linerbag.blogg.se - Multilibrary chart laravel

ﬁne-grained read-write-execute permissions (RWX) that guard It also uses import everywhere, for both Node’s require and ES6’s import.

achieved earlier in the supply chain, for actively-malicious Speciﬁcation MIR’s permission model allows specifying 1This paper uses the terms library, module, and package interchangeably. ing, MIR minimizes the effects of dynamic compromise- Such dynamic compromise-as opposed to compromise regardless of the behavior exercised by a library and its clients. Coupling default-deny runtime to compromise the entire application-or worse, the semantics with explicit and statically-inferrable whitelist- broader system on which the application is executing. MIR’s key insight is that libraries created and authored with the best possible intentions-i.e., cannot be subverted at runtime to exploit functionality to are not actively malicious-their privilege can be exploited at which they do not already have access. Even when libraries are compatible fashion (Fig.1). Such reliance has led to an explosion of at- To address dynamic compromise, MIR augments a module tacks : overprivileged code in imported system with a model for specifying, enforcing, inferring, and libraries provides an attack vector that is exploitable long quantifying the privilege available to libraries in a backward- after libraries reach their end-users. For example, only the client of a de- 1 Introduction serialization library knows whether it will be fed non-sanitizedĪrXiv:2011.00253v1 input coming directly from the network the library’s devel- Modern software development relies heavily on third-party opers cannot make such assumptions about its use. use covers a much larger space, typically understood by the library’s clients. A library’s intended use is a small space well- usable in practice (1.93% overhead), and it enables a novel understood by its developers, but unexpected or pathological quantiﬁcation of privilege reduction. Default-allow semantics give any library demonstrates that the RWX permission model combines sim- unrestricted access to all of the features in a programming plicity with power: it is simple enough to automatically infer language-e.g., accessing global variables, introspecting and 99.33% of required permissions, it is expressive enough to rewriting core functionality, and even importing other li- defend against 16 real threats, it is efﬁcient enough to be braries. Ap- fraction of this functionality may be used by any one par- plied to 50 popular libraries, MIR’s prototype for JavaScript ticular client.

ers, MIR’s permission inference generates default permissions Libraries offer a great deal of functionality, but only a small by analyzing how libraries are used by their consumers.

As permissions can overwhelm develop- libraries-is possible due to several compounding factors. gram execution, MIR transforms libraries and their context to add runtime checks. To enforce these permissions during pro- runtime in order to (quantiﬁably) lower the privielge of these libraries over the rest of the application and its surrounding environment. It then enforces these permissions at importing libraries. MIR analyzes individual libraries, many of which may by a set of permissions, which developers can express when be subvertible, to generate permissions. Every ﬁeld of an imported library is governed Fig. R MIR addresses this problem by introducing a ﬁne-grained read-write-execute (RWX) permission model at the boundaries Vanilla Application MIR-Augmented Application This addi- 8/27 1/12 tional privilege is often exploited at runtime via dynamic com- R 1/3 promise, even when these libraries are not actively malicious. However, they often execute with signiﬁcantly 5/6 more privilege than needed to complete their task. Nikos Vasilakis Cristian-Alexandru Staicu† Greg Ntousakis◦ Konstantinos Kallas‡ Ben Karel André DeHon‡ Michael Pradel†† MIT, CSAIL †TU Darmstadt & CISPA ◦TU Crete ‡University of Pennsylvania Zarno Labs ††University of StuttgartĪbstract … : RW static W … : W analysis … : X Third-party libraries ease the development of large-scale soft- … : RX R 2/9 … W ware systems. MIR: Automated Quantiﬁable Privilege Reduction Against Dynamic Library Compromise in JavaScript RWX Permission Model for Node.Js Packages