Foundations and Tools for Client-Side Web Security

Web applications play a fundamental role in our everyday life: think
of e-commerce, e-banking, social networks, and so on. As such, their
security is of paramount importance and the average user would expect
that modern web applications are bulletproof. Unfortunately, this is far from reality.

The reason is that the Web has been originally designed to share
documens within a restricted scientific community, where everyone
trust each other. Hence browsers and web protocols have been largely
developed without placing security at the core of their design. As a
result, they are extremely fragile and they offer users little
protection against common daily threats, such as the prying eyes of
trackers willing to collect any type of personal information in order
to serve better ads or more in general tailored content, or hackers
willing to steal credit card numbers, passwords, and other sensitive
data.

The goal of Browsec is to design security solutions that provide
rigorous security guarantees and can be smoothly deployed by users in
their daily life. Specifically, the overall objectives include the
design of formal methods to model and rigorously reason about the
security of web applications as well as the design of security
enforcement techniques that can be integrated in modern browsers. On
the technical level, this encompasses semantics models of the browser
and their security mechanisms, ideally formalized in proof assistants,
dynamic security enforcement techniques implemented as browser
extensions or server-side code as well as static analysis techniques
for low-level code and web protocols.

With a look at upcoming technologies, we will also explore security by
design principles for blockchain technologies, which promise to play a
significant role in the future of Web applications and protocols,
providing, e.g. the backbone for the decentralization of identifiers, data structures,
and transactions.

The focus of Browsec is the enforcement of rigorous security
guarantees, which are grounded in semantic models capturing the
behaviour of programs and adversary, and against which formal security proofs are
conducted. This is an innovative approach in Web security, in which
most works focus on experimental evidence, without providing formal
security guarantees.

We demonstrated the potential of our approach in WPSE, a browser
extension that can be installed by users on their browser to secure
the interaction with web protocols. WPSE secures web applications by
looking at their APIs -- which are intuitively the interfaces between
web applications, the browser, and the Internet -- without requiring
any in-depth code analysis. This makes WPSE efficient and, at the same
time, capable to enforce formal security guarantees. In the process of
designing WPSE, we identified several vulnerabilies in popular web
protocols, such as Facebook OAuth and Google Single Sign-On, which
have been responsibly disclosed and fixed. This work has been followed
by a collaboration with SAP, which had led to the integration of
similar enforcement techniques on server-side code.

Another major breakthrough is Horst, a new platform for the design of
static analysis techniques. The idea is to provide developers with a
user-friendly specification language based on Horn clauses which gets
automatically compiled into an optimized SMT-Lib specification, which
is then accessible to off-the-shelf SMT solvers. This takes away the
burden of engineering dedicated static analyzers, allowing developers
to focus on the conceptual parts. We deployed Horst to derive Ethor,
the first static analyzer for EVM bytecode -- the executable format of
Ethereum smart contracts -- that provides formal security guarantees
against a semantic model of Ethereum smart contracts. We intend to
leverage Horst as a verification backend of other low-level languages,
such as WebAssembly, as well as web protocols.

Another fundamental contribution is the line of work on blockchain
protocols. Here we designed a number of novel offchain protocols,
which constitute the most promising approach to tackle the inherent
scalability issues of blockchain technologies: the idea is to rely on
the blockchain only to resolve disputes, letting otherwise honest
users perform arbitrarily many transactions without need to store
anything on the blockchain. Our protocols are compatible with the most
popular blockchain technologies (e.g. cryptocurrencies like Bitcoin,
Ethereum, etc.) and offer interoperability, i.e. the possibility to
perform transactions across different blockchains. Several of our
protocols have already been integrated in industrial blockchain
services.

We will continue our line of work with fundamental contributions of
great theoretical and practical impact.

On the theory side, we will design an accurate model of the browser,
integrating in particular the number of recently emerged security
mechanisms and formalizing their semantic and security properties. We
intend to formalize our model in a proof assistant compiling the
resulting specification in SMT-Lib format, in order to support both
manual and automated security proofs. We will also provide formal
methods to rigorously reason about the security of JavaScript
applications, focusing in particular on fine-grained access control at
the web API level, and web protocols.

On the practical side, we will design isolation mechanisms for
JavaScript, static analyzers for Web Assembly and other low-level
languages, and dynamic security enforcement techniques for web applications,
covering readily deployable solutions like browser extensions as well
as alternative approaches, like code generated on the server-side as
well as plugins to be integrated in the browser architecture.

Finally, we will further explore how blockchain protocols can be
integrated into web protocols in order to provide stronger security
guarantees.