This is a project to develop a hardened browser, that fulfills the security requirements for general secure Internet usage.
- No Extensions possible (No BHO´s, No Active-X, No Java, No Plugins, No Extensions)
- Statically compiled
- Stripped
Binary Security: http://www.blackhat.com/presentations/bh-europe-06/bh-eu-06-biondi/bh-eu-06-biondi-up.pdf
- No outside access (DOM externally available)
- Strongly included SSL engine (no modularity between browser core and SSL engine)
- Branding must not conflict with licensing
- Freely available
- Good security enhancing tools included
- Built in Pet names and other useful end user security
- Default URL bar, turn red if there was a non-https URL
Would be nice:
- Good Usability for certificates
- Fine-grained control of which certificates are presented to which sites
- PKCS#11 API available for crypto hardware
- PKCS#11 drivers need to be compiled into the main executable, and stripped. no dlopen() or equivalent should be allowed.
- Multiple variations of http/https
- Status Quo
- HTTP URLs turn the URL bar red
- Disable HTTP
- Self booting ISO for secured ISO?
PKCS#11 Considerations: Both OpenCT and pcsc-lite provide interconnect via UNIX Domain Sockets for card reader access. OpenCT can also provide TCP/IP or Unix Domain Sockets ifdproxy for accessing the card reader. Since the card reader driver varies from vendor to vendor and the access is done via sockets, application memory space is immune to corruption, if proper checks are done 
Device-dependent drivers would be scary to code if we want portability, and hotplugging would be a nightmare. A requirement for a responsible daemon sounds sane enough. OpenSC project's OpenCT is growing fast and seems promising. Works on Windows and many nixes, flawlessly. pcsc-lite is the legacy daemon, with most drivers available, and is an attempt to implement something like the Windows PC/SC infrastructure. Both OpenCT and pcsc-lite can use the drivers from each other if both daemons are running, via bridge drivers.
Project Team
- Philipp Gühring
- Evaldo Gardenali
Please add yourself to the list if you are interested.
Project Plan
- Build up the core-team
- Setup the code repository
- Create the first demo, minimum requirements, only one Platform.
- Create and implement most of the patches
- Build useable builds for all platforms
Project Repository
The project repository is a Subversion repository. You can checkout your copy with svn co http://www2.futureware.at/svn/sourcerer/SecureBrowser To get write permission, please contact Philipp.
Assigned Tasks
Task |
Person |
|
Project Management |
Philipp |
50 Days |
Linux Builds |
|
1 Week |
Windows Builds |
|
1 Week |
Apple Builds |
|
1 Week |
Reviewing all Firefox Extensions regarding usability |
|
1 Week |
Reviewing all (open+closed) Firefox Security issues |
|
1 Week |
Tester Group |
|
30 Days |
Developer Documentation |
|
|
User Documentation |
|
1 Week |
Secure Branding (graphics) |
|
1 Week |
Branding Documentation |
|
1 Week |
Sales Team |
|
|
Localization |
|
1 Week |
Export Control |
|
2 Days |
Patch for statically compileable Firefox |
|
1 Month |
Patch for disabling extensions |
|
1 Day |
Patch for only signed extensions |
|
1 Week |
Patch for disabling dynamic configuration |
|
3 Days |
Patch for disabling about:config |
|
1 Day |
Patch for static compiled root certificate list |
|
1 Day |
Patch for disabling DOM for Javascript |
|
1 Week |
Patch for only signed plugins |
|
2 Week |
Patch for polymorphic encryption of binary |
|
1 Month |
Patch for strongly included SSL engine |
|
1 Week |
Patch for turning URL bar red for non HTTPS parts in the page |
|
1 Day |
Patch for disabling http:' |
|
1 Day |
Patch for disabling file:|| |
1 Day |
|
Patch for disabling data: |
|
1 Day |
Patch for disabling resource: |
|
1 Day |
Patch for removing Google Backdoors |
|
1 Week |
Patch for unremoveable URL bar in all windows |
|
2 Days |
Patch for statically included PKCS#11 drivers |
|
1 Week |
Patch for improved client certificate handling |
|
2 Weeks |
Patch to remove all dlopen() functions |
|
3 Days |
Patch to disable caching of SSL data, or caching in encrypted form |
|
? |
Patch to include the red button (closing all secure connections, dropping credentials, logging out of pkcs#11 devices, always visible when one of these is active) (extension to the clear private data from firefox) |
|
? |
Patch to ensure all password/pin entries are done when keyboard and mouse are grabbed, to avoid X sniffing attacks |
|
? |
Patch to have a certificate-presentation blacklist+whitelist and the option to remember the setting when you first visit a website. Allowing the certificate 6 times for a single website is annoying for sites like google accounts (adsense was reported to do it) |
|
? |
Determine and warn user if X connection is via TCP/IP != 127.0.0.1 ($DISPLAY), because application and keyboard/mouse data travel cleartext |
|
? |
Patch for Linux Kernel: DropMyRights / Capabilities to limit User capabilities |
|
1 Week |
Patch for X Server to secure XTEST and other security relevant X protocol extensions |
|
1 Week |
The marked entries are necessary tasks for the first Demonstration version.