Web-based attacks have become very prevalent on the Internet. As conducted by Kaspersky lab, 34.7% of their users were targeted by a web-based attack at least once while browsing the Internet. In my thesis, I will discuss three fundamental tasks in building a principal-based browser architecture preventing various web attacks. In the first task, I will introduce how to prevent and detect attacks, such as drive-by download, which penetrate the boundary of a browser principal. In particular, I will present JShield, a vulnerability-based detection engine that is more robust to obfuscated drive-by download attacks, when compared to various anti-virus software and most recent research papers. Then, in the second task, I will introduce configurable origin policy (COP), the access control policy of next generation browsers, which gives web sites more freedom to render various contents inside one principal. In the end, I will also introduce the communication between different browser principals.
展开▼
