Skip to main content

Protecting Browsers from Mixed Content Injection Attacks

Researchers: Collin Jackson

Cross Cutting Thrusts: Software Security | Usable Privacy and Security

Abstract

Scope: This project will develop new tools to prevent web applications and browsers from executing code received over an insecure network. In addition to protecting web applications from active network attacks, the research will protect clients from being compromised remotely via browser extensions.

Outcomes: We plan to release a research paper that includes a measurement survey of vulnerabilities, the results of our collaboration with browser vendors to block particularly virulent forms of mixed content, and recommendations for mixed content prevention.