thiago marcos p. santos intel...

Report

Post on 04-Jul-2020

4 Views

Category:

Documents

0 Downloads

Preview:

Click to see full reader

TRANSCRIPT

Hardening WebKit2

Thiago Marcos P. SantosIntel Corporation

2

example.com

Images source: Wikimedia.org

3

example.com

Images source: Wikimedia.org

4

example.com

Images source: Wikimedia.org

5

Trademarks and logos belong to their respective owners.Images source: Wikimedia.org

6

Trademarks and logos belong to their respective owners.

Web

Kit2

7

Trademarks and logos belong to their respective owners.

Linux

8

Trademarks and logos belong to their respective owners.

Tizen

9

Images source: Wikimedia.org

UIProcess WebProcess

IPC

10

UIProcess

WebProcess

IPC

Images source: Wikimedia.org

11

UIProcess

WebProcess

NetworkProcess

IPC IPC

Images source: Wikimedia.org

12

WebProcess

Trademarks and logos belong to their respective owners.Images source: Wikimedia.org

13

WebProcess

Trademarks and logos belong to their respective owners.Images source: Wikimedia.org

14

WebProcess

Trademarks and logos belong to their respective owners.Images source: Wikimedia.org

15

WebProcess

Trademarks and logos belong to their respective owners.

BrokerProcess

IPC

$HOME/.browser/example.com/* (rw)$HOME/.browser/defaults.conf (r)/usr/share/fonts/* (r)/* (not allowed)Images source: Wikimedia.org

16

Seccomp Filters

● Linux Kernel 3.5● Ubuntu 12.04● Whitelist syscalls● Blacklist syscalls● Trap syscalls and inspect its parameters● Make it possible to emulate a syscall● ~370 syscalls: libseccomp for the rescue

17

// Load seccomp filters // Load website

fd = open(path) write(fd, data) // IO close(fd) unlink(path) free(pointer)

WebProcess

Trademarks and logos belong to their respective owners.

// Receive serialized // syscalls

// Execute if allowed

// Send back results

BrokerProcess

IPC

Images source: Wikimedia.org

18

Additional information

● Performance implications● open() ~28x slower● 15.000 open()'s in ~590ms

● Source code# ls Source/WebKit2/Shared/linux/SeccompFilters/*

● How to build# ./Tools/Scripts/build-webkit --efl -2 --seccomp-filters

● Documentationhttp://tinyurl.com/seccompwk2

Questions?

21

UIProcess WebProcess

IPC

Web

Kit

Trademarks and logos belong to their respective owners.Images source: Wikimedia.org

22

UIProcess WebProcess

IPC

Chrom

ium

Trademarks and logos belong to their respective owners.

VirtualPlatform

Images source: Wikimedia.org

23

UIProcess WebProcess

IPC

Trademarks and logos belong to their respective owners.Images source: Wikimedia.org

Web

Kit

24

UIProcess WebProcess

IPC

Trademarks and logos belong to their respective owners.Images source: Wikimedia.org

Chrom

ium

top related

tese thiago
Documents
elipses thiago
Travel
03 empregabilidade - marcos haniu.ppt [modo …...01 micro...
Documents
thiago 902
Education
projeto interpares 3 - siarq.unicamp.br · danielle thiago...
Documents
thiago maihara
Documents
fratura da extremidade proximal da tíbia após …...
Documents
thiago 2011
Documents
miguilim, thiago e a estrada miguilim, thiago and the …
Documents
henrique castriciano em martins (manoel onofre...
Documents
capÍtulo 1 grupo 7: bruna paixão larissa ludmila marcos...
Documents
thiago augusto
Documents
prof. thiago cristófoli química prof. thiago cristófoli...
Documents
thiago rufino
Documents
marcos thiago gaudio gomes caracterizaÇÃo...
Documents
soa e web services aluno: thiago caproni tavares orientador:...
Documents
prof. thiago cristófoli química prof. thiago cristófoli...
Documents
thiago piccinini e thiago carvalho
Documents
thiago constÂncio ribeiro pereira - ufjf.br · agradeço...
Documents
thiago andrade
Documents