Loading...

USENIX Security '19 - Baby Steps towards the Precipice: How the Web Became a Scary

68 views

Loading...

Loading...

Transcript

The interactive transcript could not be loaded.

Loading...

Rating is available when the video has been rented.
This feature is not available right now. Please try again later.
Published on Sep 26, 2019

Baby Steps towards the Precipice: How the Web Became a Scary Place and How We Can Fix It

Artur Janc, Staff Information Security Engineer, Google

The web has become the world's most successful application ecosystem: it powers millions of applications, many of which hold some of our most sensitive data, and is used daily by billions of users. At the same time, the evolution of the web from a collection of hyperlinked documents into what it is today has left it with fundamental, endemic security problems, which threaten to undermine its basic security and privacy guarantees.

In this talk, we'll start by walking through these problems: we'll show how the combination of insecure defaults and little-known platform quirks makes it all but impossible for non-experts to write secure applications; how long-standing web features have continued to allow attackers to leak sensitive application data with no recourse on part of web authors; and how our cherished high-level abstractions such as the same-origin policy crumble in the face of microarchitectural side-channels and related information leaks enabled by the introduction of powerful new APIs into the web platform.

We'll then recognize that we can no longer turn a blind eye towards these transgressions and that we desperately need a concerted effort to save the web from crumbling under its own weight. We'll outline the work that needs to happen to address the most pressing problems of the ecosystem; this includes building powerful new opt-in features to protect against endemic web vulnerability classes, removing dangerous legacy behaviors to reduce the web's attack surface, and investing more time into proactive reviews and research of new platform features which alter the web's security model.

This work will require strong collaboration between application authors, browser vendors and the academic community; it will be hard and thankless. However, if tackle these problems, we will allow the next generation of developers to finally build secure applications without requiring a myriad of costly application-specific workarounds, making the web platform and users' data safe for the coming decades.

View the full USENIX Security '19 program at https://www.usenix.org/conference/use...

Loading...


to add this to Watch Later

Add to

Loading playlists...