Browsec focuses on enforcing rigorous security guarantees based on semantic models that capture program and adversary behavior, enabling formal security proofs. This innovative approach contrasts with typical Web security research, which often relies solely on experimental evidence without formal assurances.
We demonstrated our approach with WPSE, a browser extension that secures protocol-based web interactions by enforcing security properties on the sequences of network requests, without requiring deep code analysis. This ensures efficiency while providing formal security guarantees. During development, we identified and responsibly disclosed vulnerabilities in protocols like SAML2 (used by Google Single Sign-On) and OAuth2 implementations, which were later fixed. This work led to a collaboration with SAP, integrating similar techniques into server-side code.
The increasing complexity of browsers due to new Web APIs and security mechanisms makes manual security reviews prone to errors. To address this, we developed WebSpec, the first formal security framework for analyzing browser security mechanisms. It uses a comprehensive semantic model in the Coq proof assistant, formalizes Web security invariants, and converts them into SMT-lib formulas for model checking with the Z3 theorem prover. When violations are found, WebSpec generates executable tests to validate the issues across major browsers. This framework successfully discovered new logical flaws and identified previously known issues in Web Security standards, highlighting the importance of automated monitoring to ensure browser security.
A key issue that was left open in the previous work is how to formalize browser models: this process is long and error-prone and hardly feasible in a manual way since browsers evolve at a rapid pace. For this reason, we introduced a complementary approach based on testing the browser code directly. In particular, we introduced a practical framework for formally and automatically detecting security flaws in browser-side security mechanisms using the Web Platform Tests developed by the browser vendors. By matching browser execution traces against security invariants, the study identified 104 violations across Firefox, Chromium, and Safari, resulting in multiple disclosures to browser vendors.
We explored this new methodological approach encompassing formal methods and large-scale measurements and experiments to analyze core Web components, such as cookies, same-site security boundaries, the content security policy (CSP), mixed-content policy, trusted types, and service workers, to name a few. These works resulted in the discovery of severe vulnerabilities in widely deployed Web protocols, services, and applications and led to changes in Web standards. Some of the most impactful highlights include:
· Automated discovery of subdomain takeover vulnerabilities in 887 prominent websites and complete assessment of the ramifications of same-site attacks.
· Identification of critical flaws in the cookie standard that led to violating integrity guarantees of cookie prefixes. This vulnerability is part of a larger class of serialization issues that we reported to the IETF Working Group responsible for the cookie standard and browser vendors.
· Detection of session integrity vulnerabilities in 9 major Web development frameworks (e.g. Express, Flask, CodeIgniter) used by hundreds of thousands of websites.
· Security evaluation of the Custom Tab component on Android. We exploited Custom Tabs for fine-grained information leakage, violation of session integrity, and phishing.
All the identified vulnerabilities have been responsibly disclosed, and we have collaborated with the affected parties to identify possible solutions.
Another fundamental contribution is the line of work on blockchain protocols and smart contracts, which we contributed to with novel formal analysis and design techniques. This line of work has been picked up by industry (e.g. some of our protocols have been integrated in Layer-2 protocols for Bitcoin) and will further contribute to bridging blockchains and web applications, the so-called Web3.