As it normally happens in computer science, when some kind of process is too error-prone



Download 0,71 Mb.
Pdf ko'rish
bet14/17
Sana17.07.2022
Hajmi0,71 Mb.
#811187
1   ...   9   10   11   12   13   14   15   16   17
Bog'liq
1-s2.0-S2352220816301055-main

8. Perspective and recommendations
Machine Translated by Google


M. Bugliesi et al. / Journal of Logical and Algebraic Methods in Programming 87 (2017) 110–126
123
ÿ
The web platform includes different interacting components, such as browsers and servers, each of which can be fur ther split
into smaller sub-components. For instance, browsers include a JavaScript engine, an HTML parser and a cookie jar; servers, instead,
include databases and web pages developed using different programming languages. Unfortunately, end-to-end security guarantees
for the web platform often require all the sub-components to behave correctly and each sub-component is already a very complex
system to verify on its own. Also, end-to-end security requires the presence of secure communication channels between secure
communicating components.
1. comprehensiveness: understanding what is relevant for security and what is not extremely hard for the Web, given its size and
complexity. In particular, while models are useful for attack finding even when incomplete, security proofs of defensive
mechanisms need a good understanding and a faithful representation of the entire web platform to be trusted. Formal models
should thus provide very accurate descriptions of the web technologies they target: apparently irrelevant aspects should be
abstracted by the adoption of suitable formal techniques, eg, abstract interpretation, rather than just dropped altogether from
the model;
In this survey, we mentioned many formal models of existing web technologies, including operational semantics for JavaScript
(Section
4.2),
browser models (Section
5.2)
and models of the web platform (Section 7). Based on existing work, we identify two
main desiderata for future proposals:
There is often a tension between what security researchers propose and what security practitioners desire. For instance, a fully
abstract compiler from the ML-like language F to JavaScript (Section
4.1.1)
is definitely an interesting idea and an impressive
research effort. However, follow-up work by the same research group
recognized that “this is an attractive design, but the sad truth is that millions of JavaScript programmers are unlikely to switch to
ML” [83]. The follow-up paper thus proposes the TS language (Section
4.1.3),
featuring a programming paradigm much nearer to
the customs of JavaScript
2. mechanisation and tool support: pen-and-papers models are certainly useful as a starting point for the formal analysis of web
security mechanisms, but they should eventually be replaced by mechanized models expressed in some program ming
language, for at least two reasons . First, web standards are dynamic and subject to frequent changes, and it is important to
keep formal models in sync with them; structuring these models in a programming language simplifies maintainability. Second,
given the size of accurate web models, tool support is crucial to give trust in the correctness of formal proofs and helpful to
automatically find attacks.
users.
It is unrealistic to believe that only one formal model can fully accommodate all the complexity of the web platform and its
interactions, while being tractable for formal proofs. Indeed, security researchers have split their efforts along the many research
lines discussed in this work to get an in-depth understanding of individual web components and tackle their problems in isolation.
Combining these efforts is a major challenge and requires modular reasoning techniques. Modular reasoning is common in language-
based security, most notably security type systems, and it allows one to prove the security of a system by building security proofs of
its sub-components. Bringing modular reasoning to the Web is an important research direction.
At the time of writing, it seems these two requirements are particularly followed by researchers working on JavaScript semantics.
Browser models and models of the web platform, instead, typically sacrifice at least one of these two points.
In general, we observe that even proposals which embrace a “security by construction” approach should be very careful in their
design. It is true that these proposals are ultimately targeted at the development of new web applications and technologies, without
being necessarily easy to retrofit on the existing Web. However, as a matter of fact, one can change a programming pattern, but not
the technological background and the mindset of millions of web developers. To enable a large scale adoption, novel abstractions
for secure web programming should speak the same language of web developers (and browser vendors, if any change to current
web browsers was needed for their deployment).

Download 0,71 Mb.

Do'stlaringiz bilan baham:
1   ...   9   10   11   12   13   14   15   16   17




Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©hozir.org 2024
ma'muriyatiga murojaat qiling

kiriting | ro'yxatdan o'tish
    Bosh sahifa
юртда тантана
Боғда битган
Бугун юртда
Эшитганлар жилманглар
Эшитмадим деманглар
битган бодомлар
Yangiariq tumani
qitish marakazi
Raqamli texnologiyalar
ilishida muhokamadan
tasdiqqa tavsiya
tavsiya etilgan
iqtisodiyot kafedrasi
steiermarkischen landesregierung
asarlaringizni yuboring
o'zingizning asarlaringizni
Iltimos faqat
faqat o'zingizning
steierm rkischen
landesregierung fachabteilung
rkischen landesregierung
hamshira loyihasi
loyihasi mavsum
faolyatining oqibatlari
asosiy adabiyotlar
fakulteti ahborot
ahborot havfsizligi
havfsizligi kafedrasi
fanidan bo’yicha
fakulteti iqtisodiyot
boshqaruv fakulteti
chiqarishda boshqaruv
ishlab chiqarishda
iqtisodiyot fakultet
multiservis tarmoqlari
fanidan asosiy
Uzbek fanidan
mavzulari potok
asosidagi multiservis
'aliyyil a'ziym
billahil 'aliyyil
illaa billahil
quvvata illaa
falah' deganida
Kompyuter savodxonligi
bo’yicha mustaqil
'alal falah'
Hayya 'alal
'alas soloh
Hayya 'alas
mavsum boyicha


yuklab olish