Research Statement and Overview
Users rely on web applications for banking, social networking,
accessing sensitive information and a variety of day-to-day
activities. The security of web applications and the underlying
execution machinery is of critical importantance. The WebBlaze project
investigates security problems and countermeasures in a broad range of
components: the web browser, browser extensions and plugins, web
applications, web development frameworks and design of web-based
communication protcols.
Securing The Web Application Platform
-
Isolation Of Web Origins
Web browsers aim to isolate content from different web origins. How well do browser implementations achieve this? This project investigates one class of browser implementation flaws which results in improper isolation of scripts executing in different web origins. [Project Page] -
Privilege Separation
How can we minimize the damage from web vulnerabilities? Privilege separation is a security measure to prevent attackers from performing powerful attacks. The WebBlaze project investigates various questions to enable effective privilege separation on the web.- Do web browsers provide the right primitives for effective privilege separation in web applications? [Project Page]
- What damage can an unprivileged web application do with sensitive data, and how can we limit it? [Project Page]
- Browser extensions are remarkably popular. What kind of vulnerabilities do they have and how can we minimize damage from them using privilege separation? [Project Page]
- Many web attacks, such as SQL injection, aim to exfiltrate sensitive data stored in web application databases. Can we enable stronger privilege separation in database-backed web applications? [Project Page]
-
Secure Content Interpretation
Web sites include content of many different kinds and from sources of differing levels of trust. How does the interpretation of different kinds of web content differ? Is the interpretation consistent across web browsers and between the browser and server? Can it open holes in the enforcement of security policies?- How does the browser determine the Content-Type of a peice of data? Does it vary and how can this open security flaws? [Project Page]
- If the web application could customize how the web browser parses parts of its content, how would that benefit security? [Project Page]
- New proposals for enforcing browser-based security policies, such as the Content Security Policy, have been implemented in web browsers. How easy is to retrofit existing applications with this mechanism and to what extent does it enable security? [Project Page]
Web Application Vulnerabilities: Analysis and Defense
-
Identifying and Automatically Finding Web Vulnerabilities
Rich web applications are susceptible to several security vulnerabilities. We develop several techniques to automatically detect and prevent prominent classes of security flaws in emerging web applications.
- Taint-enhanced Blackbox fuzzing is our new technique that combines blackbox fuzzing and taint analysis. It is light-weight and has no false positives. We develop Flax, a prototype tool using this technique to automatically find client-side validation vulnerabilities (or CSV) in JavaScript applications. [Project Page]
- Kudzu is a system to automatically find client-side script injection attacks in JavaScript applications using dynamic symbolic execution. To handle JavaScript code's complex use of string operations, it incorporates a new language of string constraints and implement a decision procedure for it. [Project Page]
- Several new browser primitives have been proposed to meet the demands of application interactivity while enabling security. Do applications consistently use these primitives safely in practice? [Project Page]
-
Building Defenses
Cross-site scripting attacks is a prominent category of web vulnerabilities. How can we prevent these vulnerabilities in practice?- Web templating frameworks offer an ideal opportunity to ensure safety against scripting attacks by secure construction. Can we develop techniques that can be used in today's web templating frameworks that can eliminate cross-site scripting flaws in web applications to begin with? [Project Page]
- Security-critical functions, such as those used to validate or sanitize untrusted inputs, in web applications are often buggy. Can we formally check the correctness of these functions before they are deployed in real applications? [Project Page]
- How do large-scale applications defend against cross-site scripting attacks? Why are the present practices challenging to get right? [Project Page]
- What support do existing web frameworks offer towards preventing cross-site scripting flaws? [Project Page]
-
Malicious Advertisements
Publishers wish to sandbox third-party advertisements to protect themselves from malicious advertisements. Many solutions blacklist known-dangerous properties in JavaScript code that would let advertisements escape the sandbox. How secure are these and can web build safer language-based sandboxes? [Project Page] -
Formal Models of Web Protocols and Web Attackers
Do different web protocols interact securely? Why are web attackers different from network attackers and can we formally model the security of web protocols and attackers? [Project Page]
Members
Faculty
Postdocs
Students
Impact
WebBlaze research proposals has influenced several real-world systems.- Privilege Separated design deployed as the Google Chrome Extension Platform
- Techniques for privilege separation in HTML5 applications has influenced the design of Chrome Store Applications
- Proposed Content Sniffing Algorithms for Internet Explorer 8, Google Chrome and HTML 5 working group
- Context-Sensitive Auto-sanitization implementd in the Google Closure Framework to prevent cross-site scripting attacks
- Flaws found in AJAX Applications, usage of client-primitives, ad sandboxing libraries,
web templating
frameworks, large-scale legacy web
applications, and reported CVEs:
- CVE-2008-4818
- CVE-2009-1688
- CVE-2009-1689
- CVE-2009-1702
- CVE-2009-1715