Scott Isaacs Software Architect Microsoft Corporation Dragos Manolescu Program Manager Microsoft...
Transcript of Scott Isaacs Software Architect Microsoft Corporation Dragos Manolescu Program Manager Microsoft...
Live Labs Web Sandbox: Securing Mash-Ups, Site Extensibility, And Gadgets
Scott IsaacsSoftware ArchitectMicrosoft Corporation
Dragos ManolescuProgram ManagerMicrosoft Corporation
TL29
Web security – overview and history Introducing the Web Sandbox Kicking the tires Getting involved and lots of demos
Agenda
How The Web Works
<div id="sitemeter" class="plain"><!--WEBBOT bot="HTMLMarkup" startspan ALT="Site Meter" --><script type="text/javascript" language="JavaScript">var site="s15gizmodo"</script><script type="text/javascript" language="JavaScript1.2" src="http://s15.sitemeter.com/js/counter.js?site=s15gizmodo"></script>
Failure Should Not Be An Option
Web SandboxA Tech Preview
announcing
Technology dates back to the 90s Started with hit counters (images) Transition to affiliate programs Web 2.0 mash-ups: low-cost innovation
Sites want to become “platforms” All suffer the same fate
History
Mashing up third-party content What does this mean for the site? What does this mean for the user? but everyone wants a “partner”
A challenging environment Only as reliable as the weakest link Users pay the cost
A Scary Problem
This is one of the most damaging problems on the Web – security expert RSnake
Ignore the problem IFrame the problem
Too much isolation without security Redirects, installers, history, clickjacking, etc
First Generation Solutions (FBJS…) A new programming model
None address Quality of Service (QoS)
State Of The Art (Before Today)
Think outside the box – literally Beyond gadgets
Site extensibility Componentization model Richer advertising
Control the trust model Protect the overall experience
Where Do We Need To Go?
Goal: Secure Web 2.0 Industry-wide focus
ECMA Security Working Group AdSafe, Caja… Work together to define the standard
Enter the Live Labs Web Sandbox
The Opportunity
Web Sandbox 101
demo
No IFrames were abused…
Architecture 101 – The Big Picture
TransformationPipelineUntrusted Content
Virtualized Code
Trusted HostRequested Content
(untrusted)
Sandboxed ExecutionSandboxed Execution
Virtual Machine
Support for all modern browsers No browser extensions required Provides cross-browser consistency
Why not develop a plug-in? Users must not opt-into security Ubiquity versus deployment
The Browser Challenge
Change function: Success = Customer Pain
Total Perceived Pain of Adoption
Use the materials in the room No new APIs or language No gadget SDK required
The Philosophy
Web Sandbox 201
demo
Standards – based JavaScript “good” and “bad” parts Processing Model
Automatic multi-instancing Code throttling QoS monitoring
Going Beyond Security
Web Sandbox:Graduation
demo
Lack of isolation Increased surface area
Testing challenges Unintentional conflicts No feedback loop
Single point of failure
Why Is QoS Hard?
Grad School:Infinite Is A Big Number…
demo
Goal: Support 99% of the language Work in progress
1. HTML must be well-formed2. document.write3. JavaScript with statement4. XML Proxy is not yet enabled5. Dynamic loading of external scripts6. Silverlight and Flash Support
The Fine Print
Trade-offs Performance: 1.5 – 4x Intermediate transformation step More difficult debugging (?debug=true flag)
The 1%: API Limitations No arbitrary code “eval”uation Addressable with native support
The Finer Print
Privacy:It’s My History
demo
Architecture 101 – The Big Picture
TransformationPipeline
Untrusted Content
Virtualized Code
Trusted HostRequested Content
(untrusted)
Sandboxed ExecutionSandboxed Execution
Virtual Machine
Transformation Pipeline
Untrusted Content
HTML to JSON
CSS to JSON Transform all Scripts
Package With Script
Ready to Run!
Sandbox Execution
Code Invocations
Type and Apply Rule
Sandbox Instance
Interception Layer
Monitor QoS
Sandbox InstanceSandbox InstanceReady to
Run!
We Rule!
demo
Runtime Communication
TransformationPipeline
Untrusted Content
Virtualized Code
Trusted HostRequested Content
(untrusted)
Sandboxed ExecutionSandboxed Execution
Virtual Machine
Runtime
Easy Hosting
<div id="putContentHere"></div><script src="websandbox.js"></script><!-- Use Server Transform --><script src="http://websandbox-code.org/transform.aspx?
url=UrlToUntrustedCode&guid=ContentID"></script><script> // Create a Sandbox instancevar sb = new $Sandbox(
document.getElementById("putContentHere"),$Policy.Gadget, "ContentID")
sb.initialize();</script>
Web Sandbox: DIY
demo
An Open Project http://websandbox.livelabs.com
Interactive Documentation Playground and Samples
Hack us! Break us! Make us feel pain Community Forums
We want all feedback Public Full Disclosure Forum
Join us in defining the standard
Getting Involved
Evals & Recordings
Please fill
out your
evaluation for
this session at:
This session will be available as a recording at:
www.microsoftpdc.com
Please use the microphones provided
Q&A
© 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market
conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.