scott isaacs presentationajaxexperience (final)

15
Beyond IFrames: Web Sandboxes Scott Isaacs Software Architect Microsoft

Upload: ajax-experience-2009

Post on 18-Jun-2015

1.304 views

Category:

Technology


0 download

TRANSCRIPT

Page 1: Scott Isaacs Presentationajaxexperience (Final)

Beyond IFrames:Web Sandboxes

Scott IsaacsSoftware ArchitectMicrosoft

Page 2: Scott Isaacs Presentationajaxexperience (Final)

How Web Sites are Built Today

• The Web normally has a Same

Origin Policy – but in practice, “your

script works in my origin”

• All JavaScript code in the page,

regardless of origin, has the same trust

level and permissions

• If one bit of code fails or is

compromised, the entire page/app/site

can be compromised

• Quick Demo…

Youtube

Google Friend

Connect

Youtube

Google News

Error from Amazon

Page 3: Scott Isaacs Presentationajaxexperience (Final)

User’s Expectations ≠ Reality

• Mismatch between browser security and expectations• O/S boundaries protected• Cross-domain content protected

• Composite pages have a single policy• Aggregation (mash-ups) not protected

• You need a composite policy for a composite page

• Let’s secure the cookie…

Page 4: Scott Isaacs Presentationajaxexperience (Final)

The growing risk…

• Differentiation between Cloud and Local Services is

blurring…

• User Data being aggregated…

• Personal Data (both local and cloud-based)• Storage, Photos, E-Mail, Social Network/ Contacts, IM

• Devices• Phones, GPS, Camera, etc.

• …and exposed to…

• Site Services• Rich Advertising, Analytics, Maps, Affiliate Programs

• Site Extensibility• Gadgets, Libraries, etc.

Page 5: Scott Isaacs Presentationajaxexperience (Final)

What about IFrames?

• Still exploitable…• Run-away code…• Navigation…• Click-Jacking…

• And not rich enough…• Designed for content embedding• Established fixed “policies”• Won’t work for display integration (e.g., fly outs)• Fails for tight integration w/ API’s, CSS

• Isolation model, not a Security Architecture

Page 6: Scott Isaacs Presentationajaxexperience (Final)

Web Sandbox

• Isolate and secure the boundaries via composite host-defined policies

• Builds on existing knowledge• Embrace existing programming patterns• Provides browser equalization

• Open Source Project (Apache License)

Page 7: Scott Isaacs Presentationajaxexperience (Final)

QoS - Going beyond security

• Profiles executing code

• Error tracking and recovery

• Code Throttling

• LifeCycle management

• QoS Demo…

Page 8: Scott Isaacs Presentationajaxexperience (Final)

Your Web Page

Creating Secure Containers

Policy and Rules

Web Sandbox Virtual Machine

Untrusted ScriptPolicy and Rules

Web Sandbox Virtual Machine

Untrusted Script

Policy and Rules

Web Sandbox Virtual Machine

Untrusted Script

Page 9: Scott Isaacs Presentationajaxexperience (Final)

Web Sandbox: The Big Picture

Untrusted Content

TransformationPipeline

(Server or Client-based)

Virtualize Code

Trusted Host(e.g., Your Site)

Requests Content(untrusted)

Sandboxed ExecutionSandboxed Execution

SandboxVirtual Machine

(JavaScript Library)

Page 10: Scott Isaacs Presentationajaxexperience (Final)

Transformation Process

1. Request Resource

2. Parse Resource

3. Output JavaScript for execution within

the Sandbox VM

Let’s take a look….

Page 11: Scott Isaacs Presentationajaxexperience (Final)

Sandbox Virtual Machine

• Validates execution against policies

• Supports instancing and lifecycle

• Monitors QoS via profiling & throttling

• Protects external communication

Page 12: Scott Isaacs Presentationajaxexperience (Final)

Policies

• Contextually-aware API “tables”

• Allow/Deny/Augment rules

• Cascading model

• Default “Gadget” Policy

• Supports JavaScript/ W3C DOM

• Provides Namespace isolation

• Demo…

Page 13: Scott Isaacs Presentationajaxexperience (Final)

Simple Integration…

<script src="sandbox2.js"></script>

<div id="box"></div>

<script src="transform.ashx?

type=script&guid=GadgetGUID&ua=IE8&url=http://

siteexperts.com/untrusted.js"></script>

<script>

var instance = new

$Sandbox(document.getElementById("box"), $Policy.Gadget,

'GadgetGUID');

instance.initialize();

</script>

Page 14: Scott Isaacs Presentationajaxexperience (Final)

Closing Thoughts…

• Web Application ecosystem is evolving

• Applications getting richer via aggregation

• More valuable services and personal data are exposed

• The web security model must evolve

• Web-sandbox adds protection across the boundaries

• Sites can properly model and enforce the trust relationship

• Sites can protect themselves and their users

• Possible without redefining the web…

• Go play with it (http://websandbox.livelabs.com)

Page 15: Scott Isaacs Presentationajaxexperience (Final)

Learn more at:http://websandbox.livelabs.com

Also don’t miss the panelSecure Mashups: Getting to Safe Web Plug-insWednesday, 10:55am

Questions?