Play it safe: Microsoft researchers have used Ripley to secure several Web applications, including games.
Microsoft software clones the environment running on a user's machine.
Nowadays, it's easy for developers to build fully fledged applications that run inside the browser. Keeping these applications safe from hackers is another matter.
With this in mind, scientists at Microsoft Research have unveiled a new way to secure complex Web applications by effectively cloning the user's browser and running it remotely.
Many of the latest Web applications split their executable code between the server and the client. The problem is detecting whether the code running on the user's home PC has been compromised in some way. The new Microsoft solution, known as Ripley, was announced on Tuesday at the Association for Computing Machinery's Computer and Communications Security Conference in Chicago.
Ripley goes further than previous efforts to secure the integrity of Web applications. "It takes integrity protection to its logical extreme," says Adam Barth, a researcher at the University of California, Berkeley who specializes in the security of Web applications. He was not involved with the project. "Instead of just verifying that a request came from the proper website, Ripley verifies that the user's actions are actually allowed by the application's user interface."
Ripley prevents a malicious user or remote hacker from altering the behavior of code running inside a Web browser by creating an exact copy of the computational environment and running that copy on the server. Ripley then sends all of the user's actions, including mouse clicks, keystrokes, and any other inputs, in a compressed "event stream" from the client to the server. This stream is run through the cloned client application on the server, and the behavior of that virtual doppelganger is compared to that of the application running on the user's browser at home. If there are any discrepancies, Ripley disconnects the client.
"You cannot trust anything that happens in the client," says Ben Livshits, the lead researcher at Microsoft Research on the Ripley project. "It's basically the devil in the browser from the developer's point of view."
Ripley is invisible to the end user and does not affect the normal function of a Web application. "It's only the malicious guys who have to worry about what happens once they submit a result," Livshits says.
One of the challenges that Livshits and his collaborator at Microsoft, Emre Kiciman, faced when building Ripley was how to create a copy of the entire client environment--the Web application and software engine that runs it--that was small enough to be practical for a high-volume Web server handling requests from hundreds or thousands of users at once.
New browser software can protect websites from software vulnerabilities.
Google is developing a new computing platform equal to the Internet era. Should Microsoft be worried?
One-time passwords are vulnerable to new hacking techniques.
Why not clone and run locally?
I really don't understand why browser developers don't setup the software to run cloned in a separate restricted process space. In Unix, for a long time sensitive applications like ftp, dns have been run under a separate userid with chroot to block access to all but a limited allowed portion of the disk. Even if browsers don't run this way, the plug-in's and extensions should.
Windows is a lost cause, but a separate virtual machine could be used to run a browser and/or plugin in a restricted virtual machine. Add-on software running on the real system could selectively enable blocked features like file save, upload, and print. I know friends who use vm software to clone a snapshot of a windows browser, freshly made for each browsing session.
Running remotely on some cloned system seems unnecessarily complex. The same concepts could be used locally to protect an insecure browser and apps from an insecure operating system.
Re: Why not clone and run locally?
I think you might be misunderstanding the idea here. The goal is to essentially protect the server. We are not trying to protect the browser from an insecure operating system, we are trying to ensure we can trust a distributed computation. Please see http://research.microsoft.com/en-us/projects/ripley/ for more info.
I fear I'm showing naivity here, but wouldn't 'Sys Restore' do the same thing? It could be set up to refresh the browser and vulnerable apps just before the anti virus runs.
Re: How About 'System Restore'?
The client in this model is not trusted. So, why would you trust them to run anything? Even if there such a thing as restoring the state, a malicious user can easily hack things as the application is running.
multi-tab browsing and privacy
How would work for multi-tab browsing? Would the server clone the entire browser or just the one tab running the application? If the entire browser is being cloned, how will the user protect the information in the other tabs? If I have more than one tab open will the web server be able to determine what other tabs/sites I have open?
Re: multi-tab browsing and privacy
This will just protect one tab, the one in which the Ripley-protected application is running. Ripley doesn't have the ability to access anything outside this tab.
By protecting the server side, in effect this protects the client side. With continuing computational power and memory advances, this type of heavy crunching on the server side seems only likely to grow as a security solution.
Of course, it would be nice to see non-proprietary approaches to securing the server from the client. In the real world though, we'll probably see several competing approaches on each platform.
Thanks for your feedback. We believe that this sort of approach that utilizes extra computing power to improve security has a bright future!
Manufacturing in the United States is in trouble. That's bad news not just for the country's economy but for the future of innovation.
This document is part of the “How-To Guide for Most Common Measurements” centralized resource portal. This tutorial provides a detailed guide for measurement and device considerations to take temperature measurements using thermocouples. Get an introduction to thermocouples, which are inexpensive sensing devices widely used with PC-based data acquisition systems. Also review some specific thermocouple examples and learn how thermocouples work and ways to integrate them into a data acquisition measurement system.
View full PDF >
Listen to story > 
On Twitter
Become a Fan on Facebook
Subscribe to the Feed
rocketscience
7 Comments
brilliant
Great Job!
Bravo!
Reply