Mohan Dhawan, Mohan Dhawan
2013 unpublished
The modern Web platform provides an extensible architecture that lets third party extensions, often untrusted, enhance and customize the Web browser and the Web applications. While the prevalence of extensions for both browsers and applications has been instrumental in making the Web browser hugely successful, there are two critical issues that the designers of the modern Web platform have not yet tackled in a principled manner. First, both the third party extensions and the extensible
more » ... extensible components of the Web platform include numerous vulnerabilities, which can compromise the security and privacy of end users. Second, the black-box and opaque nature of the Web platform limits the extent of extensibility achievable for Web developers, thereby hampering the development of novel browser-based user applications. This dissertation develops new tools and techniques to address the problem of insecure extensibility in the Web platform, proposes novel language and system level solutions to make extensibility a first class primitive for developing Web software, and demonstrates that these methods are applicable to real-world Web applications and Web browser extensions. Specifically, this dissertation makes the following three contributions. First, it studies and characterizes the problem of insecure JavaScript-based Web browser extensions using a specialized program analysis system, Sabre, which leverages JavaScript-level information flow mechanism to detect violations in client's confidentiality and integrity arising from execution of untrusted extensions. Second, it formalizes the concept of transactions for JavaScript and ii implements Transcript, a language runtime system that allows hosting principals, i.e., Web browser and Web applications, to isolate untrusted JavaScript-based extensions using speculative execution. Lastly, this dissertation presents the design and implementation of Atlantis, a novel, extensible browser architecture that allows Web applications to define their own runtime environment and become more secure and robust. Atlantis enables developers with primitives to manage the Web application's security and privacy, and removes their dependence on opaque, legacy Web interfaces. iii Acknowledgements This dissertation would not have been possible without the contribution, encouragement, and guidance of a number of individuals.