GGrantIndex
← Search

SaTC: CORE: Medium: Towards a Usable, Practical, and Provably Secure Browser Infrastructure

$1,228,800FY2017CSENSF

Carnegie Mellon University, Pittsburgh PA

Investigators

Abstract

Web browsers have become the predominant software platform for interacting with services such as shopping, banking, and health care. Many of the same technologies that enable these applications, such as third-party JavaScript and browser extensions, also have the unintended effect of making users' private information vulnerable to theft or misuse. Existing security policies and mechanisms---such as the same origin policy (SOP), the content security policy (CSP), and permission systems for extensions---are too coarse grained and not sufficient to protect users' data. Prior work has proposed information flow control (IFC) as a solution. However, existing IFC solutions are not yet practical: they suffer from poor usability and struggle to interoperate with other enforcement mechanisms that protect parts of web applications or browser state. The goal of this project is to construct a practical, usable, and secure browser infrastructure. The project will develop a modular model for a provably secure browser infrastructure using compositional principles. This model will be instantiated with concrete enforcement mechanisms to develop a browser that meets the functionality standards of current browser platforms. An important part of the project is to understand users' perceptions and expectations with respect to security goals; to extract practical IFC policies based on user data; and to build mechanisms that help users safely navigate the web. Finally, the project will develop testing and validation benchmarks and use these benchmarks to compare the effectiveness and the cost of different enforcement mechanisms. The results of this project will lay the foundation for building practical web browsers that have information flow security built in. This project targets technology that people use every day and has the potential to help not only web application developers but all web users.

View original record on NSF Award Search →
SaTC: CORE: Medium: Towards a Usable, Practical, and Provably Secure Browser Infrastructure · GrantIndex