Object Capability    Security               Rafael Ferreira
Melissa
Document
DocumentMacro
DocumentMacro
Ambient Document Macro
Addressbook      Ambient           Document           Macro
Addressbook      Ambient           Document           Macro
Mafia Ville
Mafia VilleFarm Wars
Ambient  Mafia Ville  Farm Wars
Ambient  Mafia Ville  Farm Wars
Ambient  Untrusted
XAmbient  Untrusted
AmbientSandbox            Untrusted
AmbientSandbox            Untrusted
AmbientSandbox            Untrusted
XAmbient  Untrusted
Untrusted
OBJ        ECT              SUntrusted
How do objects    Meet?
var Creature = function () {...}var TheCreator = {   make: function() {     var creature = new Creature   }}
Parenthoodvar Creature = function () {...}var TheCreator = {   make: function() {     var creature = new Creature   }}
make: function() {  var reference = ...  var newObject = {    ...    var copy = reference  }}
Endowmentmake: function() {  var reference = ...  var newObject = {    ...    var copy = reference  }}
meet: function() {  var someObject = ...  var otherObject = ...  someObject.doSomething(otherObject)}
Introductionmeet: function() {  var someObject = ...  var otherObject = ...  someObject.doSomething(otherObject)}
this.reference = window .document .getElementById("farmWarsDiv")
Ambientthis.reference = window .document .getElementById("farmWarsDiv")
X            Ambientthis.reference = window .document .getElementById("farmWarsDiv")
Only connectivitybegets connectivity
Addressbook      Ambient           Document           Macro
AddressbookText Editor   Document
AddressbookText Editor   Document              Macro
AddressbookText Editor   Document              Macro
Object Capability· Memory Safety· No global actions· No magic objects· Encapsulation
The reference graphis the access graph
Ambient  Mafia Ville  Farm Wars
Hostpage
Widget       Area                   >              <divHostpage
Widget       Area            Mafia                   >              <div     VilleHostpage
Widget       Area            Mafia                   >              <div     VilleHostpage
Widget       Area                     Mafia                   >              <div              VilleHostpage              ...
Object Capability· Memory Safety· No global actions· No magic objects· Encapsulation
Object Capability· Memory Safety· No global actions· No magic objects· Encapsulation                              c ri pt ...
Google Caja
Google CajaJ avas cript               Ja vasc ript  Se cure
EcmaScript.NextStill Unsafe
EcmaScript.NextStill Unsafe     Can be secured
EcmaScript.Next· “use strict;”· Object.freeze· Module System  ·   Safe Eval· Proxies
Caretaker     StatusUpdater= {  updateStatus: function(message)}
Caretaker       StatusUpdaterHost                       Widgetpage
Caretaker StatusUpdater   ProxyHostpage                     Widget
Caretaker StatusUpdater          ProxyHostpage             Gate           Widget
obrigado@rafaeldff
Object Capability Security
Object Capability Security
Object Capability Security
Object Capability Security
Object Capability Security
Object Capability Security
Upcoming SlideShare
Loading in …5
×

Object Capability Security

0 views

Published on

Slides for a talk on Object Capability Security given in AgileBrazil 2011.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
0
On SlideShare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
110
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • Live documents 1970 Smalltalk
  • Macros
  • I love you virus
  • Melissa Macro Virus
  • Macro changes the current document (inserting Simpsons quotes)
  • Object Capability Security

    1. 1. Object Capability Security Rafael Ferreira
    2. 2. Melissa
    3. 3. Document
    4. 4. DocumentMacro
    5. 5. DocumentMacro
    6. 6. Ambient Document Macro
    7. 7. Addressbook Ambient Document Macro
    8. 8. Addressbook Ambient Document Macro
    9. 9. Mafia Ville
    10. 10. Mafia VilleFarm Wars
    11. 11. Ambient Mafia Ville Farm Wars
    12. 12. Ambient Mafia Ville Farm Wars
    13. 13. Ambient Untrusted
    14. 14. XAmbient Untrusted
    15. 15. AmbientSandbox Untrusted
    16. 16. AmbientSandbox Untrusted
    17. 17. AmbientSandbox Untrusted
    18. 18. XAmbient Untrusted
    19. 19. Untrusted
    20. 20. OBJ ECT SUntrusted
    21. 21. How do objects Meet?
    22. 22. var Creature = function () {...}var TheCreator = { make: function() { var creature = new Creature }}
    23. 23. Parenthoodvar Creature = function () {...}var TheCreator = { make: function() { var creature = new Creature }}
    24. 24. make: function() { var reference = ... var newObject = { ... var copy = reference }}
    25. 25. Endowmentmake: function() { var reference = ... var newObject = { ... var copy = reference }}
    26. 26. meet: function() { var someObject = ... var otherObject = ... someObject.doSomething(otherObject)}
    27. 27. Introductionmeet: function() { var someObject = ... var otherObject = ... someObject.doSomething(otherObject)}
    28. 28. this.reference = window .document .getElementById("farmWarsDiv")
    29. 29. Ambientthis.reference = window .document .getElementById("farmWarsDiv")
    30. 30. X Ambientthis.reference = window .document .getElementById("farmWarsDiv")
    31. 31. Only connectivitybegets connectivity
    32. 32. Addressbook Ambient Document Macro
    33. 33. AddressbookText Editor Document
    34. 34. AddressbookText Editor Document Macro
    35. 35. AddressbookText Editor Document Macro
    36. 36. Object Capability· Memory Safety· No global actions· No magic objects· Encapsulation
    37. 37. The reference graphis the access graph
    38. 38. Ambient Mafia Ville Farm Wars
    39. 39. Hostpage
    40. 40. Widget Area > <divHostpage
    41. 41. Widget Area Mafia > <div VilleHostpage
    42. 42. Widget Area Mafia > <div VilleHostpage
    43. 43. Widget Area Mafia > <div VilleHostpage <di v> Widget Area Farm Wars
    44. 44. Object Capability· Memory Safety· No global actions· No magic objects· Encapsulation
    45. 45. Object Capability· Memory Safety· No global actions· No magic objects· Encapsulation c ri pt av as J
    46. 46. Google Caja
    47. 47. Google CajaJ avas cript Ja vasc ript Se cure
    48. 48. EcmaScript.NextStill Unsafe
    49. 49. EcmaScript.NextStill Unsafe Can be secured
    50. 50. EcmaScript.Next· “use strict;”· Object.freeze· Module System · Safe Eval· Proxies
    51. 51. Caretaker StatusUpdater= { updateStatus: function(message)}
    52. 52. Caretaker StatusUpdaterHost Widgetpage
    53. 53. Caretaker StatusUpdater ProxyHostpage Widget
    54. 54. Caretaker StatusUpdater ProxyHostpage Gate Widget
    55. 55. obrigado@rafaeldff

    ×