The Web of Confusion. Douglas Crockford Yahoo! Inc.

Similar documents
Principles. Security. Douglas Crockford Yahoo!

ADsafety. Type-based Verification of JavaScript Sandboxing. Joe Gibbs Politz Spiridon Aristides Eliopoulos Arjun Guha Shriram Krishnamurthi

Ben Livshits and Úlfar Erlingsson. Microsoft Research

A Structural Operational Semantics for JavaScript

JavaScript: The Good Parts

Chrome Extension Security Architecture

Ben Livshits and Úlfar Erlingsson. Microsoft Research

JavaScript: The Good Parts. Douglas Crockford Yahoo! Inc.

Why Discuss JavaScript? CS312: Programming Languages. Lecture 21: JavaScript. JavaScript Target. What s a Scripting Language?

Section 8. Programming Style & Your Brain

Security and Privacy. SWE 432, Fall 2016 Design and Implementation of Software for the Web

CS312: Programming Languages. Lecture 21: JavaScript

Some Facts Web 2.0/Ajax Security

C1: Define Security Requirements

Is Browsing Safe? Web Browser Security. Subverting the Browser. Browser Security Model. XSS / Script Injection. 1. XSS / Script Injection

Introduction to DBMS DATA DISK. File Systems. DBMS Stands for Data Base Management System. Examples of Information Systems which require a Database:

Web Security: Vulnerabilities & Attacks

Introduction to JavaScript p. 1 JavaScript Myths p. 2 Versions of JavaScript p. 2 Client-Side JavaScript p. 3 JavaScript in Other Contexts p.

Content Security Policy

Web 2.0 Attacks Explained

WEB SECURITY: XSS & CSRF

RKN 2015 Application Layer Short Summary

AN EVALUATION OF THE GOOGLE CHROME EXTENSION SECURITY ARCHITECTURE

SECURITY TESTING. Towards a safer web world

This course is designed for web developers that want to learn HTML5, CSS3, JavaScript and jquery.

NET 311 INFORMATION SECURITY

Software Interface Analysis Tool (SIAT) Architecture Definition Document (NASA Center Initiative)

Functional JavaScript. Douglas Crockford Yahoo! Inc.

Nick Terkay CSCI 7818 Web Services 11/16/2006

Analysis of Security Critical APIs

Top 10 AJAX security holes & driving factors

AJAX: From the Client-side with JavaScript, Back to the Server

Lecture 4: Threats CS /5/2018

Language Based isolation of Untrusted JavaScript

OWASP Top David Caissy OWASP Los Angeles Chapter July 2017

<layer> or the ingrained habits of web development. Peter-Paul Koch HTML Special, 16 June 2016

Contego: Capability-Based Access Control for Web Browsers

ROSAEC Survey Workshop SELab. Soohyun Baik

shortcut Tap into learning NOW! Visit for a complete list of Short Cuts. Your Short Cut to Knowledge

Web 2.0 and AJAX Security. OWASP Montgomery. August 21 st, 2007

MTAT Research Seminar in Cryptography The Security of Mozilla Firefox s Extensions

RIA Security - Broken By Design. Joonas Lehtinen IT Mill - CEO

The goal of this book is to teach you how to use Adobe Integrated


Sandboxing JavaScript. Lieven Desmet iminds-distrinet, KU Leuven OWASP BeNeLux Days 2012 (29/11/2012, Leuven) DistriNet

THE PRAGMATIC INTRO TO REACT. Clayton Anderson thebhwgroup.com WEB AND MOBILE APP DEVELOPMENT AUSTIN, TX

HTML5 Unbound: A Security & Privacy Drama. Mike Shema Qualys

JavaScript CS 4640 Programming Languages for Web Applications

Backend IV: Authentication, Authorization and Sanitization. Tuesday, January 13, 15


Your Scripts in My Page: What Could Possibly Go Wrong? Sebastian Lekies / Ben Stock Martin Johns

AJAX: Rich Internet Applications

Object Capabilities and Isolation of Untrusted Web Application

6 Critical Reasons for Office 365 Backup. The case for why organizations need to protect Office 365 data

Intro. Scheme Basics. scm> 5 5. scm>

1 Introduction. 2 Web Architecture

Web Application Security. Philippe Bogaerts

Testing is a very big and important topic when it comes to software development. Testing has a number of aspects that need to be considered.

Helsinki University of Technology Department of Media Technology T Seminar on Multimedia Spring 2008.

CSCE 813 Internet Security Case Study II: XSS

Etanova Enterprise Solutions

Mobile Security 2013 Phenomenal Cosmic Power, Itty Bitty Living Space

Web Security IV: Cross-Site Attacks

Secure Frame Communication in Browsers Review

OWASP TOP Release. Andy Willingham June 12, 2018 OWASP Cincinnati

How to approach the web platforms. Peter-Paul Koch Nordic Competence Conference, 12 September 2015

xbook: Redesigning Privacy Control in Social Networking Platforms

CIS 4360 Secure Computer Systems XSS

REST. Web-based APIs

G Programming Languages - Fall 2012

The Eval that Men Do

Copyright

CNIT 129S: Securing Web Applications. Ch 12: Attacking Users: Cross-Site Scripting (XSS) Part 2

Web Application Security

Hyperdata: Update APIs for RDF Data Sources (Vision Paper)

Lecture 17 Browser Security. Stephen Checkoway University of Illinois at Chicago CS 487 Fall 2017 Some slides from Bailey's ECE 422

CSE361 Web Security. Attacks against the server-side of web applications. Nick Nikiforakis

Learn Web Development CodersTrust Polska course outline. Hello CodersTrust! Unit 1. HTML Structuring the Web Prerequisites Learning pathway.

Security for Web2.0 application scenarios: Exposures, Issues and Challenges

CSCE 120: Learning To Code

JavaScript. What s wrong with JavaScript?

JavaScript Fundamentals_

Operating Systems (2INC0) 2018/19. Introduction (01) Dr. Tanir Ozcelebi. Courtesy of Prof. Dr. Johan Lukkien. System Architecture and Networking Group

JavaScript Specialist v2.0 Exam 1D0-735

Attacking Web2.0. Daiki Fukumori Secure Sky Technology Inc.

Versioning, Extensibility & Postel s Law

ICANN Start, Episode 1: Redirection and Wildcarding. Welcome to ICANN Start. This is the show about one issue, five questions:

Client Side Security And Testing Tools

Lecture 8 (7.5?): Javascript

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 3 Protecting Systems

Class 15. Object-Oriented Development from Structs to Classes. Laura Marik Spring 2012 C++ Course Notes (Provided by Jason Minski)

Current trends: Scripting (I) A bid part of interface design centers around dialogs

AJAX Workshop. Karen A. Coombs University of Houston Libraries Jason A. Clark Montana State University Libraries

Department of Electrical Engineering and Computer Science MASSACHUSETTS INSTITUTE OF TECHNOLOGY Fall Quiz I

JavaScript: Features, Trends, and Static Analysis

We aren t getting enough orders on our Web site, storms the CEO.

Java SE7 Fundamentals

COURSE 11 DESIGN PATTERNS

Web basics: HTTP cookies

INTERNET PORTALS DEFINITION OF PORTAL

Transcription:

The Web of Confusion Douglas Crockford Yahoo! Inc. http://crockford.com/codecamp/confusion.ppt

Web 2.0 Security and Privacy The problems started in 1995. We have made no progress on the fundamental problems since then.

Will the web ever reach the Threshold of Goodenoughness? + Discovery of vulnerabilities leads to corrections. + If the rate at which correcting vulnerabilities introduces new vulnerabilities, eventually goodenoughness should be achieved. - Adding new features tends to introduce vulnerabilities at a higher rate: Unintended consequences. - If the fundamental assumptions are faulty, incremental correction never converges onto goodenoughness.

We are compiling an evergrowing corpus of hazards.

Perfection is not an option. It is unreasonable to require developers to have an adequate understanding of the current model.

Is the web too big to fail?

The web came closer to getting it right than everything else.

But first: What goes wrong?

The Standard Mistake "We will add security in 2.0."

The Itty Bitty -ity Committee Quality Modularity Reliability Maintainability Security

Confusion of Cryptography and Security. Digital Living Room

Confusion of Identity and Authority.

Blame the Victim

Confusion of Interest

Confusion of Interest System Mode Computer

Confusion of Interest System Mode User System

Confusion of Interest System Mode User User User System

Confusion of Interest System Mode CP/M MS-DOS MacOS Windows

The system cannot distinguish between the interests of the user and the interests of the program. This mostly works when software is expensive and intentionally installed.

It is not unusual for the purpose or use or scope of software to change over its life. Rarely are the security properties of software systems reexamined in the context of new or evolving missions. This leads to insecure systems.

On the web we have casual, promiscuous, automatic, unintentional installation of programs. The interests of the user and of the program must be distinguished.

The browser successfully distinguishes the interests of the user and the interests of the program.

Confusion of Interest The browser is a significant improvement, able to distinguish the interests of users and sites (usually). System Mode Site Site Site User Browser

But within a page, interests are confused. An ad or a widget or an Ajax library gets the same rights as the site's own scripts.

Turducken

This is not a Web 2.0 problem. All of these problems came with Netscape 2 in 1995.

We are mashing things up. There are many more interested parties represented in the page.

A mashup is a self-inflicted XSS attack. (Advertising is a mashup.)

JavaScript got close to getting it right. A secure dialect is obtainable. ADsafe and Caja leading the way.

ADsafe A system for safe web advertising. http://www.adsafe.org/

ADsafe ADsafe is a JavaScript subset that adds capability discipline by deleting features that cause capability leakage. No global variables or functions may be defined. No global variables or functions can be accessed except the ADSAFE object. These words cannot be used: apply arguments call callee caller constructor eval prototype unwatch valueof watch Words starting with _ cannot be used. Use of the [] subscript operator is restricted.

ADsafe DOM Interface Light weight. Query-oriented. Scope of queries is strictly limited to the contents of a widget's <div>. Guest code cannot get direct access to any DOM node.

The DOM is much less close But the Ajax libraries are converging on a much better API. We need to replace the DOM with something that is more portable, more rational, more modular, and safer. We need to replace the DOM with something that is less complicated, less exceptional, less grotesque.

W3C is moving in the opposite direction HTML5 needs to be reset. Or W3C needs to be abolished.

We need a new security model: Object Capabilities. Robust Composition, Mark Miller http://erights.org/talks/thesis/

Cooperation under mutual suspicion.

We have gone as far as we can go on luck and good intentions. We need, at very long last, to get it right.

Doing this will be very hard. Not doing this will be even harder.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback