Secure Web Browsing
Participants: Sam King, Shuo Tang, Hui Xue, and Anh Nguyen
Goals - Extended Description
Current web browsers are plagued with vulnerabilities, providing hackers with easy access to computer systems via browser-based attacks. Browser security efforts that retrofit existing browsers have had limited success because the design of modern browsers is fundamentally flawed. To enable more secure web browsing, we designed and implemented a new browser, called the OP web browser, that attempts to improve the state-of-the-art in browser security. Our overall design approach is to combine operating system design principles with formal methods to design a more secure web browser by drawing on the expertise of both communities.
Using our current version of OP and the Capo replay system as a starting point, we would like to explore two new avenues for research. First, we plan to develop adaptive security policies in our browser to fend off server side bugs, such as cross-site scripting. The key insight is that we can use our browsing history to learn a structure for the pages we visit, and maintain this structure, thus thwarting a large percentage of attacks. To test policy compatibility, we plan to use a browser-level replay system to recreate past browser states and test new security policies to ensure compatibility.
In our second project, we plan to apply state replication principles to browser construction. Specifically, we plan to embed three different browser rendering engines into the same application. One will serve as the primary and using a form of browser-level replay will send state updates to the replicas. The idea is that if there is an exploit in one rendering engine, we will be able to develop a voting protocol to detect this.
Recently we began to use our basic architecture as a way to improve performance of web browsers. We found that our changes for security improve the overall performance of our browser by extracting parallelism out of the browser that did not exist previously.
|Graphics||Computational Imaging and Video||Natural Language Processing||Secure Web Browsing||Tele-Immersion||Video Vision Library|