skip to main content
research-article

Dynamic detection of object capability violations through model checking

Authors Info & Claims
Published:14 October 2014Publication History
Skip Abstract Section

Abstract

In this paper we present a new tool called DOCaT (Dynamic Object Capability Tracer), a model checker for JavaScript that detects capability leaks in an object capability system. DOCaT includes an editor that highlights the sections of code that can be potentially transferred to untrusted third-party code along with a trace showing how the code could be leaked in an actual execution. This code highlighting provides a simple way of visualizing the references untrusted code potentially has access to and helps programmers to discover if their code is leaking more capabilities then required. DOCaT is implemented using a combination of source code rewriting (using Sweet.js, a JavaScript macro system), dynamic behavioral intercession (Proxies, introduced in ES6, the most recent version of JavaScript), and model checking. Together these methods are able to locate common ways for untrusted code to elevate its authority.

References

  1. Adsafe. http://www.adsafe.org/, accessed June 2014.Google ScholarGoogle Scholar
  2. T. H. Austin, T. Disney, and C. Flanagan. Virtual values for language extension. SIGPLAN Not., 46(10):921--938, Oct. 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. A. Barth, U. Berkeley, J. Weinberger, and D. Song. Cross-origin javascript capability leaks: Detection, exploitation, and defense. In Proc. of the 18th USENIX Security Symposium (USENIX Security 2009), 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. A. Bruni, T. Disney, and C. Flanagan. A peer architecture for lightweight symbolic execution. 2013.Google ScholarGoogle Scholar
  5. T. V. Cutsem and M. S. Miller. Trustworthy proxies: Virtualizing objects with invariants. In ECOOP 2013, 2013. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. T. V. Cutsem and S. Miller. Proxies: Design principles for robust object-oriented intercession APIs. In Dynamic Languages Symposium, 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. C. Dimoulas, S. D. Moore, A. Askarov, and S. N. Chong. Declarative policies for capability control. Institute of Electrical and Electronics Engineers, 2014.Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. S. Drossopoulou and J. Noble. The need for capability policies. In Proceedings of the 15th Workshop on Formal Techniques for Java-like Programs, FTfJP '13, pages 6:1--6:7, New York, NY, USA, 2013. ACM. Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. FacebookAPI. https://developers.facebook.com/docs /reference/php/facebook-api/, accessed June 2014.Google ScholarGoogle Scholar
  10. M. Flatt and PLT. Reference: Racket. Technical Report PLT-TR2010-1, PLT Inc., June 7, 2010. http://racketlang.org/tr1/.Google ScholarGoogle Scholar
  11. Global object poisoning. http://code.google.com/p/google- caja/wiki/GlobalObjectPoisoning, accessed June 2014.Google ScholarGoogle Scholar
  12. A. Goldberg and D. Robson. Smalltalk-80: the language and its implementation. Addison-Wesley Longman Publishing Co., Inc., Boston, MA, USA, 1983. Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. Caja. http://code.google.com/p/google-caja/, accessed June 2014.Google ScholarGoogle Scholar
  14. V. Kashyap and B. Hardekopf. Security signature inference for javascript-based browser addons. In Proceedings of Annual IEEE/ACM International Symposium on Code Generation and Optimization, CGO '14, pages 219:219--219:229, New York, NY, USA, 2014. ACM. Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. S. Maffeis, J. Mitchell, and A. Taly. Object capabilities and isolation of untrusted web applications. Dep. of Computing, Imperial College London, Technical Report DTR10-04, 2010.Google ScholarGoogle Scholar
  16. M. S. Miller. Robust Composition: Towards a Unified Approach to Access Control and Concurrency Control. PhD thesis, Johns Hopkins University, 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. M. S. Miller and T. V. Cutsem. Catch-all proxies. http:// wiki.ecmascript.org/doku.php?id=harmony:proxies.Google ScholarGoogle Scholar
  18. M. S. Miller, T. V. Cutsem, and B. Tulloh. Distributed electronic rights in javascript. ESOP'13 22nd European Symposium on Programming, 2013. Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. M. S. Miller, E. D. Tribble, and J. Shapiro. Concurrency among strangers: Programming in E as plan coordination. In In Trustworthy Global Computing, International Symposium, TGC 2005, pages 195--229. Springer, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. M. S. Miller, B. Tulloh, and J. S. Shapiro. The structure of authority: Why security is not a separable concern. In Proceedings of the Second International Conference on Multiparadigm Programming in Mozart/Oz, MOZ'04, pages 2--20, Berlin, Heidelberg, 2005. Springer-Verlag. Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. Sweet.js. http://http://sweetjs.org/, accessed June 2014.Google ScholarGoogle Scholar
  22. Global scope reachable via this. http://code.google.com/p /google-caja/wiki/GlobalScopeViaThis, accessed June 2014.Google ScholarGoogle Scholar
  23. S. Tobin-Hochstadt and D. Van Horn. Higher-order symbolic execution via contracts. SIGPLAN Not., 47(10):537--554, Oct. 2012. Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. G. van Rossum and F. Drake. Python Reference Manual. PythonLabs, Virginia, USA, 2001. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Dynamic detection of object capability violations through model checking

    Recommendations

    Comments

    Login options

    Check if you have access through your login credentials or your institution to get full access on this article.

    Sign in

    Full Access

    • Published in

      cover image ACM SIGPLAN Notices
      ACM SIGPLAN Notices  Volume 50, Issue 2
      DLS '14
      February 2015
      146 pages
      ISSN:0362-1340
      EISSN:1558-1160
      DOI:10.1145/2775052
      • Editor:
      • Andy Gill
      Issue’s Table of Contents
      • cover image ACM Conferences
        DLS '14: Proceedings of the 10th ACM Symposium on Dynamic languages
        October 2014
        160 pages
        ISBN:9781450332118
        DOI:10.1145/2661088

      Copyright © 2014 ACM

      Publisher

      Association for Computing Machinery

      New York, NY, United States

      Publication History

      • Published: 14 October 2014

      Check for updates

      Qualifiers

      • research-article

    PDF Format

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader
    About Cookies On This Site

    We use cookies to ensure that we give you the best experience on our website.

    Learn more

    Got it!