CSC News

Kapravelos Aims to Improve Browser Security by Taming Browser Functionality

Alexandros Kapravelos, Assistant Professor of Computer Science at NC State, has been awarded $406,609 by the National Science Foundation (NSF) to support his research project entitled “SaTC: CORE: Medium: Collaborative: Taming Web Content Through Automated Reduction in Browser Functionality”. 

This is a collaborative award with Dr. Adam Doupé, assistant professor of computer science at Arizona State University, and Dr. Engin Kirda, professor of computer science at Northeastern University.  The award runs from September 1, 2017 through August 31, 2021, and the total funded amount is $1,199,787.

Abstract:  The browser is constantly evolving to meet the demands of Web applications. Although this evolution supports the innovation that we see on the internet, there are security implications that we need to consider, such as attacks against the browser that leverage bugs that occur from the rapid development.

In this project, we plan to examine how certain web applications work and associate their behavior directly with the corresponding browser functionality. Our goal is to be able to characterize what functionality is needed from the browser when rendering a page and certain components. By building a system like this we will be able to identify for example what is needed from the browser to render a web advertisement. To better protect the internet users, we are going to leverage that information so that we can identify when web applications diverge from their expected behavior and attack the users' browser. We will use this information to limit the exposed functionality to the web applications and eliminate this way multiple classes of attacks, such as browser fingerprinting and drive-by downloads.

~scanlon~