Main Profile

At A Glance

Building a Safer Web: Web Tripwires and a New Browser Architecture

Google Tech TalksMarch, 10 2008ABSTRACTWeb content has shifted from simple documents to active programs, butweb protocols and browsers have not evolved adequately to support them. As a result, safety problems in web sites and web browsers nowregularly make headlines, from browser exploits to ISPs that modify webpages. In this talk, I will discuss my research into improving thesecurity and reliability of web content and browsers.For most of this talk, I will focus on one particular problem: theability for intermediaries to modify web content in-flight. Our recentmeasurement study shows that many clients now receive web pages thathave been altered before reaching the browser. The changes range frominjected advertisements to popup blocking code to malware, oftenaffecting the user's privacy and security. Some of these changesintroduce bugs and even vulnerabilities into the pages they modify.Most sites are unwilling to switch to SSL for reasons of cost andperformance, so I will show how web servers can use "web tripwires" todetect in-flight page changes with inexpensive JavaScript code.After this, I will talk more broadly about my research on web browsersecurity, focusing on the deficiencies of today's web as an applicationplatform. Starting from my prior work on BrowserShield, I will show howwe need a safer architecture for running programs within the browser.Like an operating system, this new architecture will need effectivemechanisms to define, isolate, and enforce policies on these web programs.Speaker: Charles ReisCharles Reis is a PhD student in the Department of Computer Science &Engineering at the University of Washington, studying with Steve Gribbleand Hank Levy. His current research focuses on improving the securityand reliability of web content and web browsers. In the past, he hasalso worked on models of wireless interference with David Wetherall.Charles received a B.A. and an M.S. in Computer Science from RiceUniversity, where he worked with Corky Cartwright and Peter Druschel.At Rice, Charles was the second lead developer for DrJava, a widely usededucational programming environment.
Length: 54:26


Questions about Building a Safer Web: Web Tripwires and a New Browser Architecture

Want more info about Building a Safer Web: Web Tripwires and a New Browser Architecture? Get free advice from education experts and Noodle community members.

  • Answer