Scientists from UCL, Stanford Engineering, Google, Chalmers and Mozilla Research have built a new system that protects Internet users’ privacy whilst increasing the flexibility for web developers to build web applications that combine data from different web sites, dramatically improving the safety of surfing the web.
The system, ‘Confinement with Origin Web Labels,’ or COWL, works with Mozilla’s Firefox and the open-source version of Google’s Chrome web browsers and prevents malicious code in a web site from leaking sensitive information to unauthorised parties, whilst allowing code in a web site to display content drawn from multiple web sites – an essential function for modern, feature-rich web applications.
Testing of COWL prototypes for the Chrome and Firefox web browsers shows the system provides strong security without perceptibly slowing the loading speed of web pages. Following its announcement today, COWL will be freely available for download and use on October 15 from http://cowl.ws. The team who developed it, including two PhD students from Stanford (working in collaboration with Mozilla Research) and a recently graduated PhD from UCL (now employed by Google), hope COWL will be widely adopted by web developers.
Currently, web users’ privacy can be compromised by malicious JavaScript code hidden in seemingly legitimate web sites. The web site’s operator may have incorporated code obtained elsewhere into his or her web site without realising that the code contains bugs or is malicious. Such code can access sensitive data within the same or other browser tabs, allowing unauthorised parties to obtain or modify data without the user’s knowledge.
The research team describe COWL in a paper published in the Proceedings of the 11th USENIX Symposium on Operating Systems Design and Implementation.
Co-author Professor Brad Karp (UCL Computer Science) said: “COWL achieves both privacy for the user and flexibility for the web application developer. Achieving both these aims, which are often in opposition in many system designs, is one of the central challenges in computer systems security research.
“The new system provides a property known as ‘confinement’ which has been known since the 1970s, but proven difficult to achieve in practical systems like web browsers. COWL confines JavaScript programs that run within the browser, such as in separate tabs. If a JavaScript program embedded within one web site reads information provided by another web site – legitimately or otherwise – COWL permits the data to be shared, but thereafter restricts the application receiving the information from communicating it to unauthorised parties. As a result, the site that shares data maintains control over it, even after sharing the information within the browser.”
The Latest on: Web privacy system
via Google News
The Latest on: Web privacy system
- Zoho Continues To Unify Its Operating System With Zoho Marketing Pluson May 13, 2022 at 9:29 am
Zoho is a company that I follow closely as a leader in business SaaS, offering a suite of over fifty web-based business applications that ... Its enterprise-level operating system Zoho One does just ...
- Protected Computing, password-free future, virtual credit cards and other privacy announcements at Google I/Oon May 13, 2022 at 1:30 am
Protected Computing will allow users to remove personally identifiable information from Google Search results.
- Web 3.0 in financial services – a transient concept or here to stay?on May 13, 2022 at 1:25 am
As a result, As a result, privacy and trust typify Web 3.0 applications as the decentralised as the ... and services that mostly operate outside of the established financial system, controlled by the ...
- Planned EU rules to protect children online are attack on privacy, warn criticson May 12, 2022 at 9:02 am
Encrypted messaging apps could be threatened by requirement for platforms to search for and combat child sexual abuse ...
- Consumer Wants: Privacy Transparency, Online Security, Better Customer Experienceon May 12, 2022 at 7:28 am
Axway asked survey respondents about open banking and financial services, healthcare general technology, security and privacy and digital customer experiences. Survey partner Propeller Insights asked ...
- Web 3.0 Career Guideline: How to start working and make moneyon May 11, 2022 at 5:00 pm
The Internet of Things is going to be more humane, and the privacy of information ... users will interact with a system, and design layouts, pages, and interfaces that meet those needs. Apart from ...
- After DeFi, DeSoc: Finding Web 3’s Soulon May 11, 2022 at 2:12 pm
By using Web 3’s building blocks to represent social identity, the ecosystem can overcome its current limitations and bring about a decentralized society.
- ICE has created a surveillance system that can be used to spy on nearly any American: investigationon May 11, 2022 at 5:00 am
The study—entitled American Dragnet: Data-Driven Deportation in the 21st Century—found that Immigration and Customs Enforcement (ICE) "has built its dragnet surveillance system by crossing ...
- Protecting Consumer Health Data Privacy Beyond HIPAAon May 10, 2022 at 4:07 am
Existing health privacy law, such as the Health Insurance Portability and Accountability Act (HIPAA), is primarily focused on the way hospitals, doctors’ offices, clinics and insurance companies store ...
- Protect Your Data: 30-Second Privacy Fixeson May 6, 2022 at 8:32 am
Devices such as smartphones, smartwatches, fitness trackers and security systems suffer about 5,200 cyber-attacks a month.
via Bing News
