Logic can make our Browsers Safe

Matteo Mattei
Matteo Mattei

The Computer Scientist Matteo Maffei (TU Wien) is awarded an ERC Consolidator Grant for the project "Browsec: Foundations and Tools for Client-Side Web Security" . He is working on a plugin that will make browsers safe - and is logically impossible to fool.

We are hardly aware of the dangers we face when we are browsing the web. Attackers might steal our passwords, infiltrate our computers with malicious software or impersonate us and take over our identity. There have been many attempts to increase security in web applications, but no perfect solution has ever been found. Prof. Matteo Maffei is now proposing a new idea: He is building software which monitors the data exchange between the web browser and the internet, using formal logic to detect dangerous information flows. If such a tool is designed properly, it can be mathematically proven to provide rigorous safety guarantees - so our web browsers will be secured by the laws of logic itself.
For this idea, Prof. Matteo Maffei has now been awarded the prestigious ERC Consolidator Grant. This grant will help him strengthen his research group and develop web security software in the next five years.
Rigorous Tools and Heuristics
"The way we use the Internet is changing rapidly, and it seems that web security tools cannot keep pace any more", says Matteo Maffei. "The number of attacks on web applications is constantly increasing, and this is an issue we should be concerned about."
However, it is very hard to create reliable web security tools. Our browsers have become extremely complicated, using different languages such as html, css or JavaScript, which interact in highly sophisticated ways.
"In principle, we could provide perfect security, if we built a machine that analyses all the code step by step, line by line, before executing it", says Matteo Maffei. "But in practice, this is impossible, because it would take tremendous amounts of time." On the other hand, there are heuristic tools, looking for signs of suspicious behaviour, but they are not perfectly rigorous and will be fooled in several cases.
Checking the Boundaries
Maffei’s new idea is not to analyse the whole code line by line, but instead to monitor the boundaries of the application. It does not matter what the program does internally, it is the communication among the browser components and between the browser and the rest of the world that is crucial. "We monitor all sensitive commands. We check cookies stored on the computer, we monitor the interfaces between the local computer and the web", says Matteo Maffei.
By building a rigorous model of the browser, web servers and the communication in between, it is possible to apply formal analysis techniques, demonstrating with mathematical certainty that the security monitor cannot be fooled. "By applying logical rules, we can make sure that it is impossible for any attacker to do something bad", Matteo Maffei assures.
The goal is to do fundamental research on how such a semantic model of browsers, web applications and servers can be built, and then to take the next steps towards designing a plugin which can be added to standard browsers such as Firefox or Chrome. "It is important that tools will work just by acting on the client side, because we never know whether some server may be compromised", says Maffei.
Venice, Saarland, Vienna
Matteo Maffei earned his PhD at the University of Venice, Italy, in 2006. After that, he moved to Germany and worked as a postdoc at Saarland University. In 2008, he established his own research group there, in 2009 he won an Emmy Noether Fellowship from the DFG. In 2013 Matteo Maffei became Associate Professor at Saarland University. In 2016, being able to choose between several attractive career opportunities, he decided to move to Vienna, taking a professorship for Security and Privacy at TU Wien. "It is a well-renowned university with many top-class colleagues to cooperate with", says Matteo Maffei. "My research interests go very well with the core areas of research in our faculty. Also, it is an advantage that Vienna is a capital city - after all, IT security and privacy are research topics which also have important political implications."