THE BIG PICTURE. How does JavaScript interact with the browser?
Secure Cooperative Sharing of JavaScript, Browser, and Physical Resources
description
Transcript of Secure Cooperative Sharing of JavaScript, Browser, and Physical Resources
Secure Cooperative Sharing of JavaScript, Browser, and Physical Resources
Benjamin Livshits
UC Berkeley
Leo Meyerovich, David Zhu
Web Application Security
lipstick on a pig?
JIT compilers
partitioned hardware
Not Your Mother’s Browserbrowser kernels
disk
jsvm, network, ...
Mashup Manifesto1. sharing requires control
2. sharing must be natural
3. sharing must be cheap
1. <CoFrame src=http://gadget.com/page id=gadget 2. passthroughBrowser="html css js" 3. delegatePhysical=".1 cpu"/> ...4. var toggle = true; 5. delegateBrowser(“network”, gadget, "http://gadget.com", 6. function () { if (!toggle) throw ‘exn!’; }); 7. function getData() { 8. toggle = false; 9. return "profile data"; } 10. gadget.getData = getData; 11. aroundJS(gadget, getData, “execute”, 12. function proceed (continue) { return continue(); });
JS Sharing with Cross-Principal Advice
function getData
Function.prototype
Alice Bob
__proto__
JS Sharing with Cross-Principal Advice
function getData
Function.prototype
__proto__
Alice Bob
JS Sharing with Cross-Principal Advice
function getData
Function.prototype
__proto__
function proceed
execute
function defaultDeny
Messagesexecuteset fld val get fldaddField fld valremoveField fld
Alice Bob
set, get, …aroundJS(Bob, getData, “execute”, function proceed (continue) { return continue(); })
function defaultDeny (continue) { throw ‘err’ }
JS Sharing with Cross-Principal Advice
function getData
Function.prototype
__proto__
function proceed
execute
function defaultDeny
Messagesexecuteset fld val get fldaddField fld valremoveField fld
Alice Bob
set, …, get
JS Sharing with Cross-Principal Advice
function getData
Function.prototype
__proto__
function proceed
execute
function defaultDeny
Messagesexecuteset fld val get fldaddField fld valremoveField fld
Alice Bob
execute, set, get, addField, removeField
set, …, get
Cornelia
set, …
browser
Browser API Sharing with Non-Tampering Advice
facebook.com
gadget.com
gadget.com
delegateBrowser(“network”, gadget, "http://gadget.com", function () { if (!toggle) throw ‘exn!’; });
delegation: non-tampering advicefacebook.com
parser, DOM, CSS, ...
Physical Resource Sharing with ROS
disk
layout
render
layout
render
layout
render
… … …
Conclusion
• Abstractions for sharing browser, physical, and JavaScript resources
• Use the browser, OS/hardware, and language runtime
Mashup Manifesto1. sharing requires control
2. sharing must be natural
3. control must be cheap
Related Work
Physical Resource Sharing Resource Containers E Gazelle TessellationOS Chrome
JavaScript Sharing Caja MashupOS Object Views ConScript
Browser API Sharing OP Browser ConScript ServiceOS
backup slides.
Sharing Browser APIs: Today
Facebook.comadvice
DOM (FFI)
Sharing Browser APIs: Tomorrow
Facebook.com
DOM (FFI)
advice
browser
kernel
The Times They Are A-Changin’method-based JIT
trace-based compilationstatic compilation
GPU rendering
parser generator
parallel layout
multicore CSS selectors
parallel parsing
hardware partitioning
hypervisor, microkernel,
browser JIT (C#, X86, …)
browser kernel
solver generator
container.com
gadget.com
BROWSER
container.com
gadget.com
gadget.com
BROWSER
gadgetfork
bomb!!!
YouTubepolicy?
container.com
gadget.com
gadget.com
BROWSER
A New Hope