2001 FREENIX Track Technical Program - Abstract
Building a Secure Web Browser
Sotiris Ioannidis, University of Pennsylvania, and Steven M. Bellovin, AT&T Labs-Research
Over the last several years, popular applications such as Microsoft Internet
Explorer and Netscape Navigator have become prime targets of attacks.
These applications are targeted because their function is to process
unauthenticated network data that often carry active content. The processing
is done either by helper applications, or by the web browser itself.
In both cases the software is often too complex to be bug free.
To make matters worse, the underlying operating system can do very little
to protect the users against such attacks since the software is running
with the user's privileges.
We present the architecture of a secure browser, designed to handle
attacks by incoming malicious objects. Our design is based on an operating
system that offers process-specific protection mechanisms.