Upload
francine-daniel
View
256
Download
1
Embed Size (px)
Citation preview
Microsoft Web Sandbox
Scott IsaacsSoftware ArchitectMicrosoft Corporationhttp://websandbox.livelabs.com
Why Web 2.0 is Broken
<div id="sitemeter" class="plain"><!--WEBBOT bot="HTMLMarkup" startspan ALT="Site Meter" --><script type="text/javascript" language="JavaScript">var site="s15gizmodo"</script><script type="text/javascript" language="JavaScript1.2" src="http://s15.sitemeter.com/js/counter.js?site=s15gizmodo"></script>
How We Got HereWeb 2.0 concepts built on Web 1.0 technology
Technology dates back to the 90sStarted with hit counters (images)Transitioned to affiliate programs/advertisingEvolved to Web 2.0 mash-ups
Desire to integrate capabilities via services and experiencesCreates low-cost innovation
Web is a “platform”Linking APIs, Experiences, Services, & Data
The risks are still the same…
Today's "State Of The Art"
Ignore the problemIFrame the problem
Too loosely coupledIsolation without securityIntegration is difficult
Redirects, installers, history, click-jacking, etc
First Generation Solutions: AdSafe, FBJSNone address Quality of Service (QoS)
Beyond Today's State of the ArtGoal: Secure Web 2.0
Sandboxes: Caja, FBJS 2…StandardsECMA TC-39 Security Working GroupTogether converging on a standard
The Web SandboxBuilding on your existing skills
Capability-oriented frameworkMash-up securityQuality of service protectionBrowser equalizationExtensible policy engine
Open Source Project (Apache License)Let’s go play….
Your Web Page
Creating Secure Containers
Policy and Rules
Web Sandbox Virtual Machine
Untrusted ScriptPolicy and Rules
Web Sandbox Virtual Machine
Untrusted ScriptPolicy and Rules
Web Sandbox Virtual Machine
Untrusted Script
Policy and Rules
Web Sandbox Virtual Machine
Untrusted Script
Web Sandbox: The Big Picture
TransformationPipeline
(Server or Client-based)
Untrusted Content
Virtualize Code
Trusted Host(e.g., Your Site)
Requests Content(untrusted)
Sandboxed ExecutionSandboxed Execution
Virtual Machine(JavaScript Library)
Transformation PipelinePerformed Server or Client-side
Untrusted Content
HTML to JSON
CSS to JSONTransform all
Scripts
Package With Script
Ready to Run!
Sandbox Virtual MachineVia Client-Side JavaScript Library
Code Invocations
Type and Apply Rule
Sandbox Instance
Interception Layer
Monitor QoS
Sandbox InstanceSandbox Instance
Ready to Run!
Going Beyond Security
Use the materials in the roomCross-browser UbiquityNormalize W3C StandardsNo Gadget SDK
Processing ModelLifecycle (simulates process isolation)Automatic multi-instancingCode throttling & QoS monitoringDefaults patterned after IFrames
Why is QoS Hard?
Lack of isolationIncreased surface area
Testing challengesUnintentional conflictsNo feedback loop
Single point of failure
The Fine Print
Goal: Support 99% of the language1. HTML must be well-formed2. document.write3. No arbitrary code “eval”uation4. JavaScript with statement5. Silverlight and Flash SupportTrade-offs
Performance: 1.5 – 4xIntermediate transformation stepMore difficult debugging (?debug=true flag)
Get Involved
An Open Source Projecthttp://websandbox.livelabs.com
Interactive DocumentationPlayground and Samples
Hack us! Break us! Integrate the Web Sandbox
Community ForumsWe want all feedbackPublic Full Disclosure Forum
Work together defining the standard
© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after
the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.