ITI Researchers Create Secure Web Browser
When University of Illinois alumnus and Microsoft researcher Shuo Chen returned to campus to discuss his work to find web browser bugs that were very hard to research, CS professor and ITI researcher Sam King and his research team--PhD students Shuo Tang and Chris Grier--found inspiration.
"The question that stuck out was: why were these bugs there to begin with," said King. "When we started thinking, we realized that current web browsers are fundamentally flawed."
Web browsers, originally developed to present a static view of data, are now used as a platform to host web-based applications such as email. Because of their original design, current browsers place all web content into the same protection domain. With the shift towards use focused on web-based applications, new policies and mechanisms needed to be designed in from the beginning, said King.
"Current browsers don't have a mechanism for enforcing security policies, nor do they have knowledge of what appropriate policies might be," said King. "If you look at the state-of-the-art, the only thing that we were left to do was to build a new browser from the ground up."
In a recent interview with eWeek magazine , King explained that "the biggest problem with existing browsers, whether it's IE or Firefox, is that a browser exploit gives the attack access to everything on the system. It's even more troublesome on browsers where plug-ins are being used. A single exploit from a single Web page sacrifices the security of the entire system. That's unacceptable."
Enter OP, or Opus Palladianum, a web browser developed by King, Ph.D. student Shuo Tang, and Ph.D. student Chris Grier. The name is a tribute to the Mosaic browser, which was developed at the University of Illinois and later enhanced by alumnus Marc Andreessen to become the Netscape browser. The term "opus palladianum" refers to a specific technique for creating mosaics by breaking tiles into pieces and putting them back together.
"And that essentially what we are doing with our work--partitioning the browser into smaller subsystems," said King. "This allows us to provide security in a way that other browsers cannot."
OP aims to provide an unprecedented level of browser security by a focus on three goals: to prevent browser-based attacks, to contain browser attacks that may occur, and to provide robust audit logs to enable quick recovery from attacks.
The team developed a small browser kernel for OP that manages subsystems and mediates communication between them. The system implements mandatory access controls to enforce security policy.
OP was developed using formal methods to provide robust assurances that the browser cannot be hijacked by malware or other mechanisms. In addition, in the event that a successful attack takes place, the browser uses novel algorithms to enable efficient recovery and analysis.
The OP browser currently runs on Linux with KHTML as the layout engine. King's team plans to create a cross-platform Webkit version and release it to the open-source community.
To learn more about OP, visit: www.cs.uiuc.edu/homes/kingst/Research_files/grier08.pdf.
Writers: Jennifer LaMontagne with contributions from Jenny Applequist.
Contact: Jenny Applequist, Senior Program Manager, Information Trust Institute, applequi AT iti.uiuc.edu, 217-244-8920.
July 16, 2008