{"id":308297,"date":"2006-08-25T12:00:54","date_gmt":"2006-08-25T19:00:54","guid":{"rendered":"https:\/\/www.microsoft.com\/en-us\/research\/?p=308297"},"modified":"2016-10-19T01:40:44","modified_gmt":"2016-10-19T08:40:44","slug":"browsershield-helping-make-web-safe-surfers","status":"publish","type":"post","link":"https:\/\/www.microsoft.com\/en-us\/research\/blog\/browsershield-helping-make-web-safe-surfers\/","title":{"rendered":"BrowserShield: Helping Make the Web Safe for Surfers"},"content":{"rendered":"<p><em>By Rob Knies, Managing Editor, Microsoft Research<\/em><\/p>\n<p>It\u2019s a familiar clich\u00e9: The best offense is a good defense.<\/p>\n<p>You hear it all the time in a sporting context. But, as it turns out, that hoary truism applies to Web surfing, as well.<\/p>\n<p>Consider BrowserShield, a research project being conducted by <a href=\"https:\/\/www.microsoft.com\/en-us\/research\/people\/helenw\/\" target=\"_blank\">Helen Wang<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> and John Dunagan of the Systems & Networking group at Microsoft Research\u2019s <a href=\"https:\/\/www.microsoft.com\/en-us\/research\/group\/systems-research-group-redmond\/\" target=\"_blank\">Redmond lab<span class=\"sr-only\"> (opens in new tab)<\/span><\/a>. The project, the product of a discussion on HTML-based vulnerabilities with Opher Dubrovsky of Microsoft\u2019s <a href=\"http:\/\/www.microsoft.com\/isaserver\/default.mspx\" target=\"_blank\">Internet Security and Acceleration Server<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> (ISA) team, is examining ways to inspect and cleanse dynamic HTML content on Web pages, denying bad code the opportunity to execute and thereby protecting Internet users.<\/p>\n<p>\u201cWe want to save people,\u201d Dunagan says, \u201cfrom the problem that they\u2019re worried about.\u201d<\/p>\n<p>BrowserShield\u2019s suggested solution to nefarious forces who try to hijack your computer for personal gain is to comb through a Web page for JavaScript or Visual Basic\u00ae script and encapsulate it with associated logic that is executed at run time on the user\u2019s computer. By this means, the page is transformed into a safe equivalent designed not to exploit browser vulnerabilities, turning the tide in the battle against malicious Netizens.<\/p>\n<p>\u201cToday, when you surf the Web,\u201d Wang says, \u201cat any point, you may wander to a bad neighborhood, and when you click on a link and navigate to a malicious Web site, your computer can be compromised, your private personal information can be stolen, and your machine can be used as a zombie for a larger botnet.\u201d<\/p>\n<p>\u201cWhat are the problems with those bad links, bad neighborhoods? Some links include a bad executable download. On other occasions, a Web page is crafted especially so a particular vulnerability in your browser is exploited, and your computer can be compromised.\u201d<\/p>\n<p>In fact, with the growing popularity of Web services, browsers have become a popular vector for attacks. BrowserShield is designed to thwart such threats.<\/p>\n<p>While it is easy to cleanse a static, unchanging Web page, the key challenge lies in cleansing the dynamic content of a Web page, such as embedded JavaScript code. Such embedded script code can cause the Web page to be modified at run time, enabling attacks to be generated when the browser renders the page. Determining whether a piece of script code will carry out malicious action is an instance of the halting problem, well-known in computer science.<\/p>\n<p>BrowserShield tackles this challenge through script rewriting and vulnerability-driven filtering. When a user visits a Web site, as the page flows from the Web server toward the user\u2019s PC, the BrowserShield system intercepts the page and transforms it into a safe equivalent for a browser to render. The transformation includes policies that serve as vulnerability filters performing run-time checks and denying any activity designed to attack browser vulnerabilities.<\/p>\n<p>As it turns out, the logic for transforming the Web page can be injected at various stages and has numerous application scenarios.<\/p>\n<p>\u201cThis transformation logic,\u201d Wang says, \u201ccan be injected at a firewall, as a browser extension, or by Web publishers.\u201d<\/p>\n<p>Dunagan provides an enthusiastic elaboration.<\/p>\n<p>\u201cThat\u2019s something that we both think is really, really nice about this,\u201d he says. \u201cIt\u2019s something where ISA can help protect all the people within a corporation, or it can be something where MSN Search\u00ae makes it so that any of the cached Web pages that you can see on their site cannot contain these exploits; they can help protect everybody who is going to MSN Search to look at these things. There are two different value propositions, and they appeal to many people.\u201d<\/p>\n<p>Some search engines have been trumpeting something called \u201csafe search,\u201d which amounts to a blacklist of known malicious sites.<\/p>\n<p>\u201cBrowserShield can enable a much more powerful way of doing this safe search,\u201d Wang states. \u201cBasically, even for a malicious site that is not already blacklisted, BrowserShield can help prevent it from doing known bad things, such as exploiting a vulnerability of a browser.\u201d<\/p>\n<p>The technology, similarly, can deliver security-enhanced browsing.<\/p>\n<p>\u201cSay there\u2019s a zero-day browser exploit,\u201d Wang says. \u201cAt a particular time, a patch might not be available. But in the meantime, we can allow users to browse through a BrowserShield-enabled toolbar. Users would then be able to type URLs into the toolbar rather than in the usual address bar. This allows all Web sites to be sanitized by the BrowserShield toolbar and enables a safe browsing experience.<\/p>\n<p>Such potential has gained the attention of a number of Microsoft product groups, including ISA, <a href=\"https:\/\/www.microsoft.com\/en-us\/download\/internet-explorer.aspx\" target=\"_blank\">Internet Explorer<span class=\"sr-only\"> (opens in new tab)<\/span><\/a>\u00ae, Windows Live\u2122 OneCare\u2122, the Security Technology Unit, and a number of <a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" href=\"http:\/\/www.msn.com\/\" target=\"_blank\">MSN<span class=\"sr-only\"> (opens in new tab)<\/span><\/a> teams, including <a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" href=\"http:\/\/login.live.com\/\">Live.com<span class=\"sr-only\"> (opens in new tab)<\/span><\/a>, <a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" href=\"http:\/\/www.bing.com\/\" target=\"_blank\">MSN Search<span class=\"sr-only\"> (opens in new tab)<\/span><\/a>, and its anti-phishing group.<\/p>\n<p>And the policies BrowserShield applies to the Web pages it examines can be updated as new threats emerge.<\/p>\n<p>\u201cIf there\u2019s a new vulnerability that is discovered,\u201d Wang says, \u201cnew policies can be distributed to clients, if it\u2019s a client-based deployment model. If it\u2019s a firewall deployment model, it only needs to be distributed to the firewall. That is the flexibility aspect of our system.\u201d<\/p>\n<p>Work on BrowserShield began in the spring of 2005, by Wang, Dunagan, then-intern <a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" href=\"http:\/\/www.charlesreis.com\/\" target=\"_blank\">Charlie Reis<span class=\"sr-only\"> (opens in new tab)<\/span><\/a>, Dubrovsky, and then-intern Saher Esmeir. It extends previous work called Shield, a predecessor that provided similar protection features to static content such as application-level protocol traffic. During that effort, Wang had a conversation with Dubrovsky, an ISA program manager who wanted to know if Shield could play a role in fixing HTML bugs.<\/p>\n<p>\u201cIn the middle of that discussion,\u201d Wang recalls, \u201cwe basically came to a realization that, if the attackers can dynamically generate attacks, why can\u2019t we dynamically generate defense? We started pursuing that very seriously.\u201d<\/p>\n<p>Dubrovsky and Esmeir contributed to the project, particularly on applying BrowserShield at an ISA firewall. The collaboration was an example of how Microsoft Research, working closely with product groups to address pressing real-world problems, can more easily channel research findings to product groups.<\/p>\n<p>The concept of rewriting code to help provide security is not new. What\u2019s new with BrowserShield is applying such techniques to dynamic Web content. But such an undertaking is not without its challenges.<\/p>\n<p>\u201cThe JavaScript rewriting was very fun,\u201d Dunagan says, \u201cbecause there\u2019s a lot of new territory where people had never solved this problem before, so they\u2019d find it very interesting the way we solved it. Then, in terms of \u2018OK, now let\u2019s build some kind of measurement infrastructure so we can figure out how well our technique works and measure it against a bunch of real Web sites,\u2019 that turns into a really big chunk of work where you are not solving new problems, you\u2019re just solving them in your context. We had a fair amount of both kinds of work.\u201d<\/p>\n<p>New challenges beckon.<\/p>\n<p>\u201cWe are still exploring the applications of BrowserShield,\u201d Wang says. \u201cUltimately, what BrowserShield brings to the table is, given a Web page, BrowserShield can change its behavior. What are the desirable behaviors people like their Web surfing experience to have? We\u2019ve explored a number of pretty interesting possible business applications, like secure search results, secure browsing, secure Web publishing, sanitized ads\u2014those sort of things.<\/p>\n<p>\u201cThere are also some new territories we would like to explore further. For example, how can we author certain policies to enhance the browsing experience, to make the browsing experience secure? Browsers are very complicated; Web services are very complicated. We\u2019re entering this new paradigm of Web 2.0, and we\u2019re exploring how BrowserShield can help here.\u201d<\/p>\n<p>Adds Dunagan: \u201cWe have a number of candidates for additional killer apps, but we felt like security was a good initial killer app.\u201d<\/p>\n<p>BrowserShield is now at the stage where Wang and Dunagan are out talking with product groups\u2014marketing their technology, you might say. Those efforts must be gratifying, because their pride in what they have accomplished is evident.<\/p>\n<p>\u201cShield covers the static content well,\u201d Wang says. \u201cNow we have a really good technology for protecting dynamic content. With Shield, Browser Shield, and advanced anti-virus software, we have good coverage of the most prevalent vulnerabilities out there today.<\/p>\n<p>\u201cAlso, reviving this idea of rewriting JavaScript for the Web is really significant. The community has shown enthusiasm in embracing this topic.\u201d<\/p>\n<p>Dunagan, too, relishes the potential that BrowserShield offers.<\/p>\n<p>\u201cIt\u2019s really exciting to extend the scope of rewriting to this additional domain,\u201d he says. \u201cI feel very optimistic that BrowserShield will find more applications as compelling as the first one.<\/p>\n<p>\u201cI feel like it has a great chance of really changing our customers\u2019 experience and making it much better.\u201d<\/p>\n","protected":false},"excerpt":{"rendered":"<p>By Rob Knies, Managing Editor, Microsoft Research It\u2019s a familiar clich\u00e9: The best offense is a good defense. You hear it all the time in a sporting context. But, as it turns out, that hoary truism applies to Web surfing, as well. Consider BrowserShield, a research project being conducted by Helen Wang and John Dunagan [&hellip;]<\/p>\n","protected":false},"author":39507,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"msr-url-field":"","msr-podcast-episode":"","msrModifiedDate":"","msrModifiedDateEnabled":false,"ep_exclude_from_search":false,"_classifai_error":"","footnotes":""},"categories":[194489],"tags":[215732,215723,215729,186529,215735,215726],"research-area":[13558],"msr-region":[],"msr-event-type":[],"msr-locale":[268875],"msr-post-option":[],"msr-impact-theme":[],"msr-promo-type":[],"msr-podcast-series":[],"class_list":["post-308297","post","type-post","status-publish","format-standard","hentry","category-security","tag-browser-vulnerabilities","tag-browsershield","tag-html-based-vulnerabilities","tag-javascript","tag-netizens","tag-web-surfing","msr-research-area-security-privacy-cryptography","msr-locale-en_us"],"msr_event_details":{"start":"","end":"","location":""},"podcast_url":"","podcast_episode":"","msr_research_lab":[199561,199565],"msr_impact_theme":[],"related-publications":[],"related-downloads":[],"related-videos":[],"related-academic-programs":[],"related-groups":[],"related-projects":[],"related-events":[],"related-researchers":[],"msr_type":"Post","byline":"","formattedDate":"August 25, 2006","formattedExcerpt":"By Rob Knies, Managing Editor, Microsoft Research It\u2019s a familiar clich\u00e9: The best offense is a good defense. You hear it all the time in a sporting context. But, as it turns out, that hoary truism applies to Web surfing, as well. Consider BrowserShield, a&hellip;","locale":{"slug":"en_us","name":"English","native":"","english":"English"},"_links":{"self":[{"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/posts\/308297"}],"collection":[{"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/users\/39507"}],"replies":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/comments?post=308297"}],"version-history":[{"count":3,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/posts\/308297\/revisions"}],"predecessor-version":[{"id":308741,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/posts\/308297\/revisions\/308741"}],"wp:attachment":[{"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/media?parent=308297"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/categories?post=308297"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/tags?post=308297"},{"taxonomy":"msr-research-area","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/research-area?post=308297"},{"taxonomy":"msr-region","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-region?post=308297"},{"taxonomy":"msr-event-type","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-event-type?post=308297"},{"taxonomy":"msr-locale","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-locale?post=308297"},{"taxonomy":"msr-post-option","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-post-option?post=308297"},{"taxonomy":"msr-impact-theme","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-impact-theme?post=308297"},{"taxonomy":"msr-promo-type","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-promo-type?post=308297"},{"taxonomy":"msr-podcast-series","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-podcast-series?post=308297"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}