Interesting W3C Workshop - Security for Access to Device APIs
Thomas Roessler posted a call for papers for a W3 workshop on secure device access for web applications:
As the Web becomes an ubiquitous development platform, application developers need to get access to the features available on the computers or devices on which their Web application (through a browser or through a widget) is running.
With the emergence of the Web as a compelling alternative to locally installed applications, security issues are an increasing obstacle for realizing the full potential of the Web, in particular when Web applications developers need to get access to features not traditionally available in the browsing environment: cameras, GPS systems, connectivity and battery levels, external applications launch, access to personal data (e.g. calendar or addressbook), etc.
The goal of this workshop is to bring together people from a wide variety of backgrounds (API designers, security experts, usability experts, ...) to discuss the security challenges involved in allowing Web applications and widgets to access the APIs that allow to control these features, and to advise the W3C on appropriate next steps for any gap that needs to be addressed with new technical work.
I can think of a couple of ways web applications can currently touch the system. One is using Flash, but that can be overboard in a lot of cases, and locks you into a proprietary language. ActiveX is a much worse alternative. As I understand it, ActiveX checks for a valid code signing cert and signature, and then loads and runs a dynamic library in an environment with a great deal of ambient authority - in fact in many cases full Administrator authority over the machine! Even if vendors and code are carefully vetted, and all secret keys are carefully guarded, a mistake can easily leave an opening for untrusted scripts to execute arbitrary code - in fact it is quite common. Even Microsoft has figured out that ActiveX's security model does not work, and disabled controls by default in IE7 (about a decade late, but I suppose better than never).
The web browser as a platform is growing in the same way operating systems did - initially single user with very simple access controls and resource splitting, and growing in complexity as additional demands are placed on the designs, and mutually untrusting parties start to interact (though you could certainly make the case that has always been the case on the web, long before JavaScript). Caja seems a major advance along these lines - that the primary language for the browser platform (JavaScript) can be tamed into an object capability language seems a result of both careful design by Brendan Eich and quite a bit of luck. Perhaps this attribute of JavaScript can be leveraged further, using the lessons of both platform APIs like those in KeyKOS and Coyotos and object-capability languages to allow giving native device access in useful ways while preventing the worst abuses possible in many existing platforms.
I am looking forward to seeing the proceedings! The program committee has a bunch of interesting people on it, so this should be good.
(2008-10-14 edit: s/DirectX/ActiveX/g)
posted 2008/10/12 14:25 [category: bitbashing / security]
< Botan Used in Pirates of the Burning Sea | The Life of A Yeast >