[Ur] Ur's Browser Based Crypto Benefits?
Burton Samograd
burton at samograd.ca
Tue Dec 3 12:04:05 EST 2013
Hi,
Would Ur with it's native JS security features (protection from xss code injection, etc) help or eliminate any of the problems outlined in the following papers?
http://rdist.root.org/2010/11/29/final-post-on-javascript-crypto/
http://blog.cryptographyengineering.com/2012/12/the-anatomy-of-bad-idea.html
>From the Ur FAQ:
Which classes of security vulnerabilities are ruled out automatically?
All of the following are only true up to the lack of bugs in the compiler, but, with a correct compiler, you shouldn't need to worry about accidentally writing an application that's susceptible to any of them.
Buffer overflows should be impossible, as in all type-safe languages.
Vulnerabilities arising from automatic run-time interpretation of strings as code should be impossible. You won't get any interpretation of strings unless you write an interpreter yourself! All of the following have special static types that guarantee well-formedness: HTML, SQL, URLs, MIME types, CSS class names. A whitelist of allowable patterns may be specified in a central place for URLs and MIME types, making it impossible for applications to contain links via dangerous protocols or return file data with dangerous MIME types (like any kind of code that the browser might run). This simple no-interpretation principle rules out the first 3 of OWASP's Top 10 2007 vulnerabilities: cross site scripting, injection flaws, and malicious file execution.
Most kinds of cross site request forgery are impossible. Ur/Web detects which pages could both read cookies and cause side effects. Any request for such a page automatically contains a cryptographic signature of all cookies that might be read. Ur/Web currently doesn't support any kind of persistent client state besides cookies, so some fairly serious client-side acrobatics would be needed to circumvent the signature scheme.
--
Burton Samograd
More information about the Ur
mailing list