TWC: Medium: Towards a Formally Verified Web Browser

TWC：媒介：迈向正式验证的 Web 浏览器

• 批准号: 1228967
• 负责人: Sorin Lerner
• 金额: $ 111万
• 依托单位: University of California-San Diego
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2012
• 资助国家: 美国
• 起止时间: 2012-10-01 至 2017-09-30
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1228967&HistoricalAwards=false
• 关键词: TWC; Medium; Towards; Formally; Verified

The web browser is ubiquitous and indispensable. It runs applicationslike social networking, business productivity, and online banking, andpromises isolation policies that keep these applications secure whenrun side-by-side. Because of its crucial role, we would like thebrowser to be robust and secure against attack; but in fact browsersare fragile. They are complex pieces of software with rich featuresthat allow for flexibility and programmability, and even small bugscan make the browser vulnerable to attack. Indeed, browservulnerabilities have been used to infiltrate the internal networks ofAmerican defense contractors and leading tech firms. Attempts toimprove browser security are often ad-hoc engineering efforts; andeven when formal guarantees are provided, they come in the form ofproofs over a model or idealization of the browser, not the browseritself. A buggy implementation can invalidate intended guarantees andleave users open to attack.The goal of this project is to build a browser inside the Coq proofassistant, along with a proof of its correctness. Unlike previousresearch efforts, the proof covers the actual browser implementationrather than a model or abstraction. This provides extremely strong,precise guarantees about the security properties of the browser. Theproof is made tractable by focusing the verification effort to a smallbrowser kernel, and running legacy code in a sandbox to renderweb pages. In this way, the browser can provide meaningful isolationguarantees even when the legacy code that renders web pages isuntrusted and potentially buggy. This project will provide:* For users of the web, browsers that are more reliable and secure;* For software developers, a new approach for developing high-assurance systems;* For researchers, a framework for formally reasoning about security policies;* For students, security and formal methods education.

Web浏览器无处不在且必不可少。它运行了类似应用程序的社交网络，业务生产力和在线银行业务，并提出了隔离政策，这些政策在并排运行时确保这些应用程序安全。由于其至关重要的角色，我们希望The Browser能够坚固并确保攻击；但实际上，浏览器脆弱。它们是具有丰富功能的复杂软件，可以灵活性和可编程性，即使是小的BugScan也使浏览器容易受到攻击。确实，浏览性已被用来渗透到美国国防承包商和领先的科技公司的内部网络。尝试解脱浏览器安全的尝试通常是临时工程工作；在提供正式保证的情况下，它们以模型或浏览器的理想化而不是浏览器本身的形式出现。 越野车实施可以使预期的保证无效，并启动攻击用户。该项目的目的是在Coq PoolaSsistant内建立浏览器，并证明其正确性。与以前的研究工作不同，该证明涵盖了实际的浏览器实现者，而不是模型或抽象。 这为浏览器的安全性提供了极强，精确的保证。可以通过将验证工作集中到小眉内的内核，并在沙箱中运行旧版代码来使其置于防御能力。通过这种方式，即使在构成网页的旧版代码质量且有可能发生故障的情况下，浏览器也可以提供有意义的隔离保证。该项目将提供：*对于网络的用户，更可靠和安全的浏览器；*对于软件开发人员，一种用于开发高保险系统的新方法；*对于研究人员，一种用于正式推理安全策略的框架；*对于学生，安全和正式方法教育。