cross-origin javascript capability leaks: detection, exploitation and defense
DESCRIPTION
Cross-Origin JavaScript Capability Leaks: Detection, Exploitation and Defense. By Adam Barth, Joel Weinberger and Dawn Song. Overview. Current JavaScript Security Model Cross-Origin JavaScript Capability Leaks Capability Leak Detection Browser Defense Mechanism. The DOM and Access Control. - PowerPoint PPT PresentationTRANSCRIPT
Cross-Origin JavaScript Capability Leaks: Detection,
Exploitation and DefenseBy Adam Barth, Joel Weinberger and Dawn Song
Current JavaScript Security Model
Cross-Origin JavaScript Capability Leaks
Capability Leak Detection
Browser Defense Mechanism
Overview
The DOM and Access Control
The DOM and Access Control
The JS Engine and Capabilities
The DOM provides an access control layer
The JavaScript engine treats objects as capabilities
DOM vs JS Engine
Current JavaScript Security Model
Cross-Origin JavaScript Capability Leaks
Capability Leak Detection
Browser Defense Mechanism
Overview
Cross-Context References
Cross-Context References
DOM meets JS Engine
DOM meets JS Engine
Current JavaScript Security Model
Cross-Origin JavaScript Capability Leaks
Capability Leak Detection
Browser Defense Mechanism
Overview
JavaScript Heap Inspection
In the JavaScript Engine object system
Object creation, destruction and reference
Calls into analysis library
Instrumentation
Computing JavaScript Contexts
Current JavaScript Security Model
Cross-Origin JavaScript Capability Leaks
Capability Leak Detection
Browser Defense Mechanism
Overview
Access Control Checks
Heap Graph Analysis can be used to find vulnerabilities in web browser
Web Browser can provide mechanism to eliminate these vulnerabilities
Heap Graph Tool and Access Control Prototype for WebKit:
Conclusion