By: Felysha Walker
Mozilla awarded Dr. Jeff Huang, assistant professor in the Department of Computer Science and Engineering at Texas A&M University, a grant to support his significant research in detecting and eliminating web browser-based attacks. Specifically, Huang is focused on developing automated tools to protect web browsers from memory corruption vulnerabilities.
Memory corruption is currently posing the greatest threat to browser security. By exploiting a memory corruption bug in browsers, attackers may read or even change the user’s private data.
“The security issues inside the browsers are very serious because there are so many malicious websites and billions of users,” Huang said. “Once you open a tab to visit a potentially malicious website, the code in that website can steal data in your browser.”
For example, when you use a browser such as Mozilla Firefox or Google Chrome and log in to your bank’s website, you are using a space in your browser’s memory. If you open a new tab and visit a malicious website, bugs can infiltrate and share this space of memory, giving attackers access to your bank information.
This programming flaw is particularly difficult to remedy, but Huang and his team have already developed and open-sourced automated tools to detect these vulnerabilities.
“The goal is to have a tool that is automatically setup when Firefox and Chrome release a new version,” Huang said. “The tool will automatically scan the browser’s code, inspect its behavior and combat any potential memory corruption vulnerabilities. It’s going to be very helpful and protect billions of people a day.”
Huang’s automated tool has already surpassed existing technology in its ability to find these bugs. With the support of this grant, he plans to learn more about browsers and how to enhance his tools to better detect and debug them.
“Long term, I am interested to see the technical transfer of this technology to other areas, such as computer operating systems,” Huang said.
Of the 115 submitted proposals, Mozilla selected eight for the Mozilla Research Grant. Huang was also awarded the Google Faculty Research Award earlier this year for his work with memory corruption vulnerabilities and is collaborating with Google security on his research.