Web developers will “turn their backs on privacy in favor of flexibility” because the browser won’t let them “opt for both.” But computer scientists from University College London, Stanford Engineering, Google, Chalmers, and Mozilla Research took on this problem, described as “one of the central challenges in computer systems security research,” and came up with a system that changes that. Confinement with Origin Web Labels, dubbed COWL, “achieves both privacy for the user and flexibility for the web application developer.”
University College London Professor Brad Karp explained:
COWL allows untrusted code to compute over sensitive data and display results to the user, but prohibits the untrusted code from exfiltrating sensitive data (e.g., by sending it to an untrusted remote origin). It thus allows web developers to opt for both flexibility and privacy.
The password checker would still work, but be confined “without privileges or the ability to talk to the network.” That communication would happen in a separate Document Object Model (DOM) worker that “holds both privileges and can freely modify the DOM of the main context as well as communicate with the wider web. One may view this DOM worker as firewall between the page proper (with the untrusted library) and the rest of the world.”
A “COWL application consists of multiple labeled contexts” that “specify the security policy for all data within the context, which COWL enforces by restricting the flow of information to and from other contexts and servers.” The researchers then gave an example of how COWL could use labeled browsing contexts to correct the problems presented by a third-party mashup, such as mint.com asking for passwords to Amazon and Chase to check purchases against bank statements.
In order for a new browser feature to be widely accepted, there can’t be a big hit to performance. With COWL, there isn’t; the researchers implemented COWL in Firefox 31.0a1 and Chromium 31.0.1612.0 and said there was “virtually imperceptible increase in page-load latency.” In fact, “testing of COWL prototypes for the Chrome and Firefox web browsers shows the system provides strong security without perceptibly slowing the loading speed of web pages.” They “conducted all measurements on a 4-core i7-2620M machine with 16GB of RAM running GNU/Linux 3.13.”
There are some things COWL can’t fix, such as if a user whitelists a malicious site. COWL also does not protect against covert channel attacks, but it does not introduce new covert channels either.
You can download COWL starting on October 15. For now, you can find more information in the UCL press release and details in the research paper (pdf). The researchers hope COWL is widely accepted by developers for its flexibility so that users can have both security and privacy while surfing.