Withdraw
Loading…
Towards secure web browsing
Tang, Shuo
Loading…
Permalink
https://hdl.handle.net/2142/24307
Description
- Title
- Towards secure web browsing
- Author(s)
- Tang, Shuo
- Issue Date
- 2011-05-25T14:51:23Z
- Director of Research (if dissertation) or Advisor (if thesis)
- King, Samuel T.
- Doctoral Committee Chair(s)
- King, Samuel T.
- Committee Member(s)
- Gunter, Carl A.
- Meseguer, José
- Levy, Henry M.
- Montesinos Ortego, Pablo
- Department of Study
- Computer Science
- Discipline
- Computer Science
- Degree Granting Institution
- University of Illinois at Urbana-Champaign
- Degree Name
- Ph.D.
- Degree Level
- Dissertation
- Keyword(s)
- Operating System
- Web Security
- Web Browser
- Formal Method
- Security
- Abstract
- The Web is now the dominant platform for delivering interactive applications to hundreds of millions of users. Correspondingly, web browsers have become the de facto operating system for hosting these web-based applications (web apps). Unfortunately, web apps, browsers, and operating systems have all become popular targets for web-based attacks, intensifying the need for secure web browsing systems. Current research efforts to retrofit today's web browsers help to improve security, but fail to address the fundamental design flaws of current browsing systems. To overcome those issues, in this dissertation, we rethink the way we build secure browsing systems, hoping to define the principles that should be followed. To achieve this goal, we strive to learn through building experimental systems for secure web browsing. Specifically, we design and implement a new operating system and a new web browser. We also investigate other generic approaches to help secure these systems even further, including formal methods and heuristics. The first system we build is called the Illinois Browser Operating System (IBOS). IBOS is an operating system co-designed with a new browser that reduces the trusted computing base for web browsing. We demonstrate that by exposing browser-level abstractions directly at the lowest software layer -- the OS kernel -- we are able to remove almost all traditional OS components and services from our trusted computing base. We show that this architecture is flexible enough to enable new browser security policies, can still support traditional applications and adds little overhead to the overall browsing experience. We also propose the OP2 secure browser architecture that can be used on top of commodity operating systems. We combine operating system design principles with formal methods to design this secure web browser by drawing on the expertise of both communities. Our design philosophy is to partition the browser into smaller subsystems and make all communications between subsystems simple and explicit. At the core of our design is a small browser kernel that manages the browser subsystems and interposes on all communications between them to enforce our new browser security features. Through the experiences of building these systems, we are able to summarize the principles of building secure browsing systems: 1) make security decisions at the lowest layer of software and make it simple; 2) enforce strong isolation between distinct browser-level components; 3) employ simple and explicit communication between components; 4) provide the right set of operating system abstractions; 5) maintain compatibility with current browser standards; 6) expose enough browser states and events to enable new browser security policies. Overall, we demonstrate in this dissertation that, by following these principles, our new browsing systems are not vulnerable to many forms of web-based attacks. We believe that the work presented in the dissertation makes one step towards secure web browsing.
- Graduation Semester
- 2011-05
- Permalink
- http://hdl.handle.net/2142/24307
- Copyright and License Information
- Copyright 2011 Shuo Tang
Owning Collections
Graduate Dissertations and Theses at Illinois PRIMARY
Graduate Theses and Dissertations at IllinoisDissertations and Theses - Computer Science
Dissertations and Theses from the Dept. of Computer ScienceManage Files
Loading…
Edit Collection Membership
Loading…
Edit Metadata
Loading…
Edit Properties
Loading…
Embargoes
Loading…