Toward Resilient Secure Multiparty Web Apps

Transcript

1. Toward Resilient Secure Multiparty Web Apps by clive boulton GDG

   et al.

2. A shift is underway from Web 2.0 to Web 3.0

   My focus is moving business & industry control systems toward resilient secure multiparty apps, solving computer insecurity with a robust user experience underpinned by blockchain technologies. From a deep engineering background in signals, supply chain, enterprise software application design and product development, research in SaaS/ERP, architect in Hyperledger cloud/web projects. https://cliveboulton.com/

3. Why does this CryptoKitties stuff matter? CryptoCommerce because business is

   moving toward Web3

4. Frozen and Observable ES Membrane helps app safety Salesforce already

   implemented an ES SES shim to secure multiparty declarative mobile apps on Salesforce blockchain Zelle® has partnered with leading banks and credit unions across the U.S. to bring you a fast, safe and easy way to send money to friends and family. Money moves quickly - directly from bank account to bank account.

5. Collaborating with cool folks ...

6. Sesify - Browserify Plugin for Secure EcmaScript Sesify is a

   browserify plugin for generating app bundles where modules are defined in SES containers. It aims to reduce the risk of "supplychain attacks", malicious code in the app dependency graph. It attempts to reduce this risk in three ways: 1. Prevent modifying JavaScript's primordials (Object, String, Number, Array, ...) 2. Limit access to the platform API (window, document, XHR, etc) 3. Prevent overwriting a module's exports 1 and 2 are provided by the SES container. Platform access can be passed in via configuration. https://github.com/MetaMask/sesify

7. Demo SES (was Dr. SES) https://rawgit.com/Agoric/SES/master/demo/ Mark S. Miller is

   an American computer scientist. He is known for his work as one of the participants in the 1979 hypertext project known as Project Xanadu; for inventing Miller columns; as the co-creator of the Agoric Paradigm of market-based distributed secure computing; and the open-source coordinator of the E programming language. He also designed the Caja programming language. Miller earned a BS in computer science from Yale in 1980 and published his Johns Hopkins PhD thesis in 2006. Previously Chief Architect with the Virus-Safe Computing Initiative at HP Labs, he is now a research scientist at Google and a member of the ECMAScript (JavaScript) committee.

8. Object-capabilities (OCap) https://github.com/Agoric/Jessie Secure EcmaScript (SES) is a frozen environment

   for running EcmaScript (Javascript) 'strict' mode programs with no ambient authority in their global scope, and with the addition of a safe two-argument evaluator (SES.confine(code, endowments)). By freezing everything accessible from the global scope, it removes programs abilities to interfere with each other, and thus enables isolated evaluation of arbitrary code.

9. Online Banking On-premises Cloud-based Conventional wisdom: Lift and load, iterate

   toward microservices, lots of complex devops, monitoring, engineering. Blockchain wisdom: Leave alone, extract data (ETL), lever frameworks and consensus. Get business online without boiling the ocean. Exchange

10. Tab 1. Open encrypted email Tab 2. Watch a movie

    triggers a malicious advertisement in Tab 3. When encrypted email is decrypted, Tab 3 learns information about user’s secret key (from cache) Exfiltration of PII by “flaws” 10

11. The es-membrane approach: ProxyMapping objects “Wet” object graph object Membrane

    WeakMap Proxy Mapping “Dry” object graph object proxy revoke shadow other other “Wet” “Dry” (originField)

12. How does an ES Membrane work? • One object graph

    starts with “wet” objects • The “dry” graph has Proxy objects that refer to matching “wet” objects through a WeakMap ◦ “Dry” user-created objects are wrapped as Proxies in the “wet” graph • Proxies create new proxies when necessary to keep “wet” and “dry” separate.

13. Rust / ParityTech / Substrate / WASM / Truffle ...

    https://truffleframework.com/ Trufflecon 19 Redmond, Aug 1,2,3

14. Summary • Shift to online banking already underway Zelle payments

    app by big banks. • Shift to secure web apps in major cloud: Salesforce shipped Lightning to 5 million mobile devs • Shift toward extreme modularity, frameworks moving to shared libraries, brings new security issues, requiring verification and new approach. • Standards driving verification of smart contracts (EcmaScript > JavaScript) i.e. stop exfiltration in browser adoption of WebAssembly • Keep an eye on top people (Miller/Kumavis/Cunningham).

15. Q&A Contact me clive dot boulton @ gmail dot com

    https://cliveboulton.com https://twitter.com/iC Thank you!