The field of Web security is in constant evolution, both in research and in practical deployment scenarios. At the end of this dissertation, we look into future research challenges within this field, as well as into currently observed trends in the state of practice.
THEORETICAL UNDERPINNINGS OF WEB SECURITY
Due to the complex nature and enormous size of the constantly evolving Web, security research is often of a very practical nature, for example, to understand the different ecosystems within the Web, or to develop and evaluate new mitigation techniques, as illustrated by the previous chapters of this dissertation. However, the prevalence of this practical line of research does not preempt the importance of more theoretical approaches to Web security, which employ formal modeling techniques or rigorous analysis methodologies to propose new, secure-by-design technologies or evaluate the security of currently proposed or deployed systems. Within this doctorate, we have gained experience with both approaches.
From the vast amount of specification text (more than 1,000 A4 pages), we distilled the functional capabilities offered by the specification, how the user is involved in the security model, and what implicit or explicit security and privacy assumptions are made by the specification. Based on this information, we have performed a rigorous threat assessment, focused on the threat models of a Web attacker and a gadget attacker. We have uncovered 51 security issues in total, of which we categorized 6 as severe, which included for example the possibility to tamper with a form using an HTML injection attack, or a violation of the semantic model of the Web by the CORS specification. The others could mainly be attributed to inconsistencies between the specifications, as well as to a lack of precision when specifying security requirements or features. Additionally, the study showed an increasing reliance on origin-based permission models, which not only puts the security responsibility on the user but also clashes with the lack of isolation between integrated scripts inside a page. Based on our experience with both tracks within the theoretical approaches towards Web security, we can make two important observations.
In a second observation, we would like to stress the research value in performing security analysis on existing systems. The results of such a security analysis can be used to improve the security of these systems or to guide the development of alternative systems. One example is our security analysis of next-generation Web specifications, where amendments to the specifications have been made, based on the threats and issues that have been uncovered. Another example is Google Chrome’s add-on system, which was developed based on the results from an analysis of Mozilla Firefox’s add-on system. A second security analysis of the first add-on architecture of Google Chrome has led to additional security improvements, such as the mandatory enforcement of Content Security Policies on new add-ons.