Improvements of User's Security and Privacy in a Web Browser

Date of Award

2021

Degree Name

M.C.S. (Master of Computer Science)

Department

Department of Computer Science

Advisor/Chair

Phu H. Phung

Abstract

The Internet and the web are ingrained in our society, and billions of people are on it daily. The number of websites and the amount of data that is generated is staggering. The current business model for technology companies is through ad sales and selling marketing data to other companies. The flaw with this model is that it encourages the industry to collect users' data to help better target users on the Internet to increase revenue. The end-user has little control over what data is collected while using the Internet. Though more pressure is coming from the public because of recent data leaks and vulnerability discovery, browser vendors are focusing more attention on privacy and security. This thesis proposes an in-browser policy enforcement mechanism to protect users' privacy. Based on several privacy laws, such as the limitation of third-party cookies and data leakage, we define formal policies to be enforced in the browser via a reference monitor. We have first developed a proof-of-concept prototype as a browser extension to implement the policy enforcement mechanism. Our prototype, built on an existing browser extension codebase, can block 95% of third-party cookies and enforce the cross-origin isolation policy during a browser session, demonstrated by experiments on ten popular websites. In addition, our enforcement tool allows users to customize the policies at runtime. Lastly, we propose a path on moving the enforcement mechanism into the Chromium browser so that privacy protection can be enabled by default.

Keywords

Computer Science, MyWebGuard, Cross-Origin Isolation, Blocking Third-Party Cookies, Blink Runtime Enabled Features, Browser Extension Integration into Chromium

Rights Statement

Copyright © 2021, author.

Link to Full Text

Share

COinS