Teacher Insights: Access to SWAYAM and other digital initiatives goes up  |  Policy Indications: Major relief measures for power sector  |  Education Information: Kerala Government postpones KEAM Entrance Exam 2020  |  Policy Indications: COVID-19: UNICEF continues to ship vital supplies to affected countries   |  International Edu News: WHO Director-General calls on G20 to Fight, Unite, and Ignite against COVID-19  |  Education Information: WHO WhatsApp health alert launches in Arabic, French and Spanish  |  National Edu News: SJVN provides Rs 1 Cr for buying ventilators  |  Science Innovations: DST launches nationwide exercise to map & boost Covid19 solutions   |  National Edu News: Officers and staff of MNRE working from Home through e-office platform  |  National Edu News: Doordarshan to bring back famed Ramayan on Doordarshan National  |  Best Practices: Post Offices provide basic postal and financial services during COVID-19 lockdown  |  Leadership Instincts: Covid-19: Minister directs Kendriya Vidyalaya Sangathan to provide buildings   |  Education Information: National Testing Agency Postpones NEET UG May-2020  |  Leadership Instincts: Fight Corona IDEAthon   |  International Edu News: UK PM Boris Johnson tests positive for coronavirus  |  
February 26, 2020 Wednesday 03:28:07 PM IST

Researchers develop framework that improves Firefox security

Technology Inceptions

Researchers from the University of California San Diego, University of Texas at Austin, Stanford University and Mozilla have developed a new framework to improve web browser security. The framework, called RLBox, has been integrated into Firefox to complement Firefox's other security-hardening efforts.

RLBox increases browser security by separating third-party libraries that are vulnerable to attacks from the rest of the browser to contain potential damage--a practice called sandboxing. The study will be published in the proceedings of the USENIX Security Symposium.

Browsers, like Firefox, rely on third-party libraries to support media decoding (e.g., rendering images or playing audio files) among many other functionalities. These libraries are often written in low-level programming languages, like C, and highly optimized for performance.

RLBox allows browsers to continue to use off-the-shelf, highly tuned libraries without worrying about the security impact of these libraries. A key piece of RLBox is the underlying sandboxing mechanism, which keeps a buggy library from interfering with the rest of the browser. The study investigates various sandboxing techniques with different trade-offs. But the team ultimately partnered with the engineering team at San Francisco-based Fastly to adopt a sandboxing technique based on WebAssembly, a new intermediate language designed with sandboxing in mind. The team believes that WebAssembly will be a key part of future secure browsers and secure systems more broadly. The WebAssembly sandboxing effort is detailed in a recent Mozilla Hacks blog post. RLBox has been integrated into Mozilla's Firefox and will be shipping to Linux users in Firefox 74 and Mac users in Firefox 75, with plans to implement in other platforms.


In the study, the team isolated half a dozen libraries using RLBox. To start, Firefox will ship with their sandboxed Graphite font shaping library. Mozilla plans to apply the sandboxing more broadly in the future, ultimately making millions of users' browsers more secure.



(Content Courtesy: https://www.eurekalert.org/pub_releases/2020-02/uoc--rdf022420.php)


Comments