Scientists at Microsoft research have unveiled Ripley, a new way to secure complex Web applications by effectively cloning the user's browser and running it remotely. Ripley prevents a remote hacker or malicious user from changing the behavior of code running inside a Web browser by creating an exact copy of the computational environment and running that copy on the server.
Ripley also relays all of the user's actions, including mouse clicks, keystrokes, and other inputs, from the client to the server as a compressed event stream. The behavior of the clone code is compared to the behavior of the application running on the user's browser. If any discrepancies occur, Ripley disconnects the client.
"You cannot trust anything that happens in the client," says Ripley lead developer Ben Livshits. "It's basically the devil in the browser from the developer's point of view."
University of California, Berkeley researcher Adam Barth says Ripley is part of a larger trend to protect the integrity of client-side programs. "The work suggests that security would benefit if we validated more than we're validating today," Barth says.
Ripley was announced at ACM's Computer and Communications Security Conference, which takes place Nov. 9-13 in Chicago.
From Technology Review
View Full Article
Abstracts Copyright © 2009 Information Inc., Bethesda, Maryland, USA
No entries found