A three-year $472,000 grant from the National Science Foundation will fund Syracuse University research on ways to improve Web browser security.

Wenliang Du, associate professor at the L.C. Smith College of Engineering and Computer Science, will be working with a research team to reduce the number of security vulnerabilities Web browsers like Internet Explorer face.

Under the current design, 80 percent of all Web browsers are susceptible to some form of attack, Du said. But with such a high percentage, there must be more to the problem than poor development.

‘The problem is when 80 percent of developers are making these mistakes and leaving their sites vulnerable for attack, there has to be something else that contributed to the mistake,’ Du said.

Current troubleshooting for Web security usually happens in reaction to a security breach, Du said. If a website is attacked, the Web programmer who developed the code is the first person blamed.

Du and his research team found it is a problem that Web browsers determine who can access what content. The design was made 15 to 20 years ago and has not evolved with the Web, Du said.

‘The security model was good when websites only contained information from one destination,’ Du said. ‘Web 2.0 has content from different places and different Web servers.’

To solve this problem, Du and his team will be redesigning the security model to implement policies based on trust. This system would make it easier for Web developers to limit user access points through various levels of trustworthiness, Du said.

As part of his research, Du said he is making contacts with Web browser industries like Google and Mozilla Firefox in hopes that they will adopt his findings.

Carlos Caicedo, an associate professor at the School of Information Studies and director of the Center for Convergence and Emerging Technologies, said other approaches using a policy-based design have not yet succeeded.

‘It is a very interesting approach,’ Caicedo said. ‘But establishing policies based on trust is not an easy task.’

Caicedo said he thinks Du’s approach is worth pursuing.

‘If he succeeds in what he is trying to do,’ Caicedo said, ‘it could make the Web safer to use by correcting a lot of the vulnerabilities that exist in it today.’

hadrost@syr.edu

 

Published on October 5, 2010 at 12:00 pm