Presentation is loading. Please wait.

Presentation is loading. Please wait.

IBM Research © 2006 IBM Corporation Mashup Component Isolation via Server-Side Analysis and Instrumentation K. Vikram / Cornell University Michael Steiner/

Published byAlexandra Parrish Modified over 11 years ago

Similar presentations

Presentation on theme: "IBM Research © 2006 IBM Corporation Mashup Component Isolation via Server-Side Analysis and Instrumentation K. Vikram / Cornell University Michael Steiner/"— Presentation transcript:

1 IBM Research © 2006 IBM Corporation Mashup Component Isolation via Server-Side Analysis and Instrumentation K. Vikram / Cornell University Michael Steiner/ IBM T.J. Watson Research Center

2 Research © 2006 IBM Corporation

3 Research © 2006 IBM Corporation Ways of Interference.. JavaScript –DOM objects & events, library and runtime objects, … HTML –Split/wrap attack,, … Credentials –CSRF, … UI –Phishing ….

4 Research © 2006 IBM Corporation Needed: Isolation Isolated & authentifiable component as foundation –Fine-granular Same-origin does not really cut it …. –Isolate & hide DOM sub tree JS sub-namespace & browser resources (cookies) –Limited component-authenticated back-end communication Data-services only Component-to-component communication built on top –Async & restricted type (JSON) –Information-hiding useful for aspects other than security …

5 Research © 2006 IBM Corporation Our Approach Mashup Server c2c2 c1c1 U1U1 Browser c1c1 c2c2 HTTP Aggregator

6 Research © 2006 IBM Corporation Our Approach Mashup Server Tagger Static Analyzer Rewriter c2c2 c1c1 U1U1 Browser c1c1 c2c2 HTTP Aggregator Unmodified

7 Research © 2006 IBM Corporation Close-up on Tagger Checks syntactic constraints on HTML Checks well-formedness of Javascript Wraps up markup within a DIV element, call it root(domain) Marks component domain boundaries

8 Research © 2006 IBM Corporation Close-up on Analyzer Models the HTML as Javascript objects Model host objects and library code as global Javascript objects with their own domain Uses the IBM CAPA/DOMO framework for static analysis Produces a call graph, with SSA instructions

9 Research © 2006 IBM Corporation Close-up on Analyzer Restricting Tree-Walking Maintaining HTML consistency invariants Maintaining Integrity of Data/Code SystemAnalysis Component 1 Component 2 Component 3 Information Flow Lattice for Integrity CG: Call Graph PS(x): Points-to Set of x domain(x): domain in which x was defined isValidChild(y,x): true iff y is allowed to be a child of x by the HTML DTD I CG.[y = x.parentNode] PS(y) PS(root(domain(this)).parentNode) = I CG.[ y := x ] domain(y) domain(x) I CG.[ x.insertChild(y) ] isValidChild(y,x)

10 Research © 2006 IBM Corporation Close-up on Rewriter Namespace isolation –using unique prefixes and rewriting Statically undecidable steps –E.g. Tree-walking Component credentials –for back-end communication Rewriting system objects to local images – document to root(context(this))

11 Research © 2006 IBM Corporation Challenges Restricted Programming Model –Banned: eval & friends; modification of system objects; flash, java, … –No ``real limitation in expressitivity … –… but standards go in opposite direction? against ``nature? While mostly good convenient programming practice, sometimes very inconvenient! tool/framework support needed! Tamper-resistance –Browser evolution, extensions, proxy/server, … Usual arms race? Performance Considerations –Analysis of generating code (JSP) –Certification/proof-carrying code Safe higher-level programming language, e.g., GWT meets SIF?

12 Research © 2006 IBM Corporation Related Work JavaScript security: –Anupam et al, UXSEC98 & USITS99. Static analysis/rewriting –JavaScript: Reis et al, OSDI06; Yu et al, POPL07. –Lots of work for other language & environment (e.g., IRM for Java, Singularity on OS level, …) Browser modifications –Jim et al, WWW07; Erlingsson et al, HotOS07. –Vogt et al, NDSS07. –Multi-domain Browser-OS: Cox et al, S&P 2006.

13 IBM Research © 2006 IBM Corporation BACKUP

14 Research © 2006 IBM Corporation

15 Research © 2006 IBM Corporation

16 Research © 2006 IBM Corporation

17 Research © 2006 IBM Corporation Outline Abstract Model The Browser –DOM + JavaScript Classes of Attacks Solution Scheme –The Tagger/Analyzer/Rewriter Conclusions

18 Research © 2006 IBM Corporation More about Portals P2P2 P1P1 Portal Server U1U1 U2U2 Browser P1P1 P2P2 P1P1 P2P2 JSR/WSRP HTTP Other Server Other page

19 Research © 2006 IBM Corporation Current State of Security P2P2 P1P1 Portal Server U1U1 U2U2 Browser P1P1 P2P2 P1P1 P2P2 Other Server

20 Research © 2006 IBM Corporation Current State of Security P2P2 P1P1 Portal Server U1U1 U2U2 Browser P1P1 P2P2 P1P1 P2P2 SSL Authentication and Roles Other Server Same Origin

21 Research © 2006 IBM Corporation Current State of Security P2P2 P1P1 Portal Server U1U1 U2U2 Browser P1P1 P2P2 P1P1 P2P2 Other Server Same Origin Authentication and Roles SSL

22 Research © 2006 IBM Corporation Simple Attacks Username: Password: function check() { … } function check() { … } P1P1 P2P2 P2P2 Portal Markup

23 Research © 2006 IBM Corporation Simple Attacks Username: Password: function check() { … } function check() { … } P1P1 P2P2 P2P2 Portal Markup

24 Research © 2006 IBM Corporation Simple Attacks Username: Password: function check() { … } function check() { … } P1P1 P2P2 P2P2 Portal Markup

25 Research © 2006 IBM Corporation Username: Password: function check() { … } Simple Attacks function check() { … } P1P1 P2P2 P2P2 Portal Markup

26 Research © 2006 IBM Corporation Our Model P2P2 P1P1 Portal Server U1U1 Browser P1P1 P2P2 U2U2 P1P1 P2P2

27 Research © 2006 IBM Corporation Portlet Isolation P2P2 P1P1 Portal Server U1U1 Browser P1P1 P2P2 Isolation Boundary

28 Research © 2006 IBM Corporation The Ubiquitous Browser Browser P1P1 P2P2 var counter=2; function sub(fm) { var qstring = document.f.name1.value + " " + document.f.conf1.value + " restaurant "; document.f.q.value = qstring; var then = new Date; alert("You took " + ((then.getTime()-t1)/1000) + " seconds to submit your preferences."); return 1; } function createLinkElem(target, str) { var moveElem = document.createElement("TD"); moveElem.appendChild(createLink(target, str)); return moveElem; } function createLink(target,str) { var fnt = document.createElement("FONT"); fnt.setAttribute("size","-1"); fnt.appendChild(document.createTextNode(str)); var lnk = document.createElement("A"); lnk.setAttribute("href","#"); lnk.setAttribute("onclick",target); alert("set" + lnk.onclick); lnk.appendChild(fnt); return lnk; } var now=new Date,t1=0; t1=now.getTime(); this.agt = navigator.userAgent.toLowerCase(); this.ie = (this.agt.indexOf("msie") != -1); if(this.ie) { document.write(" Sorry, we do not support Internet Explorer"); document.close(); } else { document.write(" We applaud your taste in browsers!"); } P1P1 P2P2 JavaScript Weakly typed Prototype based Dynamically modifiable

29 Research © 2006 IBM Corporation The Ubiquitous Browser Browser P1P1 P2P2 var counter=2; function sub(fm) { var qstring = document.f.name1.value + " " + document.f.conf1.value + " restaurant "; document.f.q.value = qstring; var then = new Date; alert("You took " + ((then.getTime()-t1)/1000) + " seconds to submit your preferences."); return 1; } function createLinkElem(target, str) { var moveElem = document.createElement("TD"); moveElem.appendChild(createLink(target, str)); return moveElem; } DOM Interface function createLink(target,str) { var fnt = document.createElement("FONT"); fnt.setAttribute("size","-1"); fnt.appendChild(document.createTextNode(str)); var lnk = document.createElement("A"); lnk.setAttribute("href","#"); lnk.setAttribute("onclick",target); alert("set" + lnk.onclick); lnk.appendChild(fnt); return lnk; } var now=new Date,t1=0; t1=now.getTime(); this.agt = navigator.userAgent.toLowerCase(); this.ie = (this.agt.indexOf("msie") != -1); if(this.ie) { document.write(" Sorry, we do not support Internet Explorer"); document.close(); } else { document.write(" We applaud your taste in browsers!"); } P1P1 P1P1 P2P2 P2P2 Create and add nodes Modify node/ attributes Restructure document Lookup node/ Read information Isolation Domain DOM (Document Object Model)

30 Research © 2006 IBM Corporation The Ubiquitous Browser Browser P1P1 P2P2

31 Research © 2006 IBM Corporation The Ubiquitous Browser Browser P1P1 P2P2 var counter=2; function sub(fm) { var qstring = document.f.name1.value + " " + document.f.conf1.value + " restaurant "; document.f.q.value = qstring; var then = new Date; alert("You took " + ((then.getTime()-t1)/1000) + " seconds to submit your preferences."); return 1; } function createLinkElem(target, str) { var moveElem = document.createElement("TD"); moveElem.appendChild(createLink(target, str)); return moveElem; } DOM Interface function createLink(target,str) { var fnt = document.createElement("FONT"); fnt.setAttribute("size","-1"); fnt.appendChild(document.createTextNode(str)); var lnk = document.createElement("A"); lnk.setAttribute("href","#"); lnk.setAttribute("onclick",target); alert("set" + lnk.onclick); lnk.appendChild(fnt); return lnk; } var now=new Date,t1=0; t1=now.getTime(); this.agt = navigator.userAgent.toLowerCase(); this.ie = (this.agt.indexOf("msie") != -1); if(this.ie) { document.write(" Sorry, we do not support Internet Explorer"); document.close(); } else { document.write(" We applaud your taste in browsers!"); } P1P1 P1P1 P2P2 P2P2 Create and add nodes Modify node/ attributes Restructure document Lookup node/ Read information Isolation Domain

32 Research © 2006 IBM Corporation Taxonomy of Attacks Underspecified Semantics –FORM Wrapping, BASE, … Shared Runtime –Language: Prototypes, namespace –Libraries: Math, String, … Shared DOM Tree –Walk the tree, names, … –Event Space –Access keys, Tab Index Shared Host –Environment Objects: Navigator, location, window, top, history –Layout Engine: STYLE, Absolute lengths, … –Cookies Shared Portal Markup Code (HTML + JS) –Utility functions

33 Research © 2006 IBM Corporation Taxonomy of Attacks Underspecified Semantics –FORM Wrapping, BASE, … Shared Layout Engine –STYLE, Absolute lengths, … Shared DOM Tree –Walk the tree, names, … Shared Portal Markup Code (HTML + JS) –Utility functions Shared Cookie Object

34 Research © 2006 IBM Corporation Taxonomy of Attacks Shared Namespace –Functions, Global Variables, DOM Tree Nodes Shared Host Environment Objects –navigator, location, window, top, history Shared Library Code –Math, String Shared Language Runtime –Prototypes Shared Event Space –Access keys, Tab Index

35 Research © 2006 IBM Corporation

Download ppt "IBM Research © 2006 IBM Corporation Mashup Component Isolation via Server-Side Analysis and Instrumentation K. Vikram / Cornell University Michael Steiner/"

Similar presentations

Ben Livshits and Úlfar Erlingsson Microsoft Research.

Ben Livshits and Úlfar Erlingsson Microsoft Research.
JavaScript & jQuery JavaScript and jQuery introduction.

JavaScript & jQuery JavaScript and jQuery introduction.
JavaScript and AJAX Jonathan Foss University of Warwick

JavaScript and AJAX Jonathan Foss University of Warwick
Intro to JavaScript. JavaScript History Client (generally browser-side) language invented at Netscape under the name LiveScript around 1995 Netscape wanted.

Intro to JavaScript. JavaScript History Client (generally browser-side) language invented at Netscape under the name LiveScript around 1995 Netscape wanted.
JavaScript FaaDoOEngineers.com FaaDoOEngineers.com.

JavaScript FaaDoOEngineers.com FaaDoOEngineers.com.
Programming Club IIT Kanpur. Work environment Before you begin coding,always set up your work environment to your needs IDE Notepad++ Sublime Text 2.

Programming Club IIT Kanpur. Work environment Before you begin coding,always set up your work environment to your needs IDE Notepad++ Sublime Text 2.
JavaScript and the DOM Les Carr COMP3001 Les Carr COMP3001.

JavaScript and the DOM Les Carr COMP3001 Les Carr COMP3001.
0 The Past, Present and Future of XSS Defense Jim Manico 2011 OWASP Brussels.

0 The Past, Present and Future of XSS Defense Jim Manico 2011 OWASP Brussels.
JavaScript Part 6. Calling JavaScript functions on an event JavaScript doesn’t have a main function like other programming languages but we can imitate.

JavaScript Part 6. Calling JavaScript functions on an event JavaScript doesn’t have a main function like other programming languages but we can imitate.
Document Object Model (DOM) JavaScript manipulation of the DOM.

Document Object Model (DOM) JavaScript manipulation of the DOM.
1 CSC 551: Web Programming Spring 2004 client-side programming with JavaScript  scripts vs. programs  JavaScript vs. JScript vs. VBScript  common tasks.

1 CSC 551: Web Programming Spring 2004 client-side programming with JavaScript  scripts vs. programs  JavaScript vs. JScript vs. VBScript  common tasks.
Copyright © 2012 Certification Partners, LLC -- All Rights Reserved Lesson 4: Web Browsing.

Copyright © 2012 Certification Partners, LLC -- All Rights Reserved Lesson 4: Web Browsing.
Presented by Vaibhav Rastogi.  Advent of Web 2.0 and Mashups  Inclusion of untrusted third party content a necessity  Need to restrict the functionality.

Presented by Vaibhav Rastogi.  Advent of Web 2.0 and Mashups  Inclusion of untrusted third party content a necessity  Need to restrict the functionality.
By Philipp Vogt, Florian Nentwich, Nenad Jovanovic, Engin Kirda, Christopher Kruegel, and Giovanni Vigna Network and Distributed System Security(NDSS ‘07)

By Philipp Vogt, Florian Nentwich, Nenad Jovanovic, Engin Kirda, Christopher Kruegel, and Giovanni Vigna Network and Distributed System Security(NDSS ‘07)
Vaibhav Rastogi and Yi Yang.  Web 2.0 – rich applications  A website hosts content it may not be responsible for  Third party gadgets  Third party.

Vaibhav Rastogi and Yi Yang.  Web 2.0 – rich applications  A website hosts content it may not be responsible for  Third party gadgets  Third party.
Lesson 4: Web Browsing.

Lesson 4: Web Browsing.
® IBM Software Group © 2007 IBM Corporation Accessible Rich Internet Applications and Online Services Rich Schwerdtfeger IBM Distinguished Engineer, Chair.

® IBM Software Group © 2007 IBM Corporation Accessible Rich Internet Applications and Online Services Rich Schwerdtfeger IBM Distinguished Engineer, Chair.
© 2007 IBM Corporation IBM Emerging Technologies Enabling an Accessible Web 2.0 Becky Gibson Web Accessibility Architect.

© 2007 IBM Corporation IBM Emerging Technologies Enabling an Accessible Web 2.0 Becky Gibson Web Accessibility Architect.
شهره کاظمی 1 آزمايشکاه سيستم های هوشمند (http://ce.aut.ac.ir/islab) A Simple Definition of Portal Shohreh kazemi 84131065.

شهره کاظمی 1 آزمايشکاه سيستم های هوشمند ( A Simple Definition of Portal Shohreh kazemi
 2008 Pearson Education, Inc. All rights reserved. 1 12 Document Object Model (DOM): Objects and Collections.

 2008 Pearson Education, Inc. All rights reserved Document Object Model (DOM): Objects and Collections.

Similar presentations

Ads by Google