Alert icon
We're changing our privacy policy. This stuff matters.  Learn more  Dismiss

Building a Safer Web: Web Tripwires and a New Browser Architecture

Sign in or sign up now!
4,672
Loading...
Alert icon
Sign in or sign up now!
Alert icon

Uploaded by on Mar 12, 2008

Google Tech Talks
March, 10 2008

ABSTRACT

Web content has shifted from simple documents to active programs, but
web protocols and browsers have not evolved adequately to support them.
As a result, safety problems in web sites and web browsers now
regularly make headlines, from browser exploits to ISPs that modify web
pages. In this talk, I will discuss my research into improving the
security and reliability of web content and browsers.

For most of this talk, I will focus on one particular problem: the
ability for intermediaries to modify web content in-flight. Our recent
measurement study shows that many clients now receive web pages that
have been altered before reaching the browser. The changes range from
injected advertisements to popup blocking code to malware, often
affecting the user's privacy and security. Some of these changes
introduce bugs and even vulnerabilities into the pages they modify.
Most sites are unwilling to switch to SSL for reasons of cost and
performance, so I will show how web servers can use "web tripwires" to
detect in-flight page changes with inexpensive JavaScript code.

After this, I will talk more broadly about my research on web browser
security, focusing on the deficiencies of today's web as an application
platform. Starting from my prior work on BrowserShield, I will show how
we need a safer architecture for running programs within the browser.
Like an operating system, this new architecture will need effective
mechanisms to define, isolate, and enforce policies on these web programs.

Speaker: Charles Reis
Charles Reis is a PhD student in the Department of Computer Science &
Engineering at the University of Washington, studying with Steve Gribble
and Hank Levy. His current research focuses on improving the security
and reliability of web content and web browsers. In the past, he has
also worked on models of wireless interference with David Wetherall.
Charles received a B.A. and an M.S. in Computer Science from Rice
University, where he worked with Corky Cartwright and Peter Druschel.
At Rice, Charles was the second lead developer for DrJava, a widely used
educational programming environment.

Category:

People & Blogs

Tags:

License:

Standard YouTube License

  • likes, 2 dislikes

Link to this comment:

Share to:

Top Comments

  • It's the maximum interval for caffeine-based injections in academia

    bokkepoot69 3 years ago 3

  • Why is it always 60 minutes? :-/

    Great video anyway.

    useforum 3 years ago

see all

All Comments (6)

Sign In or Sign Up now to post a comment!

  • I had been running the Google tripwire service for my static website for 2 years or so, but now it seems the service is unavailable. Even the domain under which it operates from fails to load. Is this truly the case, or has it been moved to a different domain? How can I get it running again?

    KnightSquared 4 months ago

  • I'd love to try this out on the website i am building hmm... no links :(

    ZerqTM 2 years ago

  • Hey great video, very much appreciate your work in this field.

    MrJeppsSe 3 years ago

  • GOOGLE HAVE MY BABIES

    CuteBoyPip 3 years ago

View all Comments »
Loading...

0 / 00Unsaved Playlist Return to active list
    1. Your queue is empty. Add videos to your queue using this button:
      or sign in to load a different list.
    Loading...Loading...Saving...
    • Clear all videos from this list
    • Learn more