1 / 29

Update on MIT-LL Integration

Update on MIT-LL Integration. Bill Harris and Rich Joiner. Schedule: JAM. Deliverables: Policy for Secure Note application JAM weaver Chrome browser modified for enforcement Weaver/policy delivery planned for 9/3. Enforcement delivery planned for 9/10. Application: Secure Note.

myra
Download Presentation

Update on MIT-LL Integration

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Update on MIT-LL Integration Bill Harris and Rich Joiner

  2. Schedule: JAM • Deliverables: • Policy for Secure Note application • JAM weaver • Chrome browser modified for enforcement • Weaver/policy delivery planned for 9/3. • Enforcement delivery planned for 9/10.

  3. Application: Secure Note • Written by MIT-LL crew • Code comprises • SNote application logic • Midori UI library • Google AES encryption library • http://snote/SNoteSwindler.html

  4. Policy • Read-only, write-once for display elements • Write-only, read-once for input elements

  5. Policy state machine a: set(%x.textContent) && %x.className === “non-editable” b: set(%x.innerHTML) && %x.className === “non-editable” c: get(%x.textContent) && %x.className === “destructive-read” d: get(%x.innerHTML) && %x.className === “destructive-read” e: set(%x.textContent) && %x.className === “read-only” f: set(%x.textContent) && %x.className === “read-only” g: get(%x.textContent) && %x.className === “write-only” h: get(%x.textContent) && %x.className === “write-only” 1 a|b a|b 0 -1 e|f|g|h c|d c|d 2

  6. Policy specification 0,2: set(%x.textContent) && %x.className === "non-editable" 2,-1: set(%x.innerHTML) && %x.className === "non-editable" 0,2: set(%x.innerHTML) && %x.className === "non-editable" 2,-1: set(%x.textContent) && %x.className === "non-editable" 0,-1: set(%x.innerHTML) && %x.className === "read-only“ 0,-1: set(%x.textContent) && %x.className === "read-only" 0,1: get(%x.textContent) && %x.className === "destructive-read" 1,-1: get(%x.textContent) && %x.className === "destructive-read" 0,1: get(%x.innerHTML) && %x.className === "destructive-read" 1,-1: get(%x.innerHTML) && %x.className === "destructive-read" 0,-1: get(%x.textContent) && %x.className === "write-only" 0,-1: get(%x.innerHTML) && %x.className === "write-only"

  7. JAM Weaver • To be delivered as a virtual machine image • Compiled JAM binaries • Test cases • Script to download and install dependencies • Documentation • Policy specification language • General usage • Current limitations

  8. Enforcement • Checks are evaluated at runtime in an isolated forked process • JavaScript native functions added to trigger the fork and evaluate policy predicates • To be delivered as a stand-alone Chrome binary built on FreeBSD 9.

  9. CapWeave in the CRASH System • Overview of CapWeave usage • Sketch of our approach • Discuss deliverables, requirements

  10. CapWeave Usage • CRASH server generates web contentby running php scripts • CRASH team defines policy for all php scripts • CRASH team applies CapWeave to rewrite phpinterpreter to enforce policy

  11. php workflow filesystem php web_script.cgi web content

  12. php Requirements • Whitelist of system libs: read-only • php, MediaWikiconfig. files: read-only • MediaWikiphp scripts: read-only • MediaWiki skin files: read-only • Scratch directories (e.g., /tmp): read-write • Sockets to database server: read-write

  13. CapWeave in the CRASH System • Overview of CapWeave usage • Sketch of our approach • Discuss deliverables, requirements

  14. UW Challenges • Express requirements in policy language • Rewrite/weave the php to satisfy the policy

  15. A Shim for open() intshim_open(char* path, int mode) { intfd = open(path, mode); if (sat_req_1(path)) { cw_act(0); } if (sat_req_2(path)) { … } return fd; }

  16. Requirement 1 Policy (* requirement 1 policy: *) let not_fd_read = … in any_act* . (cw_act 0) . (any_prog_actwith not_fd_read)

  17. A Weaved shim_open() intshim_open(char* path, int mode) { intfd = open(path, mode); if (sat_req_1(path)) { cw_act(0); lc_limitfd(fd, CAP_READ); } if (sat_req_2(path)) { … } return fd; }

  18. CapWeave in the CRASH System • Overview of CapWeave usage • Sketch of our approach • Discuss deliverables, requirements

  19. Requirements • Decision functions for each requirement • E.g.: • intis_whitelist_sys_lib(char* path) • intis_mediawiki_config(char* path)

  20. Deliverables • Policy regex text file • Capsicum 9 VMWare image with weaved php • Capsicum team recently posted a workingCapsicum VMWare image

  21. Extra Slides

More Related