1 / 18

Cross-Origin JavaScript Capability Leaks: Detection, Exploitation and Defense

Cross-Origin JavaScript Capability Leaks: Detection, Exploitation and Defense. By Adam Barth, Joel Weinberger and Dawn Song. Overview. Current JavaScript Security Model Cross-Origin JavaScript Capability Leaks Capability Leak Detection Browser Defense Mechanism. The DOM and Access Control.

cadee
Télécharger la présentation

Cross-Origin JavaScript Capability Leaks: Detection, Exploitation and Defense

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Cross-Origin JavaScript Capability Leaks: Detection, Exploitation and Defense By Adam Barth, Joel Weinberger and Dawn Song

  2. Overview • Current JavaScript Security Model • Cross-Origin JavaScript Capability Leaks • Capability Leak Detection • Browser Defense Mechanism

  3. The DOM and Access Control

  4. The DOM and Access Control

  5. The JS Engine and Capabilities

  6. DOM vs JS Engine • The DOM provides an access control layer • The JavaScript engine treats objects as capabilities

  7. Overview • Current JavaScript Security Model • Cross-Origin JavaScript Capability Leaks • Capability Leak Detection • Browser Defense Mechanism

  8. Cross-Context References

  9. Cross-Context References

  10. DOM meets JS Engine

  11. DOM meets JS Engine

  12. Overview • Current JavaScript Security Model • Cross-Origin JavaScript Capability Leaks • Capability Leak Detection • Browser Defense Mechanism

  13. JavaScript Heap Inspection

  14. Instrumentation • In the JavaScript Engine object system • Object creation, destruction and reference • Calls into analysis library

  15. Computing JavaScript Contexts

  16. Overview • Current JavaScript Security Model • Cross-Origin JavaScript Capability Leaks • Capability Leak Detection • Browser Defense Mechanism

  17. Access Control Checks

  18. Conclusion • Heap Graph Analysis can be used to find vulnerabilities in web browser • Web Browser can provide mechanism to eliminate these vulnerabilities • Heap Graph Tool and Access Control Prototype for WebKit:

More Related