Redesigning Web browser platform is the key to long-term cyber security
With an ever-increasing emphasis on utilizing the Web to seek and share information, the security of information is a high priority. Wenliang Du, professor of computer science in Syracuse University’s L.C Smith College of Engineering and Computer Science, has received a $471,970 grant from the National Science Foundation (NSF) to explore ways to make Web browsers a safer environment for information gathering and dissemination.
The grant, titled “To Configure or to Implement, That is the Access Control Question for Lab Applications,” aims to explore the flaws and weaknesses of Web browsers with respect to information security and to propose platform solutions. Du will be working for three years to both design and test his improved platform.
Many Web users assume that if information is on a trusted site, each page on the site is coming from the same source. This assumption of Same Origin Policy (SOP) is often flawed and can lead to misinformation or criminal activity. The protection needs of today’s Web far surpass that of the past as there are more efforts made to exploit its design weaknesses.
While many researchers are focusing on diagnosing symptoms of cyber security weakness and proposing patches to issues, Du’s research aims to look at the overall design of Web browsers and to propose an entirely new security model. Du uses bridge design as an analogy to the work he will conduct. “You may look at a bridge and see weak areas that need to be fortified,” Du says. “However, the design flaws may be more evident if you go back to the blueprint for the original structure. You may find that your best recommendation may be to rebuild.”
The award comes from NSF’s Division of Computing and Network Systems (CNS) that “supports research and education activities that invent new computing and networking technologies and that explore new ways to make use of existing technologies.” Du’s work will support this initiative by not only redesigning Web browser platforms but by working to gain its adoption by leading Web browser providers like Google and Mozilla. By adopting this improved platform, companies can reconfigure their system and let the new platform implement the added security benefits rather than continuing to add patches.
