Improving Web Privacy And Security with a Cost-Benefit Analysis of the Web API

Over the last two decades, the web has grown from a system for delivering static documents, to the world’s most popular application platform. As the web has become more popular and successful, browser vendors have added increasingly more functionality into the web platform. While some of this functionality has proven very useful and allowed site authors to create applications that users enjoy, a large subset of functionality in the browser goes largely unused. Another sizable subset of functionality has been leveraged by malicious parties to harm browser users. This dissertation presents an effort to improve web privacy and security by applying a cost- benefit analysis to the Web Application Programming Interface (API), as it is implemented in popular web browsers. The goal of the work is to apply the principal of “least privilege” to the web, and restrict websites to functionality they need to carry out user-serving ends. The work pursues that end through a novel method of measuring the costs and benefits associated with each standard in the Web API, identifying different high-benefit and low-risk subsets of the Web API, and evaluating a variety of approaches for restricting websites to these safer subsets. This dissertation covers four distinct research efforts, each of which contribute to the over- all goal of improving privacy and security on the web. First, this dissertation describes an automated technique for measuring Web API use on the web by instrumenting the DOM in a commodity web browser, automating the browser to interact with websites in a manner that elicits most of the same feature use as human users encounter, and recording what functionality is triggered during this execution. This section also presents the results of applying this auto- mated recording methodology to the entire Alexa 10k, both in default browser configurations, and with popular blocking extensions installed. This dissertation covers four distinct research efforts, each of which contribute to the over- all goal of improving privacy and security on the web. First, this dissertation describes an automated technique for measuring Web API use on the web by instrumenting the DOM in a commodity web browser, automating the browser to interact with websites in a manner that elicits most of the same feature use as human users encounter, and recording what functionality is triggered during this execution. This section also presents the results of applying this auto- mated recording methodology to the entire Alexa 10k, both in default browser configurations, and with popular blocking extensions installed. Finally, this work describes an alternate system for designing web applications that provides client-enforced privacy and security guarantees. The design of this system builds on the previously discussed per-standard cost-benefit methodology to determine which Web API features sites generally need. Each of these works support the overarching finding that privacy and security on the web can be improved with only a small cost to the user experience. In contrast to the current practice of giving every site access to every feature in the browser (with only minor exceptions), this work presents a data driven approach to restricting websites to a subset of safer, user-serving functionality. This dissertation further shows that the privacy and security benefits of enforcing this “least privilege” approach to the Web API would be meaningful, and real world deployment of these techniques shows that at least some web users find the approach useful in protecting their privacy and security.