Insecure context switching: inoculating regular expressions for survivability
WOOT'08 Proceedings of the 2nd conference on USENIX Workshop on offensive technologies
Cybercrime 2.0: when the cloud turns dark
Communications of the ACM - A Direct Path to Dependable Software
Cybercrime 2.0: When the Cloud Turns Dark
Queue - Web Security
Isolating web programs in modern browser architectures
Proceedings of the 4th ACM European conference on Computer systems
Browser security: lessons from Google Chrome
Communications of the ACM - A Blind Person's Interaction with Technology
Browser Security: Lessons from Google Chrome
Queue - Distributed Computing
Communications of the ACM - Finding the Fun in Computer Science Education
Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles
Hardware-enforced fine-grained isolation of untrusted code
Proceedings of the first ACM workshop on Secure execution of untrusted code
TruWallet: trustworthy and migratable wallet-based web authentication
Proceedings of the 2009 ACM workshop on Scalable trusted computing
Preventing drive-by download via inter-module communication monitoring
ASIACCS '10 Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security
Residue objects: a challenge to web browser security
Proceedings of the 5th European conference on Computer systems
Object views: fine-grained sharing in browsers
Proceedings of the 19th international conference on World wide web
Alhambra: a system for creating, enforcing, and testing browser security policies
Proceedings of the 19th international conference on World wide web
An architecture for enforcing end-to-end access control over web applications
Proceedings of the 15th ACM symposium on Access control models and technologies
Automatic detection of unsafe component loadings
Proceedings of the 19th international symposium on Software testing and analysis
Convergence of desktop and web applications on a multi-service OS
HotSec'09 Proceedings of the 4th USENIX conference on Hot topics in security
Cross-origin javascript capability leaks: detection, exploitation, and defense
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
The multi-principal OS construction of the gazelle web browser
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
Towards parallelizing the layout engine of firefox
HotPar'10 Proceedings of the 2nd USENIX conference on Hot topics in parallelism
NoTamper: automatic blackbox detection of parameter tampering opportunities in web applications
Proceedings of the 17th ACM conference on Computer and communications security
Protecting browsers from cross-origin CSS attacks
Proceedings of the 17th ACM conference on Computer and communications security
FIRM: capability-based inline mediation of Flash behaviors
Proceedings of the 26th Annual Computer Security Applications Conference
Trust and protection in the Illinois browser operating system
OSDI'10 Proceedings of the 9th USENIX conference on Operating systems design and implementation
Making Linux protection mechanisms egalitarian with UserFS
USENIX Security'10 Proceedings of the 19th USENIX conference on Security
VEX: vetting browser extensions for security vulnerabilities
USENIX Security'10 Proceedings of the 19th USENIX conference on Security
Towards revealing JavaScript program intents using abstract interpretation
Proceedings of the Sixth Asian Internet Engineering Conference
Designing and Implementing the OP and OP2 Web Browsers
ACM Transactions on the Web (TWEB)
What if you could actually trust your kernel?
HotOS'13 Proceedings of the 13th USENIX conference on Hot topics in operating systems
Compartmental memory management in a modern web browser
Proceedings of the international symposium on Memory management
Maverick: providing web applications with safe and flexible access to local devices
WebApps'11 Proceedings of the 2nd USENIX conference on Web application development
Building secure robot applications
HotSec'11 Proceedings of the 6th USENIX conference on Hot topics in security
Atlantis: robust, extensible execution environments for web applications
SOSP '11 Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles
App isolation: get the security of multiple browsers with just one
Proceedings of the 18th ACM conference on Computer and communications security
Crouching tiger - hidden payload: security risks of scalable vectors graphics
Proceedings of the 18th ACM conference on Computer and communications security
Fortifying web-based applications automatically
Proceedings of the 18th ACM conference on Computer and communications security
The web interface should be radically refactored
Proceedings of the 10th ACM Workshop on Hot Topics in Networks
AdSentry: comprehensive and flexible confinement of JavaScript-based advertisements
Proceedings of the 27th Annual Computer Security Applications Conference
A survey of client-side Web threats and counter-threat measures
Security and Communication Networks
A case for parallelizing web pages
HotPar'12 Proceedings of the 4th USENIX conference on Hot Topics in Parallelism
TreeHouse: JavaScript sandboxes to helpWeb developers help themselves
USENIX ATC'12 Proceedings of the 2012 USENIX conference on Annual Technical Conference
Gibraltar: exposing hardware devices to web pages using AJAX
WebApps'12 Proceedings of the 3rd USENIX conference on Web Application Development
ARC: protecting against HTTP parameter pollution attacks using application request caches
ACNS'12 Proceedings of the 10th international conference on Applied Cryptography and Network Security
Establishing browser security guarantees through formal shim verification
Security'12 Proceedings of the 21st USENIX conference on Security symposium
AdSplit: separating smartphone advertising from applications
Security'12 Proceedings of the 21st USENIX conference on Security symposium
Virtualization based password protection against malware in untrusted operating systems
TRUST'12 Proceedings of the 5th international conference on Trust and Trustworthy Computing
On the fragility and limitations of current browser-provided clickjacking protection schemes
WOOT'12 Proceedings of the 6th USENIX conference on Offensive Technologies
Detecting and analyzing insecure component usage
Proceedings of the ACM SIGSOFT 20th International Symposium on the Foundations of Software Engineering
Transforming commodity security policies to enforce Clark-Wilson integrity
Proceedings of the 28th Annual Computer Security Applications Conference
Embassies: radically refactoring the web
nsdi'13 Proceedings of the 10th USENIX conference on Networked Systems Design and Implementation
Analyzing and defending against web-based malware
ACM Computing Surveys (CSUR)
Content-based isolation: rethinking isolation policy design on client systems
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Securing legacy firefox extensions with SENTINEL
DIMVA'13 Proceedings of the 10th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
How to run POSIX apps in a minimal picoprocess
USENIX ATC'13 Proceedings of the 2013 USENIX conference on Annual Technical Conference
Information flow tracking meets just-in-time compilation
ACM Transactions on Architecture and Code Optimization (TACO)
Hi-index | 0.00 |
Current web browsers are plagued with vulnerabilities, providing hackers with easy access to computer systems via browser-based attacks. Browser security efforts that retrofit existing browsers have had limited success because the design of modern browsers is fundamentally flawed. To enable more secure web browsing, we design and implement a new browser, called the OP web browser, that attempts to improve the state-of-the-art in browser security. Our overall design approach is to combine operating system design principles with formal methods to design a more secure web browser by drawing on the expertise of both communities. Our overall design philosophy is to partition the browser into smaller subsystems and make all communication between subsystems simple and explicit. At the core of our design is a small browser kernel that manages the browser subsystems and interposes on all communications between them to enforce our new browser security features. To show the utility of our browser architecture, we design and implement three novel security features. First, we develop novel and flexible security policies that allows us to include plugins within our security framework. Our policy removes the burden of security from plugin writers, and gives plugins the flexibility to use innovative network architectures to deliver content while still maintaining the confidentiality and integrity of our browser, even if attackers compromise the plugin. Second, we use formal methods to prove that the address bar displayed within our browser user interface always shows the correct address for the current web page. Third, we design and implement a browser-level information-flow tracking system to enable post-mortem analysis of browser-based attacks. If an attacker is able to compromise our browser, we highlight the subset of total activity that is causally related to the attack, thus allowing users and system administrator to determine easily which web site lead to the compromise and to assess the damage of a successful attack. To evaluate our design, we implemented OP and tested both performance and file system impact. To test performance, we measure latency to verify OP's performance penalty from security features will be minimal from a users perspective. Our experiments show that on average the speed of the OP browser is comparable to Firefox and the audit log footprint for the same pages average around 80KB.