fearless cooperation - agoric · 2020. 12. 22. · fearless cooperation giving eval() to your worst...
TRANSCRIPT
![Page 1: Fearless Cooperation - Agoric · 2020. 12. 22. · Fearless Cooperation giving eval() to your worst enemy for fun and profit Brian Warner, Agoric Decentralized Web Summit 2018](https://reader036.vdocuments.net/reader036/viewer/2022081411/60a8ba240313a74b751fb453/html5/thumbnails/1.jpg)
Fearless Cooperationgiving eval() to your worst enemy for fun and profit
Brian Warner, Agoric
Decentralized Web Summit 2018
![Page 2: Fearless Cooperation - Agoric · 2020. 12. 22. · Fearless Cooperation giving eval() to your worst enemy for fun and profit Brian Warner, Agoric Decentralized Web Summit 2018](https://reader036.vdocuments.net/reader036/viewer/2022081411/60a8ba240313a74b751fb453/html5/thumbnails/2.jpg)
What is eval()?
A function that turns strings into behavior
![Page 3: Fearless Cooperation - Agoric · 2020. 12. 22. · Fearless Cooperation giving eval() to your worst enemy for fun and profit Brian Warner, Agoric Decentralized Web Summit 2018](https://reader036.vdocuments.net/reader036/viewer/2022081411/60a8ba240313a74b751fb453/html5/thumbnails/3.jpg)
A Brief History of Web Browser(-like thing)s● 1978: VT100 terminal, ANSI X3.64
● 1990: HTML
● 1995: Javascript
image: Jason Scott, wikipedia
![Page 4: Fearless Cooperation - Agoric · 2020. 12. 22. · Fearless Cooperation giving eval() to your worst enemy for fun and profit Brian Warner, Agoric Decentralized Web Summit 2018](https://reader036.vdocuments.net/reader036/viewer/2022081411/60a8ba240313a74b751fb453/html5/thumbnails/4.jpg)
Interaction vs Vulnerability
Ulysses and the Sirens, 1891, by John William Waterhouse
![Page 5: Fearless Cooperation - Agoric · 2020. 12. 22. · Fearless Cooperation giving eval() to your worst enemy for fun and profit Brian Warner, Agoric Decentralized Web Summit 2018](https://reader036.vdocuments.net/reader036/viewer/2022081411/60a8ba240313a74b751fb453/html5/thumbnails/5.jpg)
User Agent mediates interaction
● Browser is an arena in which programs do battle
● Server sends a program to the client
● Client runs the program with limited access to local resources
● Browser manages the interaction
Pollice Verso, 1872, by Jean-Léon Gérôme,
![Page 6: Fearless Cooperation - Agoric · 2020. 12. 22. · Fearless Cooperation giving eval() to your worst enemy for fun and profit Brian Warner, Agoric Decentralized Web Summit 2018](https://reader036.vdocuments.net/reader036/viewer/2022081411/60a8ba240313a74b751fb453/html5/thumbnails/6.jpg)
Three's a Party● Client/server is only 2 parties● Things become more interesting with 3 or more● We need richer forms of interaction: not just us-vs-them● Safe cooperation between mutually-suspicious programs
StorageServer
ApplicationProvider
Social Feed Publisher
Search Provider
LocalUser Agent
![Page 7: Fearless Cooperation - Agoric · 2020. 12. 22. · Fearless Cooperation giving eval() to your worst enemy for fun and profit Brian Warner, Agoric Decentralized Web Summit 2018](https://reader036.vdocuments.net/reader036/viewer/2022081411/60a8ba240313a74b751fb453/html5/thumbnails/7.jpg)
eval() turns strings into behavior
Great:
Not so great:
![Page 8: Fearless Cooperation - Agoric · 2020. 12. 22. · Fearless Cooperation giving eval() to your worst enemy for fun and profit Brian Warner, Agoric Decentralized Web Summit 2018](https://reader036.vdocuments.net/reader036/viewer/2022081411/60a8ba240313a74b751fb453/html5/thumbnails/8.jpg)
Two-Argument Safe eval()
endowments
Blocked! :
-> ReferenceError
![Page 9: Fearless Cooperation - Agoric · 2020. 12. 22. · Fearless Cooperation giving eval() to your worst enemy for fun and profit Brian Warner, Agoric Decentralized Web Summit 2018](https://reader036.vdocuments.net/reader036/viewer/2022081411/60a8ba240313a74b751fb453/html5/thumbnails/9.jpg)
Shared Mutable Primordials are Vulnerable
Modify what Array does
![Page 10: Fearless Cooperation - Agoric · 2020. 12. 22. · Fearless Cooperation giving eval() to your worst enemy for fun and profit Brian Warner, Agoric Decentralized Web Summit 2018](https://reader036.vdocuments.net/reader036/viewer/2022081411/60a8ba240313a74b751fb453/html5/thumbnails/10.jpg)
SES: Secure ECMAScript● https://github.com/Agoric/SES● Works in web and Node.js● Creates a "Realm" with frozen primordials and safe two-argument eval()● Provides an Object-Capability -safe environment with Minimal overhead● Still in development but go ahead and play with it today● Online demo of confined execution
![Page 11: Fearless Cooperation - Agoric · 2020. 12. 22. · Fearless Cooperation giving eval() to your worst enemy for fun and profit Brian Warner, Agoric Decentralized Web Summit 2018](https://reader036.vdocuments.net/reader036/viewer/2022081411/60a8ba240313a74b751fb453/html5/thumbnails/11.jpg)
Primal RealmPrimal Realm
SESHTTP
LocalStorage
protectivewrapper
evaluatedcode
Attenuator
![Page 12: Fearless Cooperation - Agoric · 2020. 12. 22. · Fearless Cooperation giving eval() to your worst enemy for fun and profit Brian Warner, Agoric Decentralized Web Summit 2018](https://reader036.vdocuments.net/reader036/viewer/2022081411/60a8ba240313a74b751fb453/html5/thumbnails/12.jpg)
SES in action
safe eval() from inside
create SES environment
freeze return values
safe eval() from outside
![Page 13: Fearless Cooperation - Agoric · 2020. 12. 22. · Fearless Cooperation giving eval() to your worst enemy for fun and profit Brian Warner, Agoric Decentralized Web Summit 2018](https://reader036.vdocuments.net/reader036/viewer/2022081411/60a8ba240313a74b751fb453/html5/thumbnails/13.jpg)
https://github.com/Agoric/TinySES
![Page 14: Fearless Cooperation - Agoric · 2020. 12. 22. · Fearless Cooperation giving eval() to your worst enemy for fun and profit Brian Warner, Agoric Decentralized Web Summit 2018](https://reader036.vdocuments.net/reader036/viewer/2022081411/60a8ba240313a74b751fb453/html5/thumbnails/14.jpg)
ConclusionsSES.confine(sirenSong, { enjoyMusic: function(..), //drownYourself: function(..) });
https://github.com/Agoric/SES