Researchers develop new web privacy system for Google Chrome and Firefox
Share on Twitter.
Get the most reliable SMTP service for your business. You wished you got it sooner!
October 7, 2014
cyber criminals, researchers have developed what they say is a new web privacy system for
the Google Chrome browser and Mozilla Firefox.
The new Confinement with Origin Web Labels (COWL) system tries to protect websites that
passwords and other sensitive information from webpages to hackers and potential criminals.
Those libraries could have been badly designed, poorly implemented, deliberately written to be
malicious, or simply compromised by hackers tampering with the source code.
In a brief published this week in Proceedings of the 11th USENIX Symposium on Operating Systems
Design and Implementation, the COWL team notes that about 59.4 percent of the top one million web
sites, and 77 percent of the top 10,000 web sites incorporate jQuery-– the official site for
which was infiltrated by miscreants, although the library code was not altered.
Perhaps developers simply shouldn't use unaudited or sketchy-sourced code in production systems,
but the team's point is that the utilization of third-party libraries is prevalent – and this is
a security risk.
COWL, which will be available as a free download beginning Wednesday next week, adds a DOM-
level API to Firefox and Chrome. This software interface is then used by web developers to ensure
that data is only shared with servers behind named domains, and thus not with any other machines.
via messages. If a context tries to access the contents of a block that are not approved by the
author, then that messaging is blocked.
The research team says that its API is easy to use, and claims it doesn't reduce the browser's
processing speed in a significant manner.
To test that assessment, the group built 4 web apps using the COWL API-- an encrypted document
editor, a third-party mashup application, a password manager and a website that includes jQuery code
Using COWL didn't slow the browser down beyond 16 milliseconds, we're told. "We don’t change the
and networks at University College in London (UCL).
"Our system does check while the system is executing, but more at the boundaries between browsing
contexts. COWL's checks only happen when there is communication between these contexts," he added.
COWL was developed by Karp and a PhD student at UCL who is now working at Google, along with Professor
David Mazieres from Stanford University's computer science department and two of his PhD students working in
collaboration with Mozilla Research.
Karp said that Mozilla and Chromium were targeted by COWL because they are both open source. Safari,
which uses Webkit in the same manner as Chrome, should also be usable with COWL, but couldn't speculate
on Internet Explorer's internals for COWL.
"What we've achieved in COWL is a simple system that lets web developers build feature-rich applications
that combine data from different web sites without requiring that users share their login details
directly with third-party web apps, all while ensuring that the user's sensitive data seen by such
an application doesn't leave the browser," said Deian Stefan, lead PhD student on the project at
"Both web developers and users win," he added. Only once the code is released, scrutinized, and
others cannot find ways of leaking data from COWL's contexts, can we be certain that all is well.
Source: University College in London (UCL).
Get the most dependable SMTP server for your company. You will congratulate yourself!
Share on Twitter.