The National Science Foundation (NSF) has announced four new flagship funding awards through the Secure and Trustworthy Cyberspace (SaTC) program, including for a project focused on securing web browser operations led by Hovav Shacham, professor of computer science at the University of Texas at Austin.
A key element of web browsers is called a Just-In-Time compiler (JIT), which is designed to speed up webpage loading and functionality. But JavaScript JITs can and have been exploited by attackers to target vulnerable users. The goal of Shacham's research project is to build and deploy more secure JavaScript JITs.
"Everyday users are being targeted by malware that takes advantage of bugs in browser JavaScript compilers," Shacham said. "Through this project, we will bring together experts in security, programming languages, compilers and formal verification to build JavaScript compilers that can eliminate such attacks by design."
Bugs in JavaScript JITs have emerged as the single largest threat to web platform security and the most dangerous attack surface of web-connected devices. To tackle this challenge, investigators from UT Austin and the University of California San Diego will develop new techniques, frameworks, and principles that (1) help browser developers build JIT compilers that are provably secure and (2) don't incur the high costs and development timelines traditionally associated with high-assurance software. If successful, this project will improve security for the hundreds of millions of people who surf the web every day.
These four flagship awards from the NSF are complemented by over 100 other SaTC awards made over the past year, for a total investment of nearly $80 million to tackle cybersecurity issues long term. As a whole, these awards reflect SaTC's vision that cybersecurity is a socio-technical problem that requires cross-disciplinary solutions to the challenges facing American society and the US economy. These projects bring together computer scientists and social scientists to address critical problems including inaccurate online information, vulnerabilities in widely used web browsers, and balancing the benefits and risks of encrypted communications – all necessary to protect the online experience central to modern American life, especially during the pandemic.
"To achieve a reliable cyberspace that enhances our Nation's economic, security, and socio-technical leadership, requires investments in foundational research that seeks innovative ideas to address cybersecurity and privacy, and result in reliable and resilient computing systems and online services that enhance our digital experiences," said NSF Program Director Jeremy Epstein.
Cross-posted from College of Natural Sciences