LavaMoat
at Secure the Web Forward
@naugtur, 2023
## Problem statement ---  <br><sub><sup>In the beginning, there was software we typed into our computers</sup></sub> ---  <br><sub><sup>Oh no, There's someone in my network and I don't trust them!</sup></sub> --- #### We invented ## firewalls ---  <br><sub><sup>Oh no, There's someone in my browser and I don't trust them!</sup></sub> --- #### We invented ## Same Origin Policy ---  <br><sub><sup>Oh no, There's someone in my codebase and I don't trust them!</sup></sub> --- #### We invented ## hoping for the best --- #### What we need is # 📦🤝📦 ## Fearless Cooperation --- ## Progress - Subresource Integrity - Content Security Policy - Trusted Types - Hardened Javascript --- ## Hardened Javascript - Compartment proposal(s) in TC39 - SES Shim - LavaMoat ---  --- ### JS design is good for security? - Take ECMA + W3C - Add Conway's Law - Separation between language and APIs - Power only reachable through scope - Compartment controls scope ---  <br><sub><sup>You decide which powers to pass in</sup></sub> ---  <br><sub><sup>So are we done?</sup></sub> --- ### Problem statement ++ - Any access to DOM leaks globalThis - Compartment depends on evaluators or bundling - `strict-dynamic` but for `eval`? - same origin realms (tomorrow) --- ### Call to action How can we support the users of Hardened Javascript in the browser?