By Adam Barth, Joel Weinberger and Dawn Song. Current JavaScript Security Model Cross-Origin...

18
Cross-Origin JavaScript Capability Leaks: Detection, Exploitation and Defense By Adam Barth, Joel Weinberger and Dawn Song

TAGS:

Transcript of By Adam Barth, Joel Weinberger and Dawn Song. Current JavaScript Security Model Cross-Origin...

Page 1: By Adam Barth, Joel Weinberger and Dawn Song. Current JavaScript Security Model Cross-Origin JavaScript Capability Leaks Capability Leak Detection.

Cross-Origin JavaScript Capability Leaks: Detection,

Exploitation and DefenseBy Adam Barth, Joel Weinberger and Dawn Song

Page 2: By Adam Barth, Joel Weinberger and Dawn Song. Current JavaScript Security Model Cross-Origin JavaScript Capability Leaks Capability Leak Detection.

Current JavaScript Security Model

Cross-Origin JavaScript Capability Leaks

Capability Leak Detection

Browser Defense Mechanism

Overview

Page 3: By Adam Barth, Joel Weinberger and Dawn Song. Current JavaScript Security Model Cross-Origin JavaScript Capability Leaks Capability Leak Detection.

The DOM and Access Control

Page 4: By Adam Barth, Joel Weinberger and Dawn Song. Current JavaScript Security Model Cross-Origin JavaScript Capability Leaks Capability Leak Detection.

The DOM and Access Control

Page 5: By Adam Barth, Joel Weinberger and Dawn Song. Current JavaScript Security Model Cross-Origin JavaScript Capability Leaks Capability Leak Detection.

The JS Engine and Capabilities

Page 6: By Adam Barth, Joel Weinberger and Dawn Song. Current JavaScript Security Model Cross-Origin JavaScript Capability Leaks Capability Leak Detection.

The DOM provides an access control layer

The JavaScript engine treats objects as capabilities

DOM vs JS Engine

Page 7: By Adam Barth, Joel Weinberger and Dawn Song. Current JavaScript Security Model Cross-Origin JavaScript Capability Leaks Capability Leak Detection.

Current JavaScript Security Model

Cross-Origin JavaScript Capability Leaks

Capability Leak Detection

Browser Defense Mechanism

Overview

Page 8: By Adam Barth, Joel Weinberger and Dawn Song. Current JavaScript Security Model Cross-Origin JavaScript Capability Leaks Capability Leak Detection.

Cross-Context References

Page 9: By Adam Barth, Joel Weinberger and Dawn Song. Current JavaScript Security Model Cross-Origin JavaScript Capability Leaks Capability Leak Detection.

Cross-Context References

Page 10: By Adam Barth, Joel Weinberger and Dawn Song. Current JavaScript Security Model Cross-Origin JavaScript Capability Leaks Capability Leak Detection.

DOM meets JS Engine

Page 11: By Adam Barth, Joel Weinberger and Dawn Song. Current JavaScript Security Model Cross-Origin JavaScript Capability Leaks Capability Leak Detection.

DOM meets JS Engine

Page 12: By Adam Barth, Joel Weinberger and Dawn Song. Current JavaScript Security Model Cross-Origin JavaScript Capability Leaks Capability Leak Detection.

Current JavaScript Security Model

Cross-Origin JavaScript Capability Leaks

Capability Leak Detection

Browser Defense Mechanism

Overview

Page 13: By Adam Barth, Joel Weinberger and Dawn Song. Current JavaScript Security Model Cross-Origin JavaScript Capability Leaks Capability Leak Detection.

JavaScript Heap Inspection

Page 14: By Adam Barth, Joel Weinberger and Dawn Song. Current JavaScript Security Model Cross-Origin JavaScript Capability Leaks Capability Leak Detection.

In the JavaScript Engine object system

Object creation, destruction and reference

Calls into analysis library

Instrumentation

Page 15: By Adam Barth, Joel Weinberger and Dawn Song. Current JavaScript Security Model Cross-Origin JavaScript Capability Leaks Capability Leak Detection.

Computing JavaScript Contexts

Page 16: By Adam Barth, Joel Weinberger and Dawn Song. Current JavaScript Security Model Cross-Origin JavaScript Capability Leaks Capability Leak Detection.

Current JavaScript Security Model

Cross-Origin JavaScript Capability Leaks

Capability Leak Detection

Browser Defense Mechanism

Overview

Page 17: By Adam Barth, Joel Weinberger and Dawn Song. Current JavaScript Security Model Cross-Origin JavaScript Capability Leaks Capability Leak Detection.

Access Control Checks

Page 18: By Adam Barth, Joel Weinberger and Dawn Song. Current JavaScript Security Model Cross-Origin JavaScript Capability Leaks Capability Leak Detection.

Heap Graph Analysis can be used to find vulnerabilities in web browser

Web Browser can provide mechanism to eliminate these vulnerabilities

Heap Graph Tool and Access Control Prototype for WebKit:

Conclusion


Weinberger v. Romero-Barcelo, 456 U.S. 305 (1982)

Weinberger v. Romero-Barcelo, 456 U.S. 305 (1982)

#27 Road Diets – Improving Safety for Everyone - Weinberger

#27 Road Diets – Improving Safety for Everyone - Weinberger

A. J. Weinberger Tips for a Good Talk Alycia J. Weinberger 28 October 2011, updated 2013 and 2014.

A. J. Weinberger Tips for a Good Talk Alycia J. Weinberger 28 October 2011, updated 2013 and 2014.

Joel Weinberger - Neuroscience - 2011

Joel Weinberger - Neuroscience - 2011

Joseph Aaron Weinberger

Joseph Aaron Weinberger

What is JavaScript? Embedding JavaScript with HTML JavaScript conventions Variables in JavaScript

What is JavaScript? Embedding JavaScript with HTML JavaScript conventions Variables in JavaScript

VINT Symposium 2012: Recorded Future | David Weinberger

VINT Symposium 2012: Recorded Future | David Weinberger

Everything is Miscellaneous Weinberger

Everything is Miscellaneous Weinberger

AMY FALK WEINBERGER, M.S.Ed. 5949 Approach Road Sarasota ... · AMY FALK WEINBERGER, M.S.Ed. 5949 Approach Road Sarasota, FL 34238 941.924.6373 amy@thinkingcenter.com Skype: Amy Weinberger

AMY FALK WEINBERGER, M.S.Ed. 5949 Approach Road Sarasota ... · AMY FALK WEINBERGER, M.S.Ed. 5949 Approach Road Sarasota, FL 34238 941.924.6373 [email protected] Skype: Amy Weinberger

Weinberger FirstCourseInPartialDifferentialEquations

Weinberger FirstCourseInPartialDifferentialEquations

Benchley/Weinberger...Benchley-Weinberger Achievement through Communications Magnet VISION: By providing a challenging curriculum and teaching high-level communication skills in a

Benchley/Weinberger...Benchley-Weinberger Achievement through Communications Magnet VISION: By providing a challenging curriculum and teaching high-level communication skills in a

Stan Beckers Simon Weinberger

Stan Beckers Simon Weinberger

Chapter 1: JavaScript Primer · color: JavaScript JavaScript JavaScript src a }

Chapter 1: JavaScript Primer · color: JavaScript JavaScript JavaScript src a }

Weinberger 19 Ways of Looking at Wang Wei

Weinberger 19 Ways of Looking at Wang Wei

Weinberger v. Wiesenfeld, 95 S. Ct. 1225 (1975)

Weinberger v. Wiesenfeld, 95 S. Ct. 1225 (1975)

JavaScript JQuery JavaScript Resources. Resources: JavaScript Guide - MDC Doc Center developer.mozilla.org/en/JavaScript/Guide Mozilla JavaScript Scripting.

JavaScript JQuery JavaScript Resources. Resources: JavaScript Guide - MDC Doc Center developer.mozilla.org/en/JavaScript/Guide Mozilla JavaScript Scripting.

Local Coordinating Council By Jane Weinberger. Seniors’ Resource Center-Evergreen Jane Weinberger, Director.

Local Coordinating Council By Jane Weinberger. Seniors’ Resource Center-Evergreen Jane Weinberger, Director.

Weinberger keynote

Weinberger keynote

Weaving the web weinberger hadas cohen-vaks dan_brunel2010

Weaving the web weinberger hadas cohen-vaks dan_brunel2010

Cross-Origin JavaScript Capability Leaks: Detection, Exploitation and Defense

Cross-Origin JavaScript Capability Leaks: Detection, Exploitation and Defense