Web-based applications executed via web browsers are ubiquitous in everyday life. They underlie our banking, communications, shopping, social networking, tax payments, insurance transactions, and health care interactions. Unfortunately, malicious actors can take advantage of vulnerabilities in web browsers to exploit the user's computer. The consequences of a web browser attack can be severe: web content can execute arbitrary code on the victim's machine. This research project studies how web applications use the features provided by web browsers and how user systems can be protected by restricting unnecessary browser features.

This project addresses web browser security by reducing the browser feature footprint, thereby reducing the browser attack surface and mitigating many classes of attacks. The researchers are building a feature-instrumented browser that reports what functionality is used by a web application. Then, they leverage that information to automatically identify when web applications diverge from their expected behavior and attack the user's browser. To enable users to use the most up-to-date browsers, while protecting them from unnecessary and risky browser features, the research team is building a system to decouple features from the browser.

Agency
National Science Foundation (NSF)
Institute
Division of Computer and Network Systems (CNS)
Type
Standard Grant (Standard)
Application #
1703454
Program Officer
Sol Greenspan
Project Start
Project End
Budget Start
2017-09-01
Budget End
2021-08-31
Support Year
Fiscal Year
2017
Total Cost
$387,098
Indirect Cost
Name
Northeastern University
Department
Type
DUNS #
City
Boston
State
MA
Country
United States
Zip Code
02115