Building a Safer Web

Web content has shifted from simple documents to active programs, but web browsers and protocols have not evolved adequately to support them. As a result, safety problems in web browsers and web sites now regularly make headlines, from browser exploits to ISPs that modify web pages. In this talk, I will discuss my research in improving the safety and reliability of web browsers and web content.

I will focus on two recent projects: multi-process browser architectures and web tripwires. First, I will show how current web browser architectures allow disruptive interference between web-based applications. I have identified backwards compatible abstractions that can be used in the browser’s architecture to isolate such programs in a robust way, and I have helped incorporate these abstractions into the Google Chrome browser. I will present an evaluation of how this architecture improves the browser’s robustness against interference.

Second, I will present a web tripwire mechanism for detecting in-flight changes to web content. We have used web tripwires to show that many clients receive pages that have been altered before reaching the browser, with consequences ranging from injected advertisements to new security vulnerabilities. Many sites are unwilling to bear the costs of switching to SSL for integrity, so I will show how web publishers can use web tripwires to detect such changes to their own content.

I will conclude with an overview of my other research, including the BrowserShield interposition system, as well as future directions for improving the safety of programs on the web.