University researchers from Texas and California are using the WebAssembly programming language to make the Firefox web browser more secure.
Researchers from UT-Austin, the University of California San Diego, Stanford University and engineers from Mozilla, the company that developed the Firefox browser, are developing the WebAssembly application, according to UT News.
“We really want to keep the people who use the browser secure, which means keep the number of bugs that attackers can exploit in browsers to take over my machine low,” UT computer science professor Hovav Shacham said.
The programming language is being used to shift portions of the browser’s code into “secure sandboxes” that prevent attackers from exploiting bugs in a program’s code, Shacham said.
“Secure sandboxes” isolate code that is used by the browser to perform specific functions away from private user data such as email passwords, said Shravan Narayan, computer science engineering graduate student at UC-San Diego.
Programs such as JavaScript are written in code that include libraries, collections of prewritten code, that perform specific tasks such as font rendering and video decoding, Shacham said. Programming languages in these libraries often include bugs because it is difficult to write perfect code, he said.
“We sometimes take for granted the things that modern software can do,” Shacham said. “Displaying text in any language and script in the world or playing high-resolution videos are really miraculous.”
If attackers learn about bugs in these libraries, Shacham said they can trigger the bugs and cause the program to perform unintended operations, such as stealing passwords or taking over the browser.
“Even in the worst-case situation by a browser crashes, that code would never have gotten your password,” Narayan said.
Shacham said the researchers are using WebAssembly because the program was built to run web content faster than browsers written in other programming languages. He said WebAssembly modules were built with mechanisms that restrict the operations of the programs running inside of them.
Deian Stefan, UC-San Diego computer science assistant professor, said the collaboration between researchers and Mozilla engineers has been successful.
“They’ve been super helpful in terms of both guiding us but also putting manpower to help us integrate this thing,” Stefan said.
The Mozilla engineers helped the researchers integrate the application into the Firefox browser and solve problems over the course of the project, Stefan said.