![Page 1: Cross-Origin JavaScript Capability Leaks: Detection, Exploitation and Defense](https://reader035.vdocuments.mx/reader035/viewer/2022081513/56816137550346895dd0949a/html5/thumbnails/1.jpg)
Cross-Origin JavaScript Capability Leaks: Detection,
Exploitation and DefenseBy Adam Barth, Joel Weinberger and Dawn Song
![Page 2: Cross-Origin JavaScript Capability Leaks: Detection, Exploitation and Defense](https://reader035.vdocuments.mx/reader035/viewer/2022081513/56816137550346895dd0949a/html5/thumbnails/2.jpg)
Current JavaScript Security Model
Cross-Origin JavaScript Capability Leaks
Capability Leak Detection
Browser Defense Mechanism
Overview
![Page 3: Cross-Origin JavaScript Capability Leaks: Detection, Exploitation and Defense](https://reader035.vdocuments.mx/reader035/viewer/2022081513/56816137550346895dd0949a/html5/thumbnails/3.jpg)
The DOM and Access Control
![Page 4: Cross-Origin JavaScript Capability Leaks: Detection, Exploitation and Defense](https://reader035.vdocuments.mx/reader035/viewer/2022081513/56816137550346895dd0949a/html5/thumbnails/4.jpg)
The DOM and Access Control
![Page 5: Cross-Origin JavaScript Capability Leaks: Detection, Exploitation and Defense](https://reader035.vdocuments.mx/reader035/viewer/2022081513/56816137550346895dd0949a/html5/thumbnails/5.jpg)
The JS Engine and Capabilities
![Page 6: Cross-Origin JavaScript Capability Leaks: Detection, Exploitation and Defense](https://reader035.vdocuments.mx/reader035/viewer/2022081513/56816137550346895dd0949a/html5/thumbnails/6.jpg)
The DOM provides an access control layer
The JavaScript engine treats objects as capabilities
DOM vs JS Engine
![Page 7: Cross-Origin JavaScript Capability Leaks: Detection, Exploitation and Defense](https://reader035.vdocuments.mx/reader035/viewer/2022081513/56816137550346895dd0949a/html5/thumbnails/7.jpg)
Current JavaScript Security Model
Cross-Origin JavaScript Capability Leaks
Capability Leak Detection
Browser Defense Mechanism
Overview
![Page 8: Cross-Origin JavaScript Capability Leaks: Detection, Exploitation and Defense](https://reader035.vdocuments.mx/reader035/viewer/2022081513/56816137550346895dd0949a/html5/thumbnails/8.jpg)
Cross-Context References
![Page 9: Cross-Origin JavaScript Capability Leaks: Detection, Exploitation and Defense](https://reader035.vdocuments.mx/reader035/viewer/2022081513/56816137550346895dd0949a/html5/thumbnails/9.jpg)
Cross-Context References
![Page 10: Cross-Origin JavaScript Capability Leaks: Detection, Exploitation and Defense](https://reader035.vdocuments.mx/reader035/viewer/2022081513/56816137550346895dd0949a/html5/thumbnails/10.jpg)
DOM meets JS Engine
![Page 11: Cross-Origin JavaScript Capability Leaks: Detection, Exploitation and Defense](https://reader035.vdocuments.mx/reader035/viewer/2022081513/56816137550346895dd0949a/html5/thumbnails/11.jpg)
DOM meets JS Engine
![Page 12: Cross-Origin JavaScript Capability Leaks: Detection, Exploitation and Defense](https://reader035.vdocuments.mx/reader035/viewer/2022081513/56816137550346895dd0949a/html5/thumbnails/12.jpg)
Current JavaScript Security Model
Cross-Origin JavaScript Capability Leaks
Capability Leak Detection
Browser Defense Mechanism
Overview
![Page 13: Cross-Origin JavaScript Capability Leaks: Detection, Exploitation and Defense](https://reader035.vdocuments.mx/reader035/viewer/2022081513/56816137550346895dd0949a/html5/thumbnails/13.jpg)
JavaScript Heap Inspection
![Page 14: Cross-Origin JavaScript Capability Leaks: Detection, Exploitation and Defense](https://reader035.vdocuments.mx/reader035/viewer/2022081513/56816137550346895dd0949a/html5/thumbnails/14.jpg)
In the JavaScript Engine object system
Object creation, destruction and reference
Calls into analysis library
Instrumentation
![Page 15: Cross-Origin JavaScript Capability Leaks: Detection, Exploitation and Defense](https://reader035.vdocuments.mx/reader035/viewer/2022081513/56816137550346895dd0949a/html5/thumbnails/15.jpg)
Computing JavaScript Contexts
![Page 16: Cross-Origin JavaScript Capability Leaks: Detection, Exploitation and Defense](https://reader035.vdocuments.mx/reader035/viewer/2022081513/56816137550346895dd0949a/html5/thumbnails/16.jpg)
Current JavaScript Security Model
Cross-Origin JavaScript Capability Leaks
Capability Leak Detection
Browser Defense Mechanism
Overview
![Page 17: Cross-Origin JavaScript Capability Leaks: Detection, Exploitation and Defense](https://reader035.vdocuments.mx/reader035/viewer/2022081513/56816137550346895dd0949a/html5/thumbnails/17.jpg)
Access Control Checks
![Page 18: Cross-Origin JavaScript Capability Leaks: Detection, Exploitation and Defense](https://reader035.vdocuments.mx/reader035/viewer/2022081513/56816137550346895dd0949a/html5/thumbnails/18.jpg)
Heap Graph Analysis can be used to find vulnerabilities in web browser
Web Browser can provide mechanism to eliminate these vulnerabilities
Heap Graph Tool and Access Control Prototype for WebKit:
Conclusion