London: Researchers have built a new system that protects Internet users' privacy and dramatically improves the safety of surfing the web.
Researchers from University College London, Stanford Engineering, Google, Chalmers University of Technology and Mozilla Research have built the system called 'Confinement with Origin Web Labels,' or COWL.
It works with Mozilla's Firefox and the open-source version of Google's Chrome web browsers and prevents malicious code in a web site from leaking sensitive information to unauthorised parties, while allowing code in a web site to display content drawn from multiple web sites - an essential function for modern, feature-rich web applications.
Testing of COWL prototypes for the Chrome and Firefox web browsers showed the system provides strong security without perceptibly slowing the loading speed of web pages.
Currently, web users' privacy can be compromised by malicious JavaScript code hidden in seemingly legitimate web sites.
The web site's operator may have incorporated code obtained elsewhere into his or her web site without realising that the code contains bugs or is malicious.
Such code can access sensitive data within the same or other browser tabs, allowing unauthorised parties to obtain or modify data without the user's knowledge.
"The new system provides a property known as 'confinement' which has been known since the 1970s, but proven difficult to achieve in practical systems like web browsers," co-author Professor Brad Karp from UCL said.
"COWL confines JavaScript programmes that run within the browser, such as in separate tabs.
"If a JavaScript programme embedded within one web site reads information provided by another web site - legitimately or otherwise - COWL permits the data to be shared, but thereafter restricts the application receiving the information from communicating it to unauthorised parties.
"As a result, the site that shares data maintains control over it, even after sharing the information within the browser," Karp said.
Comments
0 comment