTTP request headers – Set HTTP status codes and response.

Overview of JSP Technology. The need of JSP With servlets, it is easy to – Read form data – Read HTTP request headers – Set HTTP status codes and response.
DAT602 Database Application Development Lecture 15 Java Server Pages Part 1.

DAT602 Database Application Development Lecture 15 Java Server Pages Part 1.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 13 Slide 1 Application architectures.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 13 Slide 1 Application architectures.
Introduction to Java CSIS 3701: Advanced Object Oriented Programming.

Introduction to Java CSIS 3701: Advanced Object Oriented Programming.

Similar presentations

Ads by Google