Nowadays, it’s easy for developers to build fully fledged applications that run inside the browser. Keeping these applications safe from hackers is another matter.
With this in mind, scientists at Microsoft Research have unveiled a new way to secure complex Web applications by effectively cloning the user’s browser and running it remotely.
Many of the latest Web applications split their executable code between the server and the client. The problem is detecting whether the code running on the user’s home PC has been compromised in some way. The new Microsoft solution, known as Ripley, was announced on Tuesday at the Association for Computing Machinery’s Computer and Communications Security Conference in Chicago.
Ripley goes further than previous efforts to secure the integrity of Web applications. “It takes integrity protection to its logical extreme,” says Adam Barth, a researcher at the University of California, Berkeley who specializes in the security of Web applications. He was not involved with the project. “Instead of just verifying that a request came from the proper website, Ripley verifies that the user’s actions are actually allowed by the application’s user interface.”
Ripley prevents a malicious user or remote hacker from altering the behavior of code running inside a Web browser by creating an exact copy of the computational environment and running that copy on the server. Ripley then sends all of the user’s actions, including mouse clicks, keystrokes, and any other inputs, in a compressed “event stream” from the client to the server. This stream is run through the cloned client application on the server, and the behavior of that virtual doppelganger is compared to that of the application running on the user’s browser at home. If there are any discrepancies, Ripley disconnects the client.
“You cannot trust anything that happens in the client,” says Ben Livshits, the lead researcher at Microsoft Research on the Ripley project. “It’s basically the devil in the browser from the developer’s point of view.”
Ripley is invisible to the end user and does not affect the normal function of a Web application. “It’s only the malicious guys who have to worry about what happens once they submit a result,” Livshits says.
One of the challenges that Livshits and his collaborator at Microsoft, Emre Kiciman, faced when building Ripley was how to create a copy of the entire client environment–the Web application and software engine that runs it–that was small enough to be practical for a high-volume Web server handling requests from hundreds or thousands of users at once.