Modern web browsers have evolved from simple document renderers to complex runtime environments for many types of web content. This makes them analogous to operating systems in many ways. My current research takes advantage of this analogy, using ideas from operating systems to improve the security and robustness of web browsers.

I am studying how to address several current threats on the web, including browser vulnerabilities, cross-site scripting, cross-site request forgeries, and resource contention between web sites. I have proposed a set of architectural principles to better support running web programs within the browser:

• Web programs and program instances must have clear boundaries on the network and within the web browser.
• It must be easy to specify which code is authorized to run in a web program, and to impose limitations on this code.
• Instances of programs must be isolated in the browser, to prevent interference between them.
• The behavior of program instances must be governed by uniform browser-level policies, independent of content types and browser extensions.

• [Google Chrome] / [Chromium]
  I have been working on the Chromium web browser as an intern at Google, focusing on the multi-process architecture of the browser. (Chromium is the open source web browser from which Google Chrome is derived.) Based on my earlier research on [using multiple OS processes within a browser], I helped refine the [process models] used by Chromium.
  • Blog Post: [Multi-process architecture]
  • Blog Post: [Security architecture]

• [Detecting In-Flight Page Changes with Web Tripwires]
  April, 2008.
  This measurement study shows that many users receive web pages that have been altered between the server and the browser, often with unwanted or dangerous consequences. The paper also shows how these changes can be detected with simple JavaScript code. A [summary report] is also available online.

• [Architectural Principles for Safe Web Programs]
  HotNets, 2007.
  This paper shows how current web security threats are symptoms of four fundamental problems in the ways web programs are defined and web browsers are built. It proposes architectural principles for addressing these problems.

• [BrowserShield: Vulnerability-Driven Filtering of Dynamic HTML]
  ACM Transactions on the Web, 2007.
  This journal paper extends our OSDI paper on BrowserShield, providing more detail on the framework's policies and applications.

• [BrowserShield: Vulnerability-Driven Filtering of Dynamic HTML]
  OSDI, 2006.
  This paper describes how enterprise firewalls can use comprehensive JavaScript rewriting to prevent web pages from exploiting known browser vulnerabilities.

• [The Security Architecture of the Chromium Browser]
  September, 2008.
  This tech report describes how the Chromium web browser (from which Google Chrome is built) uses a sandbox to try to limit the damage that can be done if a vulnerability in Chromium's rendering engine is exploited. Joint work with Adam Barth and Collin Jackson.

• [Using Processes to Improve the Reliability of Browser-based Applications]
  December, 2007.
  This tech report shows how an increase in the use of client-side JavaScript code is leading to reliability problems in web browsers, and it evaluates the use of OS processes to isolate web sites from each other within the browser.

• [Improving the Security and Robustness of Modern Web Browsers]
  General Exam Report, 2007.
  This report is an informal thesis proposal. It describes how the current threats to web browser security can be addressed by improving the isolation between unrelated web pages and interposing on web page behavior.