Andrea Bittau : 2010 Security Workshop

Google's native client allows websites to run x86 code securely in web browsers. We enhanced native client to permit filesystem and network access in a controlled manner, and more generally, designed a security framework for it using information flow control. Our work consists of three parts: a framework for building sandboxed applications, a way of expressing policies for multiple applications such that they can compose without undermining security, and a user interface that derives policies implicitly based on user interactions that would happen anyway. We demonstrate two applications: a video player that uses bittorrent to stream and watch videos on demand, and an extension to Google's Quake demo to support networked games. Both applications meet strong security guarantees such as not being able to exfiltrate private user data, and not being able to use client devices for mounting DoS attacks or (e.g.,) sending spam. Both applications obtain their needed privileges implicitly based on user actions. These applications (and guarantees) could not have been accomplished using existing client-side web technologies.

Andrea Bittau is a postdoc in Stanford's computer science department. His current projects are building a security framework or Google's native client, and adding encryption support to TCP. Past projects included building a security toolkit for Linux ("Wedge") primarily geared to securing existing application code, and attacks on WEP (the fragmentation attack).