次世代プラットフォームのセキュリティモデル考察

Transcript

1. ࣍ੈ୅ϓϥοτϑΥʔϜͷηΩϡϦςΟϞσϧߟ࡯ʢޙฤʣ גࣜձࣾϦΫϧʔτςΫϊϩδʔζ αΠόʔηΩϡϦςΟΤϯδχΞϦϯά෦ ੢ଜ फߊ

2. ੢ଜ फߊʢʹ͠ΉͶ͋ʣ גࣜձࣾϦΫϧʔτςΫϊϩδʔζ αΠόʔηΩϡϦςΟΤϯδχΞϦϯά෦ ࠃ಺ܞଳి࿩ϝʔΧʔͰͷίϯαϧςΟϯάͳͲΛ ܦͯɺ೥݄ΑΓݱ৬ɻϦΫϧʔτͷ*%؅ཧج ൫ͷηΩϡϦςΟอक΍ϦΫϧʔτάϧʔϓશମͷ ੬ऑੑमਖ਼ࢧԉʹܞΘΔɻझຯ͸ϒϥ΢βͷ੬ऑੑ ୳͠ɻஶॻʹϒϥ΢βϋοΫʢ؂༁ʣɻߨԋྺʹ 8PP:VO

   8IJUF)BU'FTU  ɺ $0%& #-6& ɺ "750,:0 ͳͲ

3. લ൒ͷߨٛ͸ɺ͸͕ͤΘΑ͏͚͢͞ΜͷࢿྉΛࢀর http://www.slideshare.net/hasegawayosuke/ss-64924759

4. 8FCͱ/BUJWFΞϓϦΛͭͳ͙ٕज़

5. ϞόΠϧ8FC
   /BUJWFΞϓϦ ˓ )5.-Ͱϫϯιʔε։ൃ ☓ 04͝ͱʹҟͳΔϓϩάϥϜݴޠͰ։ൃ ˓ 63-Λ։͚ͩ͘Ͱ࣮ߦ ☓ ࣮ߦʹ͸Πϯετʔϧ͕ඞཁ

   ☓ ར༻Ͱ͖Δ୺຤ͷػೳʹ੍ݶ ྫʣ௨࿩
   ϑΝΠϧૢ࡞ͳͲېࢭ ˓ ༷ʑͳ୺຤ͷػೳΛ࢖͑Δ ྫʣ֤छηϯαʔ
   /'$ͳͲར༻Մೳ ☓ ར༻Ͱ͖Δ௨৴ϓϩτίϧʹ੍ݶ ྫʣ)551
   8FC35$ͳͲʹݶఆ ˓ ೚ҙͷ௨৴ϓϩτίϧΛ࣮૷Մೳ ྫʣ44)
   *."1ͳͲجຊతʹࣗ༝ ϞόΠϧ8FC PS
   /BUJWFΞϓϦ

6. ϞόΠϧ8FC
   /BUJWFΞϓϦ ˓ )5.-Ͱϫϯιʔε։ൃ ☓ 04͝ͱʹҟͳΔϓϩάϥϜݴޠͰ։ൃ ˓ 63-Λ։͚ͩ͘Ͱ࣮ߦ ☓ ࣮ߦʹ͸Πϯετʔϧ͕ඞཁ

   ☓ ར༻Ͱ͖Δ୺຤ͷػೳʹ੍ݶ ྫʣ௨࿩
   ϑΝΠϧૢ࡞ͳͲېࢭ ˓ ༷ʑͳ୺຤ͷػೳΛ࢖͑Δ ྫʣ֤छηϯαʔ
   /'$ͳͲར༻Մೳ ☓ ར༻Ͱ͖Δ௨৴ϓϩτίϧʹ੍ݶ ྫʣ)551
   8FC35$ͳͲʹݶఆ ˓ ೚ҙͷ௨৴ϓϩτίϧΛ࣮૷Մೳ ྫʣ44)
   *."1ͳͲجຊతʹࣗ༝ ϞόΠϧ8FC PS
   /BUJWFΞϓϦ /BUJWFΞϓϦ͸Ϛϧν1'ల։ͱ ϢʔβʔϦʔνʹ՝୊ ϞόΠϧ8FC͸ػೳෆ଍͕՝୊

7. 8FCͷػೳෆ଍Λิ͏ٕज़ • +BWB4DSJQU +4 ͱ/BUJWFͷϓϩάϥϜΛ૬ޓʹͭͳ͙࢓૊Έͷొ৔ • 8FCʹ଍Γͳ͍ػೳ͸/BUJWFݴޠͰ࣮૷ͯ͠+4͔Βݺͼग़͢ J04ΞϓϦ 8,8FC7JFX /BUJWFͷؔ਺Λݺͼग़͢

   ࣮ߦ݁ՌΛ+4ʹ௨஌͢Δ

8. +4
   à /BUJWF BEE+BWBTDSJQU*OUFSGBDF "OESPJE 8,4DSJQU.FTTBHF)BOEMFS J04 QSPNQU "OESPJE J04 /BUJWF
   à

   +4 FWBMVBUF+BWB4DSJQU "OESPJE
   J04 8,6TFS4DSJQU J04 +4ͱ/BUJWFΛͭͳ͙ํ๏ʢҰྫʣ

9. BEE+BWBTDSJQU*OUFSGBDF "OESPJE webview.addJavascriptInterface(new MyClass(), "myclass"); +BWB • .Z$MBTTΠϯελϯεΛNZDMBTTͱ͍͏໊લͰ+4͔Βૢ࡞Ͱ͖ΔΑ͏ઃఆ myclass.func("Hello from

   JS"); +4 • NZDMBTTΦϒδΣΫτΛհͯ͠+BWBͷ.Z$MBTTΠϯελϯεΛૢ࡞

10. 8,4DSJQU.FTTBHF)BOEMFS J04 • NZ)BOEMFSͱ͍͏໊લͰ+4͔ΒϝοηʔδΛड͚ΒΕΔΑ͏ઃఆ controller.addScriptMessageHandler(self, name: "myHandler") 4XJGU func userContentController(userContentController:WKUserContentController,

    didReceiveScriptMessage message: WKScriptMessage) { // ToDo } 4XJGU • +4͔ΒͷϝοηʔδΛड৴͢ΔͨΊͷϋϯυϥؔ਺Λఆٛ webkit.messageHandlers.myHandler.postMessage("Hello from JS "); +4 • +4͔Β4XJGU΁ϝοηʔδΛૹ৴

11. webview.setWebChromeClient(new WebChromeClient() { public boolean onJsPrompt(WebView view, String url, String

    message, String defaultValue, final JsPromptResult result) { // To Do }}); QSPNQU
    "OESPJE • +4ͷQSPNQUؔ਺ݺͼग़͠ΛϑοΫ͢ΔͨΊͷϋϯυϥΛఆٛ +BWB var result = prompt("Hello from JS"); +4 • +4ͰQSPNQUؔ਺Λݺͼग़͢ͱ্هͷPO+T1SPNQU͕࣮ߦ͞ΕΔ

12. func webView(webView: WKWebView, runJavaScriptTextInputPanelWithPrompt prompt: String, defaultText: String?, initiatedByFrame frame:

    WKFrameInfo, completionHandler: (String?) -> Void) { // ToDo } QSPNQU
    J04 • +4ͷQSPNQUؔ਺ݺͼग़͠ΛϑοΫ͢ΔͨΊͷEFMFHBUFΛఆٛ 4XJGU var result = prompt("Hello from JS"); +4 • +4ͰQSPNQUؔ਺Λݺͼग़͢ͱ্هͷEFMFHBUF͕࣮ߦ͞ΕΔ

13. FWBMVBUF+BWB4DSJQU "OESPJE
    J04 • จࣈྻΛ8FC7JFXʹ஫ೖ͠ɺ+4ͱ࣮ͯ͠ߦ String source = "alert('Hello from

    Java')"; webview.evaluateJavascript(source, null); +BWB let source = "alert('Hello from Swift')" webview.evaluateJavaScript(source, completionHandler: nil) 4XJGU

14. 8,6TFS4DSJQU J04 • ͋Β͔͡Ίొ࿥͓͍ͯͨ͠+4Λ8FCϖʔδͷભҠຖʹࣗಈ࣮ߦ let source = "alert('Hello from Swift')”

    let script = WKUserScript(source: source, injectionTime: .AtDocumentEnd, forMainFrameOnly: true) webview.configuration.userContentController.addUserScript(script) 4XJGU

15. ϒϥ΢βΞϓϦʹ͓͚Δ׆༻ࣄྫʢϖʔδ಺ݕࡧʣ /BUJWF͔Β+4Λ஫ೖͯ͠ จࣈΛϋΠϥΠτදࣔ https://github.com/mozilla/firefox-ios/blob/v4.x/Client/Frontend/Browser/FindInPageHelper.swift#L26

16. ϒϥ΢βΞϓϦʹ͓͚Δ׆༻ࣄྫʢ1BTTXPSE
    .BOBHFSʣ https://github.com/mozilla/firefox-ios/blob/v4.x/Client/Frontend/Browser/LoginsHelper.swift#L222 +4Λ஫ೖͯ͠GPSNʹ ύεϫʔυΛࣗಈೖྗ

17. 8FCͱ/BUJWFΞϓϦͷͭͳ͗ͷ෦෼ʹજΉ੬ऑੑ

18. ૝૾ͯ͠ΈΑ͏ • 1BTTXPSE
    .BOBHFS͕΋͠ޡͬͯҟͳΔαΠτʹύεϫʔυΛೖྗͨ͠Βʁ • ͜ͷΑ͏ͳޡΓ͸Ͳ͏ͯ͠ى͖ΔΜͩΖ͏ʁ ޡͬͯύεϫʔυΛࣗಈೖྗ

19. 8FCͱ/BUJWFͷͭͳ͗Ͱੜ͡Δͭͷ੬ऑੑ 0SJHJO 7BMJEBUJPO
    &SSPS /BUJWFͷػೳΛݺͼग़ͨ͠8FCαΠτͷΦϦδϯͷݕূෆඋɻ ຊདྷڐՄ͠ͳ͍8FCαΠτʹ/BUJWFͷػೳΛѱ༻͞ΕΔڪΕ 'SBNF
    $POGVTJPO JGSBNF಺ͷϖʔδ͔Βͷཁٻͱ਌XJOEPX͔Βͷཁٻͷࠞಉɻ 0SJHJO
    7BMJEBUJPO
    &SSPSͱಉ༷ͷඃ֐͕ੜ͡ΔڪΕ +BWB4DSJQU *OKFDUJPO

    ୈࡾऀ͔Β౉͞ΕͨจࣈྻΛ+4ͱͯ͠8FC7JFXʹ஫ೖɻ ѱҙͷ͋Δ+4Λ࣮ߦͤ͞ΒΕΔڪΕ ˞8FCαΠτ͕$41Ͱอޢ͞Ε͍ͯͯ΋+4͕࣮ߦ͞ΕΔ ˞

20. ԋश໰୊

21. ߈ܸର৅ͷΞϓϦʮ4FDVSF
    #PPLNBSLʯ • ར༻ऀͷϒοΫϚʔΫΛ҆શʹ؅ཧ͢ΔΞϓϦ • "OESPJE
    Ҏ্ͱJ04
    Ҏ্ʹରԠ • ར༻ऀͷϩάΠϯ৘ใ͸1BTTXPSE
    .BOBHFS͕ ҆શʹࣗಈೖྗ

22. ᠘αΠτΛߏங͠ɺύεϫʔυΛ౪Έग़͢ • 4FDVSF
    #PPLNBSLͷίʔυΛಡΜͰ1BTTXPSE
    .BOBHFSͷ੬ऑੑΛݟ͚ͭΔ IUUQTHJUIVCDPNOJTIJNVOFBTFDVSJUZDBNQ • ᠘αΠτ͔Β੬ऑੑΛ߈ܸɻޡͬͯࣗಈೖྗ͞ΕͨύεϫʔυΛ౪Έग़͢ ᠘αΠτΛϒοΫϚʔΫ ੬ऑੑΛ߈ܸͯ͠ ύεϫʔυΛऔಘ ͜ΕΛ౪Έग़͢

23. ໰୊ͷώϯτ 2VFTUJPO
     0SJHJO
    7BMJEBUJPO
    &SSPSͷ੬ऑੑ͕͋Δͧɻ 1BTTXPSE
    .BOBHFS͕8FC7JFXʹຒΊࠐΉ+4ͷίʔυʹண໨ͯ͠ΈΑ͏ 2VFTUJPO  0SJHJO
    7BMJEBUJPO
    &SSPSͷ੬ऑੑ͕͋Δͧɻ 1BTTXPSE
    .BOBHFS͕+4ͷίʔυΛຒΊࠐΉ৚݅ʹண໨ͯ͠ΈΑ͏ 2VFTUJPO
     0SJHJO
    7BMJEBUJPO
    &SSPSͷ੬ऑੑ͕͋Δͧɻ

    1BTTXPSE
    .BOBHFS͕ͲͷΑ͏ʹݺͼग़͞ΕΔ͔ௐ΂ͯΈΑ͏ 2VFTUJPO
     +BWB4DSJQU
    *OKFDUJPOͷ੬ऑੑ͕͋Δͧɻ 1BTTXPSE
    .BOBHFS͕ຒΊࠐΉ+4ͷίʔυʹண໨ͯ͠ΈΑ͏ 2VFTUJPO
     'SBNF
    $POGVTJPOͷ੬ऑੑ͕͋Δͧɻ 1BTTXPSE
    .BOBHFS͕+4ͷίʔυΛຒΊࠐΉ৚݅ʹண໨ͯ͠ΈΑ͏ɻ J04൛͸3BDF $POEJUJPOΛ࢖ͬͯղ͘ํ๏΋͋Δͧ

24. ͜ͷΑ͏ͳ੬ऑੑΛ๷͙ʹ͸

25. 0SJHJO
    7BMJEBUJPO
    &SSPS • Α͋͘Δ࣮૷ޡΓ • 63-ʹʮTFDVSJUZDBNQPSHʯͱ͍͏จࣈྻؚ͕·ΕΔ͜ͱΛݕূ - IUUQFWJMFYBNQMFDPNTFDVSJUZDBNQPSH ͳͲͰᷖճ͞ΕΔ • 63-͕ʮIUUQTFDVSJUZDBNQPSHʯͱ͍͏จࣈྻͰ։࢝͢Δ͜ͱΛݕূ

    - IUUQTFDVSJUZDBNQPSHFWJMFYBNQMFDPN ͳͲͰᷖճ͞ΕΔ • 04ͷ"1*Ͱ63-Λ֤ύʔτʹ෼ղ͠ɺ֤ʑΛ׬શҰகͰൺֱ https://www.ietf.org/rfc/rfc3986.txt IUUQT
    
    BENJO
    !
    FYBNQMFDPN 
    PWFSUIFSF
    OBNFGFSSFU
    OPTF
    TDIFNF VTFSJOGP IPTU QPSU QBUI RVFSZ GSBHNFOU

26. 'SBNF
    $POGVTJPO • 8FC7JFXΦϒδΣΫτͷ63-Ͱ͸ͳ͘ɺϦΫΤετݩͷ63-Λݕূ • ΢Οϯυ΢ʢXJOEPXUPQʣͰ͸ͳ͘ϦΫΤετݩͷϑϨʔϜΛݕূ • ࣮૷ʹ͸ϦΫΤετݩͷ63-ΛݕূՄೳͳ"1*Λ࢖͏ඞཁ͕͋Δ +4
    à /BUJWF BEE+BWBTDSJQU*OUFSGBDF

    • ϦΫΤετݩͷ63-औಘෆՄ 8,4DSJQU.FTTBHF)BOEMFS • VTFS$POUFOU$POUSPMMFSͷҾ਺NFTTBHFͷ GSBNF*OGPTFDVSJUZ0SJHJOΛݕূʢJ04Ҏ߱ʣ QSPNQU • PO+T1SPNQUͷҾ਺VSMΛݕূʢ"OESPJEʣ • SVO+BWB4DSJQU5FYU*OQVU1BOFM8JUI1SPNQUͷ Ҿ਺GSBNFTFDVSJUZ0SJHJOΛݕূʢJ04Ҏ߱ʣ

27. +BWB4DSJQU
    *OKFDUJPO • ྫ͑͹ɺFWBMVBUF+BWB4DSJQUΛආ͚Δ • จࣈྻ࿈݁Ͱ+4Λಈతੜ੒͢ΔՕॴ͸ͦ΋ͦ΋ޡΓΛ࡞ΓࠐΈ΍͍͢ • QSPNQUͷΑ͏ʹ+4ͱ/BUJWFؒͰσʔλΛ௚઀౉ͤΔํ๏ͷ࢖༻Λݕ౼͢Δ • Ͳ͏ͯ͠΋+4Λੜ੒͢ΔͳΒɺจࣈྻͷΤεέʔϓॲཧͰؤுΔ •

    +4ʹৄ͍͠ਓʹͪΌΜͱϨϏϡʔͯ͠΋Β͓͏ • WBS OBNF
    
    
    ͜͜ 
    Λಈతੜ੒͢ΔࡍʹΤεέʔϓ͕ඞཁͱͳΔจࣈ͸ʁ 6 "
    -' 6 $ 6 %
    $3 6 
    -4 6 
     6 
    14

28. ·ͱΊ

29. ·ͱΊ • 8FCͱ/BUJWFΛͭͳ͙ඞཁੑ͸͖ͬͱࠓޙ΋͋Δ • ͭͳ͗ํΛޡΔͱѱ͍αΠτʹ/BUJWFͷػೳΛѱ༻͞ΕΔ • ѱ༻͞Εͳ͍Α͏ʹ࣮૷͢Δͷ͸ΞϓϦ։ൃऀͷ੹຿ • ࣮૷ͷ࢓ํ͸04΍ϑϨʔϜϫʔΫͷఏڙ͢Δ࢓૊ΈʹΑͬͯҟͳΔ

30. ͓ΘΓ