Web Security Projects


We have built a principal-based browser architecture to detect, quarantine, and prevent various web-borne security threats, which happen within, across, and outside web principals. We define a web principal, as borrowed from operating systems, an isolated security container of resources inside the client browser.

To understand the aforementioned web-borne security threats, we have proposed using crowdsourcing techniques to detect patterns of intra-principal threats, i.e., add-on cross-site scripting (XSS), as well as vulnerability signatures to detect patterns of an outside-principal threat, i.e., drive-by download attacks.

We propose a two-step prevention mechanism, which first proactively quarantines those threats, and then, reactively modifies and protects existing infrastructures from those threats. My proactive approach quarantines XSS attacks inside iframes to cut off their further propagation path; my reactive approaches first redefines web browser principal boundaries by a new client-side access control policy, then make those client-side principals stronger by either virtualization or proxy, and at last connect those principals by a secure channel. The classification of the Web security is shown in the figure.