Protecting Users by Confining JavaScript with COWL
Paper in proceedings, 2014

Modern web applications are conglomerations of JavaScript written by multiple authors: application developers routinely incorporate code from third-party libraries, and mashup applications synthesize data and code hosted at different sites. In current browsers, a web application’s developer and user must trust third-party code in libraries not to leak the user’s sensitive information from within applications. Even worse, in the status quo, the only way to implement some mashups is for the user to give her login credentials for one site to the operator of another site. Fundamentally, today’s browser security model trades privacy for flexibility because it lacks a sufficient mechanism for confining untrusted code. We present COWL, a robust JavaScript confinement system for modern web browsers. COWL introduces label-based mandatory access control to browsing contexts in a way that is fully backward compatible with legacy web content. We use a series of case-study applications to motivate COWL’s design and demonstrate how COWL allows both the inclusion of untrusted scripts in applications and the building of mashups that combine sensitive information from multiple mutually distrusting origins, all while protecting users’ privacy. Measurements of two COWL implementations, one in Firefox and one in Chromium, demonstrate a virtually imperceptible increase in page-load latency.

mandatory access control

information-flow control

security

Google Chrome

Firefox

Web browsers

Author

Deian Stefan

Edward Z. Yang

Petr Marchenko

Alejandro Russo

Chalmers, Computer Science and Engineering (Chalmers), Software Technology (Chalmers)

Dave Herman

Brad Karp

David Mazières

Symposium on Operating Systems Design and Implementation (OSDI 2014)

Areas of Advance

Information and Communication Technology

Subject Categories

Computer and Information Science

Other Engineering and Technologies

Software Engineering

Computer Science