Researchers from UCL, Stanford Engineering, Google, Chalmers and Mozilla Research have built a new system that protects Internet users' privacy whilst increasing the flexibility for web developers to build web applications that combine data from different web sites, dramatically improving the safety of surfing the web.
The system, 'Confinement with Origin Web Labels,' or COWL, works with Mozilla's Firefox and the open-source version of Google's Chrome web browsers and prevents malicious code in a web site from leaking sensitive information to unauthorised parties, whilst allowing code in a web site to display content drawn from multiple web sites – an essential function for modern, feature-rich web applications.
Testing of COWL prototypes for the Chrome and Firefox web browsers shows the system provides strong security without perceptibly slowing the loading speed of web pages. Following its announcement today, COWL will be freely available for download and use on 15th October from http://cowl.ws.
The team who developed it, including two PhD students from Stanford (working in collaboration with Mozilla Research) and a recently graduated PhD from UCL (now employed by Google), hope COWL will be widely adopted by web developers.
The research team describe COWL in a paper that will appear in the Proceedings of the 11th USENIX Symposium on Operating Systems Design and Implementation, a premier venue for operating systems research.
Co-author Professor Brad Karp (UCL Computer Science), said: "COWL achieves both privacy for the user and flexibility for the web application developer. Achieving both these aims, which are often in opposition in many system designs, is one of the central challenges in computer systems security research.
Professor Karp said: "By blocking the building of web applications that synthesize content from multiple web sites, the SOP actually forces web developers to make design choices that put users' privacy at risk. That's a problem we've solved with COWL.
"For example, one useful web application would let users check they're not being overcharged for items they've ordered from Amazon. The app would have to pull in information from the user's bank statement and Amazon, reconcile the two, and present the result in the browser. To do this, a web developer would need to write code that integrated data from the bank's web site with data from Amazon's web site but the SOP would block this, as the two data sources are hosted by different web domain names. Today's web developers get around this by writing an app that asks the user for their bank and Amazon login credentials, so it can log into both services and collect information as if it is the user. This clearly compromises the user's privacy as the provider of the app gains full access to the user's online banking system and Amazon account."
Deian Stefan, lead PhD student on the project at Stanford, said: "What we've achieved in COWL is a system that lets web developers build feature-rich applications that combine data from different web sites without requiring that users share their login details directly with third-party web applications, all while ensuring that the user's sensitive data seen by such an application doesn't leave the browser. Both web developers and users win."
The research team has shown how to use COWL to build four applications previously unachievable with strong privacy, including an encrypted document editor, a third-party mashup application, a password manager, and a web site that safely includes an untrusted third-party library.
Notes for Editors
For a copy of the paper or to speak to the researchers involved, please contact Dr Rebecca Caygill in the UCL press office, T: +44 (0)20 3108 3846, E: email@example.com
Rebecca Caygill | Eurek Alert!
Cloud technology: Dynamic certificates make cloud service providers more secure
15.01.2018 | Technische Universität München
New discovery could improve brain-like memory and computing
10.01.2018 | University of Minnesota
What enables electrons to be transferred swiftly, for example during photosynthesis? An interdisciplinary team of researchers has worked out the details of how...
For the first time, scientists have precisely measured the effective electrical charge of a single molecule in solution. This fundamental insight of an SNSF Professor could also pave the way for future medical diagnostics.
Electrical charge is one of the key properties that allows molecules to interact. Life itself depends on this phenomenon: many biological processes involve...
At the JEC World Composite Show in Paris in March 2018, the Fraunhofer Institute for Laser Technology ILT will be focusing on the latest trends and innovations in laser machining of composites. Among other things, researchers at the booth shared with the Aachen Center for Integrative Lightweight Production (AZL) will demonstrate how lasers can be used for joining, structuring, cutting and drilling composite materials.
No other industry has attracted as much public attention to composite materials as the automotive industry, which along with the aerospace industry is a driver...
Scientists at Tokyo Institute of Technology (Tokyo Tech) and Tohoku University have developed high-quality GFO epitaxial films and systematically investigated their ferroelectric and ferromagnetic properties. They also demonstrated the room-temperature magnetocapacitance effects of these GFO thin films.
Multiferroic materials show magnetically driven ferroelectricity. They are attracting increasing attention because of their fascinating properties such as...
The oceans are the largest global heat reservoir. As a result of man-made global warming, the temperature in the global climate system increases; around 90% of...
08.01.2018 | Event News
11.12.2017 | Event News
08.12.2017 | Event News
18.01.2018 | Life Sciences
18.01.2018 | Life Sciences
18.01.2018 | Earth Sciences