Web Browser Research
PhD Dissertation
Web Browsers as Operating Systems: Supporting Robust and Secure Web Programs
Modern web browsers have evolved from simple document renderers
to complex runtime environments for many types of web content.
This makes them analogous to operating systems in many ways.
My current research takes advantage
of this analogy, using ideas from operating systems to improve
the security and robustness of web browsers.
I am studying how to address several current threats on the web,
including browser vulnerabilities, cross-site scripting,
cross-site request forgeries, and resource contention between
web sites. I have proposed a set of architectural principles
to better support running web programs within the browser:
- Web programs and program instances must have
clear boundaries on the network and within the web browser.
- It must be easy to specify which code is
authorized to run in a web program, and to impose limitations
on this code.
- Instances of programs must be isolated in the
browser, to prevent interference between them.
- The behavior of program instances must be governed
by uniform browser-level policies, independent of content
types and browser extensions.
Publications Overview
- Site Isolation: Process Separation for Web Sites within the Browser
USENIX Security, 2019. This paper describes the challenges we overcame to launch Site Isolation in Chrome, to help defend web sites against Spectre attacks and compromised renderer processes. This work included performance and compatibility challenges to make it practical, as well as over 400,000 lines of code to update Chrome's architecture and feature set.
- App Isolation: Get the Security of Multiple Browsers with Just One
CCS, 2011. This paper crystallizes the security benefits of using separate browsers for different sites, and it shows how to achieve those benefits on an opt-in basis in a single web browser.
Browser Security: Lessons from Google Chrome
ACM Queue, 2009.
This article describes how the Google Chrome team addressed security
for web browsers in several ways, including limiting the severity of
vulnerabilities, the window of vulnerability, and the frequency with
which users are exposed to dangerous content.
- Isolating Web Programs in Modern Browser Architectures
Eurosys, 2009.
This paper introduces abstractions that allow web browsers to
identify and isolate "web programs" from each other, without
breaking existing content. The browser can then put each web
program instance in its own OS process to prevent interference
between them. We have helped add support for our abstractions
to Google Chrome, and we evaluate how its multi-process
architecture improves robustness and performance.
- Detecting In-Flight Page Changes with Web Tripwires
NSDI, 2008.
This measurement study shows that many users receive web pages that
have been altered between the server and the browser, often with
unwanted or dangerous consequences. The paper also shows how these
changes can be detected with simple JavaScript code. We have a
summary report
available online, which also contains links to our web tripwire
toolkit and service. Our work is referenced on the recently announced
Measurement Lab.
- Architectural Principles for Safe Web Programs
HotNets, 2007.
This paper shows how current web security threats are symptoms of
four fundamental problems in the ways web programs are defined and
web browsers are built. It proposes architectural
principles for addressing these problems.
- BrowserShield: Vulnerability-Driven Filtering of Dynamic HTML
ACM Transactions on the Web, 2007.
This journal paper extends our OSDI paper on BrowserShield,
providing more detail on the framework's policies and applications.
- BrowserShield: Vulnerability-Driven Filtering of Dynamic HTML
OSDI, 2006.
This paper describes how JavaScript rewriting can be used to
enforce policies on the behavior of web pages, such as preventing
exploits of known browser vulnerabilities. BrowserShield has since
influenced the development of Web Sandbox
at Microsoft Live Labs.
Reports Overview
- The Security Architecture of the Chromium Browser
September, 2008.
This tech report describes how the Chromium web browser (from
which Google Chrome is built) uses a sandbox to try to limit the
damage that can be done if a vulnerability in Chromium's rendering
engine is exploited. Joint work with Adam Barth and Collin Jackson.
- Using Processes to Improve the Reliability of Browser-based Applications
December, 2007.
This tech report shows how an increase in the use of client-side
JavaScript code is leading to reliability problems in web browsers,
and it evaluates the use of OS processes to isolate web sites
from each other within the browser.
- Improving the Security and Robustness of Modern Web Browsers
General Exam Report, 2007.
This report is an informal thesis proposal. It describes how
the current threats to web browser security can be addressed
by improving the isolation between unrelated web pages and
interposing on web page behavior.
|
|