Browsers are rapidly improving as a platform for compelling, interactive applications. Unfortunately, the Web security model is still not fully understood. Despite the impressive performance gains of browser vendors, the Web cannot succeed without a secure foundation.
This talk will cover my recent efforts to observe, analyze, and improve browser security. Existing security policies were designed in an era where Web users only interacted with one principal at a time, but modern browsers often have many tabs open simultaneously, and these tabs often contain third-party content from multiple sources. By articulating threat models that capture these multi-principal interactions, my research has revealed attacks on a variety of browser features, such as frame navigation, cross-document communication, and HTTPS. I’ll discuss how I worked with browser and plug-in vendors to address these attacks and deploy industry-wide solutions.
Collin Jackson is a computer science Ph.D. candidate at Stanford University, specializing in browser and web application security. While at Stanford, Collin worked with Google on the security of the Chrome browser. He has also consulted for Yahoo!, Microsoft, the U.S. Department of Homeland Security, Silicon Valley start-up Cooliris, and the Center for Democracy and Technology. Collin holds a Bachelor of Science degree from Yale University.