1. Browser Isolation Lab
Ted Reed, 9312; Paul Sery, 9312; Nick Peterson, 9317
Mark Woodard, Missouri S&T; Gregory Anders, Texas A&M University; Vivek Ramadoss,
University of New Mexico
Problem Statement:
Malware and other malicious software can easily
gain access to a user’s computer simply by that user
visiting a website or downloading a file in his or her
browser. Web browsers expose the user’s computer
to the Internet and can potentially be a gateway for
harmful programs.
Approach:
Our solution is an approach similar to the Chrome
Browser architecture where each browser tab is
rendered in a separate least privileged environment.
We expand this approach to rendering each tab with
varying degrees of isolation in virtual machines on a
remote server. Any harmful software that gains
access to the browser from the Internet will be
isolated within the virtual machine where it is
unable to cause further harm.
Design:
Web pages are organized into three user-specified
categories: a white list, containing trusted pages
that will be rendered locally for privacy and security;
a black list, containing suspected malicious sites or
sites that the user wants to test with introspection
using Cuckoo; and a grey list, containing sites that
are not trusted, but suspected to be malicious, and
will be rendered together in a single virtual machine
(VM). Remote Desktop Protocol (RDP) will be used
to communicate with the VM’s on the server where
the rendering occurs and Secure Shell (SSH) will be
used to communicate with the server to control the
Cuckoo sandbox and read the analysis output.
Impact and Benefits:
Allowing each separate browser tab to be rendered
in an isolated VM will increase overall computer
security and give malware analysts the ability to
acquire and assess malware samples without
exposing their local machine. This will also deliver
an added level of network safety in areas where
many users are connected to the same network,
such as Sandia.
Future Work:
An important aspect to furthering this project is
exploring ways to improve user friendliness and
finding secure methods of saving cookies,
bookmarks, and other user preferences.
Additionally, performance will be improved by
utilizing a more efficient alternative to RDP. A File
Transfer Protocol (FTP) server will be incorporated
to facilitate file sharing between the client and
server after introspection has been completed on
any suspicious downloaded files.
Figure 1: System Architecture