Implementing and enhancing the COWL W3C Standard

Abstract

Web applications are often composed by resources such as JavaScript written, and provided, by different parties. This reuse leads to questions concerning security, and whether one can trust that third-party code will not leak users’ sensitive information. As it stands today, these concerns are well-founded. With the web’s current security primitives there is a trade-off between developer flexibility and user privacy. If developers choose to include untrusted code then users’ privacy suffers. On the other hand, if developers abstain from reusing third-party code, user privacy is favored, on the cost of developer flexibility. This trade-off can partly be attributed to the fact that the security primitives are discretionary, where untrusted code either is granted or denied access to data. After code has been granted access to data there is no further attempt to verify that the data is used properly. In 2014, D. Stefan et al. proposed a new security mechanism which they called COWL (Confinement of Origin Web Labels). COWL is a mandatory access control which is able to let untrusted code compute on sensitive information, while confining it. Through this, COWL is able to address some of the shortcomings of the web’s current security mechanisms, and in the end effectively eliminate the trade-off that exists. Since the introduction of COWL, it has gone on to become a W3C standard. This thesis evaluates the COWL W3C specification by deploying it in Mozilla Firefox. While COWL aims to mainly address information leaks caused by bugs, we bring the specification towards addressing malicious code by highlighting two covert channels: one due to the browser layout engine, and another due to browser optimizations. Furthermore, we implement two case studies that shows how COWL can be used, and as part of this, note some practical problems. Through the thesis we managed to make contributions to the COWL W3C specification.