Sunday, October 21, 2012

Security and Objects

Mobile code is one of the great challenges for software security. Lets say  you are writing an email application. The idea that people could send little apps to each other in email messages might seem like a potentially interesting feature: users could build polls, schedule meetings, play games, share interactive documents. Kind of cool.

And if the platform you are building upon supports reflectively evaluating code, it could be as easy as something like this (in OO pseudocode):

    define load_message(message)
        ...
        eval(message.code)

Of course it can't be that easy. What if the code in the message does something like:

    new stdlib.io.File("/").delete()

The standard way to avoid the vulnerability is to put the code in a so-called sandbox. It sounds very secure, but in practice this usually amounts to gathering up a list of "dangerous" call sites and inserting in each some code to check if the caller has permission to proceed. So the implementation of delete would include code along the lines of:

    define delete()
        if VM.callStackContainsEvilCode?()
            raise YouShallNotPassException()

        ...

This is fraught with problems. It requires runtime support for inspecting the call stack and a system for declaring that certain code has some level of authorization while some other code has a lower level. Not to mention the busywork of going trough the code and peppering that little snippet over every suspect call site. If you miss one — say, for instance, a method that gets the addresses of all contacts on your email application — and you have a security bug on your hands.

A better way ?

Perhaps there is a better way. Take another look at the offending line: new stdlib.io.File("/").delete(). It is only able to call the dangerous delete() method because it has a reference to a file object pointing to the root of the filesystem. And it only has that reference because it could reach for the File class on a global namespace. What if there was no global namespace?

It might seem weird, but it's not that hard to imagine a programming system lacking a global namespace. Many object-oriented languages, following Smalltalk's lead, have a notion of a metaclass, an object that represents a class. Many of them (also following Smalltak) also get by without a "new" operator. Objects are created by calling a method — usually named new() — on the metaclass object.

We are very close now. The last step, unfortunately not taken by most common languages, is to avoid anchoring the metaclass object onto a global namespace. The result is that code can only create objects of the classes it holds a reference to. And it only has a reference if it is given one via a method or constructor parameter.

Proceeding recursively, we end up with a stratified program. There is an entry point that receives a reference to the entire standard library, and each call site decides how much authority to grant each callee. On our example, when we evaluate external code we can grant very little authority, meaning we can pass the evaluated code just a handful of references. Care must be taken so that none of them will direct or indirectly provide a way to create a File. In a way, object design becomes security policy.

And we get very fine-grained control over such policy. We could, for instance, grant loaded code authority to write on a designated directory just by passing it a reference to the Directory object for that directory. Our choices get even more interesting when we realize we can pass references to proxies instead of real objects in order to attenuate authority. Continuing with our example, hoping it doesn't get too contrived, we could build a proxy for the Directory that checks if callers exceed a given quota of disk space.

Research

I have mentioned above that most common languages don't fit this post's description. But there are languages that do, a prime example is E. In fact, there is a whole area of research for dealing with security in this manner, it's called "object capability security".

I'm not really a security guy, I got interested in the area due to the implications for language and system design. If you got interested, for any reason, please check out Mark Miller's work. He is the creator of the E language and the javascript-based Caja project. His thesis is very readable.

245 comments:

«Oldest   ‹Older   201 – 245 of 245
Unknown said...

Hi buddies, it is great written piece entirely defined, continue the good work constantly. cyber security training institute in delhi

Dettifoss IT Solutions said...

A splendid job! Thank you for blog. you write very nice articles, I visit your website for regular updates.
ServiceNow Training in Chennai

Unknown said...

Hi, I log on to your new stuff like every week. Your humoristic style is witty, keep it up cloud computing training institute in gurgaon

Gaurav said...

What are rising in cancer ascendant characteristics? ... Cancer ascendants are very loyal and compassionate. They are adventurous and wild.

Maneesha said...

Thanks for posting this info. I just want to let you know that I just checked out your site and I find it very interesting and informative. I can't wait to read lots of your posts.
data analytics training in hyderabad

Neena07 said...

Students assignment help uk is the most trusted and experienced essay writing service company in the UK and has well-educated and experienced professors to help you with your essay writing. We provide Essay writing services UK at the most reasonable price with 100% plagiarism-free content and 24*7 assistance help.

Nathan said...

I wanted to thank you for this great read!! I definitely enjoying every little bit of it waiting for next one.
Data Analytics Course in Chennai

Dettifoss IT Solutions said...

A splendid job! Thank you for blog. you write very nice articles, I visit your website for regular updates.
AWS DevOps training in Hyderabad

Dettifoss IT Solutions said...

A splendid job! Thank you for blog. you write very nice articles, I visit your website for regular updates.
servicenow training and placement in hyderabad

anonymous said...

I want to leave a little comment to support and wish you the best of luck.we wish you the best of luck in all your blogging enedevors
data analytics course in varanasi

Gaurav said...

ketu in 12th house is a very auspicious Yoga for people who have the desire to travel to foreign lands and settle in a foreign country.

Ramesh Sampangi said...

Nice blog and informative. I appreciate your efforts in this blog. Wishing you the best of luck in your future blogs.
AI Patasala Data Science Training in Hyderabad

Essien said...

I like this blog very much because its a really nice article to read and get more information and lovely place every one will love to learn from. Thanks for sharing. Also visit godfrey-okoye university cut off mark

data science bangalore said...

I was curious if you ever thought of changing the layout of your site? Its very well written; I love what youve got to say. But maybe you could a little more in the way of content so people could connect with it better. Youve got an awful lot of text for only having 1 or 2 pictures. Maybe you could space it out better?|

Professional Writers Online said...
This comment has been removed by the author.
HIGS software said...

http://higssoftware.com/thesis-writing-services.php
HIGS- the best thesis writing or dissertation writing service in India, we explain to you about thesis writing, thesis writing definition and we offer endless thesis writing services or dissertation writing. We offer the best thesis writing help for all our clients across the globe. With us, you will definitely achieve the goal of success. Our team always gives our hands in providing help for thesis writing and we extend of horizons of knowledge in many places such as PhD thesis writing service in Chennai, Delhi, Hyderabad, Bangalore, Kerala, and more. With our great help in thesis writing service, you will get the best thesis writing help by meeting the high-level standard.

traininginstitute said...

It is extremely nice to see the greatest details presented in an easy and understanding manner.
data scientist course

myassignmenthelp said...

I am glad after coming on this site! It has the information that I was searching from so long. Students struggling to write their academic assignments can pick for our assignment help service and can get a well written work from us.
petroleum engineering assignment help

Sam Smith said...

Before you even start plugging in any numbers, it is important that you decide for a strategy to pursue for the game. Even more important is, to stick to it! I have encountered two successful strategies so far: medium-quality shoes (S/Q rating of 5-6 stars) paired with high number ofmodels (250-350 models) and high-quality shoes (S/Q rating of 8-10 stars) paired with lownumber of models (50 models). For this blog post, I will concentrate on the high-quality + lowmodel strategy. Read more about Business Strategy Game Help

Career Program and Skill Development said...

Very informative message! There is so much information here that can help any business start a successful social media campaign


Business Analytics Course

PMP Training in Malaysia said...

360DigiTMG, the top-rated organisation among the most prestigious industries around the world, is an educational destination for those looking to pursue their dreams around the globe. The company is changing careers of many people through constant improvement, 360DigiTMG provides an outstanding learning experience and distinguishes itself from the pack. 360DigiTMG is a prominent global presence by offering world-class training. Its main office is in India and subsidiaries across Malaysia, USA, East Asia, Australia, Uk, Netherlands, and the Middle East.

Unknown said...

Really impressed! Everything is very open and very clear clarification of issues. It contains truly facts. Your website is very valuable. Thanks for sharing. data scientist course in surat

Unknown said...

The next time I read a blog, I hope that it doesnt disappoint me as much as this one. I mean, I know it was my choice to read, but I actually thought you have something interesting to say. All I hear is a bunch of whining about something that you could fix if you werent too busy looking for attention. data science course in mysore

traininginstitute said...

Great tips and very easy to understand. This will definitely be very useful for me when I get a chance to start my blog.
cyber security course malaysia

Customer Service said...

Thank You for Providing Such insightful information. If someone is looking for the QuickBooks Support Phone Number in US.

Michael B Packer said...

United flight cancellation are handled through the United Airlines cancellation process, which allows passengers to cancel their reservations directly through the website, over the phone with the customer service helpline, or through an outsider scratch-off if the traveller had previously booked the trip with someone else. Following 24 hours of procurement, cutting costs may be necessary.



House Cleaning Honolulu said...

Thank you for sharing this article. Keep it up!
House Cleaning Honolulu

Steve said...

Robinhood is an online investing platform offering commission-free trading on several US-listed investment types, with high-yield cash management offerings, margin trading, and access to initial public offering (IPO) investments.Open the Robinhood Login app and sign in with your email address and password. Tap the Account (person) icon in the bottom right corner. Tap the three bars in the top right corner.Phantom wallet |

johncarter said...


I like to read this type of content very much and thanks. aol mail

https://buyplaystationonline.com/ said...

What a great content we have here buy PlayStation 5 online as we browse we also see this blog too and is pretty good buy Playstation 5 video game online we also realize that blog are good for business we also bring buy vyvanse online best blog to visit https://deutschenf├╝hrerscheinkaufen.de

What a great content we have here buy PlayStation 5 online as we browse we also see this blog too and is pretty good buy Playstation 5 video game online we also realize that blog are good for business we also bring buy vyvanse online best blog to visit

https://buyplaystationonline.com/ said...

What a great content we have here buy PlayStation 5 online as we browse we also see this blog too and is pretty good buy Playstation 5 video game online we also realize that blog are good for business we also bring buy https://deutschenf├╝hrerscheinkaufen.de online best blog to visit

vhvhv said...

Coinbase Pro was designed as a virtual currency exchange for professionals and institutions to trade some of the world's most popular digital assets. Customers with a Coinbase Pro account may be able to access exclusive features that are no longer available on any other platform. This platform caters to big volume and seasoned traders rather than novices. Coinbase Pro appears to offer and assist with bitcoin usage. Coinbase Pro Login features are extremely rapid and simple to use. This platform is a global trading blockchain network comprised of the world's largest traders, of which you are a part. Robinhood Login Effective immediately, all of these cash sweep balances are now earning 3.75% interest with the interest compounding daily. Binance Login is the official Binance cryptocurrency wallet for accessing BNB Smart Chain (BSC), BNB Beacon Chain, and Ethereum. Coinbase Login and our customers are not in any direct danger of liquidity or credit risk. Regardless of whether the Binance/FTX transaction completes, we have very little exposure to FTX and we have no exposure to its token, FTT.

leophilipe said...

Thanks for providing an informative blog....


Digital Marketing Company in Chennai

Digital Marketing Services Chennai


ravise23 said...

nift study material

Rasheed Khan said...

Thanks for the sharing the useful information. This post is very amazing and useful. You are also read more then click here best tuition classes for class 3. Thank You!

Sahib said...

"Want to file the GST return? Check your GST return filing status online. Click here Visit GST return service.com! to know all about filing for GST return, its types, return frequency, and the process."

Angel17 said...

I am glad to read this blog. Excellent post. Pool Removal Joliet

Vinsmoke Sanji said...

Delta Airlines | Qantas Airlines | Coinbase Wallet | MetaMask Wallet | MetaMask Wallet |

My Translation Services said...

MyTranslationServices.com takes pride in being a trusted provider of academic translation online in UK. We have built a strong reputation for our commitment to excellence, accuracy, and customer satisfaction. With our user-friendly online platform, you can easily submit your documents and track the progress of your translations.

Assignment Help Online said...

This is a Creative post which is so reflective and desiring for all. We provide such informative posts. Are you looking for Online Exam Help? We guarantee that our top writers provide you the plagiarism free content. With their guidance you can achieve you assigned targets.• It is our mission to provide students with the highest-calibre guidance and support in online exams from tutors who possess both an academic background and relevant working experience in the subject matter.

Emily Wilson said...

Nice blog. online assignment help australia

Anonymous said...

Explore Healing Buddha's unwavering commitment to continuous professional development. Discover how they stay at the forefront of energy healing by continuously expanding their knowledge and skills.

pranic healing

theglobalhues said...

Explore the intersection of technology and business with The Global Hues, where innovation takes center stage.
theglobalhues

k9nerds said...

Your pet must be allotted its very own private and safe resting spot in the house. It can run to this space to feel secure whenever the sound of thunder frightens it.know more info A pup may feel safe hiding under its human’s bed. If this is the case with your furry pal, leave your bedroom door open for it to sneak in when feeling scared and anxious.

tom elis said...

YesMovies, established in the early 2010s, stands out as a popular and user-friendly online streaming platform, providing a diverse array of movies and TV shows. With its intuitive interface, users can easily explore content based on genres, release years, and IMDb ratings. While YesMovies offers convenient access to a wide range of entertainment, it's important to be aware of copyright considerations. For a positive and legal streaming experience, users are encouraged to explore legitimate alternatives that align with copyright laws in their region, ensuring a secure and ethical approach to enjoying their favorite content. Yes movies

«Oldest ‹Older   201 – 245 of 245   Newer› Newest»