• Nem Talált Eredményt

The Security History of the WebKit Browser Engine

N/A
N/A
Info
Letöltés
Protected

Academic year: 2022

Ossza meg "The Security History of the WebKit Browser Engine"

Copied!
16
0
0

Betöltés.... (Teljes szöveg megtekintése most)

Letöltés most ( 16 Pldal )

Teljes szövegt

(1)

UNIVERSITAS SCIENTIARUM SZEGEDIENSIS

UNIVERSITY OF SZEGED

D epartment of Software Engineering

The Security History of the WebKit Browser Engine

Renáta Hodován

(2)

UNIVERSITY OF SZEGED

D

epartment of Software EngineeringAS SCIENTIARUM SZEGEDIENSIS

Outline

 Motivation

 Background

 Analyzing the statistics

 Future work

(3)

Jun 29, 2012 4 UNIVERSITY OF SZEGED

D

epartment of Software EngineeringUNIVERSITAS SCIENTIARUM SZEGEDIENSIS

The Security History of the WebKit Browser Engine

WebKit

 Web browser engine

 Powers several desktop browsers...

■ Apple Safari

■ Google Chrome

■ Etc.

 … and mobiles

■ iPhone

■ Android

■ MeeGo

(4)

UNIVERSITY OF SZEGED

D

epartment of Software EngineeringAS SCIENTIARUM SZEGEDIENSIS

WebKit

 Open Source Project

 Bugs and requests are logged in a public Bugzilla

 Three types of bugs:

■ WebKit

■ Inspector

■ Security

(5)

Jun 29, 2012 6 UNIVERSITY OF SZEGED

D

epartment of Software EngineeringUNIVERSITAS SCIENTIARUM SZEGEDIENSIS

The Security History of the WebKit Browser Engine

Security Bugs

 Officially: not publicly accessible

 In practice: the fixed bugs are deducible

■ Not violating any rules

■ Publishing the method would be still unethical

■ Presenting the statistical summary is

permitted

(6)

UNIVERSITY OF SZEGED

D

epartment of Software EngineeringAS SCIENTIARUM SZEGEDIENSIS

All Committed Revisions

(7)

Jun 29, 2012 8 UNIVERSITY OF SZEGED

D

epartment of Software EngineeringUNIVERSITAS SCIENTIARUM SZEGEDIENSIS

The Security History of the WebKit Browser Engine

Committed Security Bug Fixes

(8)

UNIVERSITY OF SZEGED

D

epartment of Software EngineeringAS SCIENTIARUM SZEGEDIENSIS

Code Size Over Time

(9)

Jun 29, 2012 10 UNIVERSITY OF SZEGED

D

epartment of Software EngineeringUNIVERSITAS SCIENTIARUM SZEGEDIENSIS

The Security History of the WebKit Browser Engine

Changed Lines In Security

Revisions

(10)

UNIVERSITY OF SZEGED

D

epartment of Software EngineeringAS SCIENTIARUM SZEGEDIENSIS

CVE

 Common Vulnerabilities and Exposures

 Provides a reference-method for publicly known information-security vulnerabilities.

 Maintained by MITRE Corporation

 Easy to filter for target

 Contains entries about WebKit from 2007

(11)

Jun 29, 2012 12 UNIVERSITY OF SZEGED

D

epartment of Software EngineeringUNIVERSITAS SCIENTIARUM SZEGEDIENSIS

The Security History of the WebKit Browser Engine

WebKit CVEs

(12)

UNIVERSITY OF SZEGED

D

epartment of Software EngineeringAS SCIENTIARUM SZEGEDIENSIS

Aging of a Software

(13)

Jun 29, 2012 14 UNIVERSITY OF SZEGED

D

epartment of Software EngineeringUNIVERSITAS SCIENTIARUM SZEGEDIENSIS

The Security History of the WebKit Browser Engine

Summary

 Given a relatively big database of security bugs (~1000 entry)

 Relation between:

■ Speed of development

■ The size or the complexity of the code

■ The needed security fixes

 The determined trends are alarming

(14)

UNIVERSITY OF SZEGED

D

epartment of Software EngineeringAS SCIENTIARUM SZEGEDIENSIS

Future work

 Further analysis of the database

■ Looking for “Bad Smells”

 Defining “attack surface” for web browsers

 Applying these metrics for different browsers or revisions

 Sandboxing

■ SUID

(15)

Jun 29, 2012 16 UNIVERSITY OF SZEGED

D

epartment of Software EngineeringUNIVERSITAS SCIENTIARUM SZEGEDIENSIS

The Security History of the WebKit Browser Engine

Thank you for your attention!

(16)

UNIVERSITY OF SZEGED

D

epartment of Software EngineeringAS SCIENTIARUM SZEGEDIENSIS

Acknowledgement

The publication/presentation is supported by the European Union and co-funded by the European Social Fund.

Project title: “Broadening the knowledge base and

supporting the long term professional sustainability of the

Research University Centre of Excellence at the University

of Szeged by ensuring the rising generation of excellent

Hivatkozások

Letöltés most ( PDF - 16 Pldal - 386.83 KB )

KAPCSOLÓDÓ DOKUMENTUMOK

Dr. Bilicki Vilmos Szoftverfejlesztés Tanszék Angulartesztelés

UNIVERSITY OF SZEGED Department of Software Engineering VERSITAS SCIENTIARUM SZEGEDIENSIS..

6. Data Persistence

UNIVERSITY OF SZEGED Department of Software Engineering UNIVERSITAS SCIENTIARUM SZEGEDIENSIS6.

Mobil alkalmazásfejlesztés -UI alapok -2

UNIVERSITY OF SZEGED Department of Software Engineering UNIVERSITAS SCIENTIARUM SZEGEDIENSIS.. Mobil alkalmazásfejlesztés - UI alapok

Mobil alkalmazásfejlesztés -Menük, Navigáció

UNIVERSITY OF SZEGED Department of Software Engineering IVERSITAS SCIENTIARUM SZEGEDIENSIS.. Mobil alkalmazásfejlesztés -

Mobil alkalmazásfejlesztés -Üzenetszórás, Szolgáltatások

UNIVERSITY OF SZEGED Department of Software Engineering UNIVERSITAS SCIENTIARUM SZEGEDIENSIS.. Mobil alkalmazásfejlesztés -

Mobil alkalmazásfejlesztés -Hatékonyadatátvitel, feladatkezelés

UNIVERSITY OF SZEGED Department of Software Engineering SITAS SCIENTIARUM SZEGEDIENSIS setMinimumLatency(long minLatencyMillis). ● A befejezés előtt megvárt minimális

Mobil alkalmazásfejlesztés -Architektúra

UNIVERSITY OF SZEGED Department of Software Engineering SITAS SCIENTIARUM SZEGEDIENSIS.. Mobil alkalmazásfejlesztés

Okosóra, Okostelefon és OkosTV -Apple Swift alapú alkalmazás fejlesztés

UNIVERSITY OF SZEGED Department of Software Engineering UNIVERSITAS SCIENTIARUM SZEGEDIENSIS.. Apple Swift alapú