Users rely on web applications for banking, social networking,
accessing sensitive information and a variety of day-to-day
activities. The security of web applications and the underlying
execution machinery is of critical importantance. The WebBlaze project
investigates security problems and countermeasures in a broad range of
components: the web browser, browser extensions and plugins, web
applications, web development frameworks and design of web-based
Isolation Of Web OriginsWeb browsers aim to isolate content from different web origins. How well do browser implementations achieve this? This project investigates one class of browser implementation flaws which results in improper isolation of scripts executing in different web origins. [Project Page]
Privilege SeparationHow can we minimize the damage from web vulnerabilities? Privilege separation is a security measure to prevent attackers from performing powerful attacks. The WebBlaze project investigates various questions to enable effective privilege separation on the web.
- Do web browsers provide the right primitives for effective privilege separation in web applications? [Project Page]
- What damage can an unprivileged web application do with sensitive data, and how can we limit it? [Project Page]
- Browser extensions are remarkably popular. What kind of vulnerabilities do they have and how can we minimize damage from them using privilege separation? [Project Page]
- Many web attacks, such as SQL injection, aim to exfiltrate sensitive data stored in web application databases. Can we enable stronger privilege separation in database-backed web applications? [Project Page]
Secure Content InterpretationWeb sites include content of many different kinds and from sources of differing levels of trust. How does the interpretation of different kinds of web content differ? Is the interpretation consistent across web browsers and between the browser and server? Can it open holes in the enforcement of security policies?
- How does the browser determine the Content-Type of a peice of data? Does it vary and how can this open security flaws? [Project Page]
- If the web application could customize how the web browser parses parts of its content, how would that benefit security? [Project Page]
- New proposals for enforcing browser-based security policies, such as the Content Security Policy, have been implemented in web browsers. How easy is to retrofit existing applications with this mechanism and to what extent does it enable security? [Project Page]
Identifying and Automatically Finding Web Vulnerabilities
Rich web applications are susceptible to several security vulnerabilities. We develop several techniques to automatically detect and prevent prominent classes of security flaws in emerging web applications.
- Several new browser primitives have been proposed to meet the demands of application interactivity while enabling security. Do applications consistently use these primitives safely in practice? [Project Page]
Building DefensesCross-site scripting attacks is a prominent category of web vulnerabilities. How can we prevent these vulnerabilities in practice?
- Web templating frameworks offer an ideal opportunity to ensure safety against scripting attacks by secure construction. Can we develop techniques that can be used in today's web templating frameworks that can eliminate cross-site scripting flaws in web applications to begin with? [Project Page]
- Security-critical functions, such as those used to validate or sanitize untrusted inputs, in web applications are often buggy. Can we formally check the correctness of these functions before they are deployed in real applications? [Project Page]
- How do large-scale applications defend against cross-site scripting attacks? Why are the present practices challenging to get right? [Project Page]
- What support do existing web frameworks offer towards preventing cross-site scripting flaws? [Project Page]
Formal Models of Web Protocols and Web AttackersDo different web protocols interact securely? Why are web attackers different from network attackers and can we formally model the security of web protocols and attackers? [Project Page]
- Privilege Separated design deployed as the Google Chrome Extension Platform
- Techniques for privilege separation in HTML5 applications has influenced the design of Chrome Store Applications
- Proposed Content Sniffing Algorithms for Internet Explorer 8, Google Chrome and HTML 5 working group
- Context-Sensitive Auto-sanitization implementd in the Google Closure Framework to prevent cross-site scripting attacks
- Flaws found in AJAX Applications, usage of client-primitives, ad sandboxing libraries,
frameworks, large-scale legacy web
applications, and reported CVEs:
Dawn Song for job openings.