Le titre de ce billet devrait se suffire. Pour consulter la liste des améliorations récentes ou télécharger cette nouvelle version, rendez-vous sur getfirefox.com.

As I mentioned a few months ago, two master students of mine have been working for the best part of one year on improving the security of extensions in Firefox and Thunderbird. To sum up the current situation in Firefox, extensions have no protection mechanism from each other, nor is the core of Firefox protected in any way from extensions. The objective of this work was to design and implement a mechanism allowing system administrators to define fine-grained policies for accepting or rejecting interactions between extensions or between extensions and the core of Firefox.

Lisez la suite de cette entrée »

As mentioned a few times, I have (had) two students working on a Thunderbird extension to support confidentiality and help avoid involuntary leaks of critical information by e-mail. Yesterday, these students officially turned this project in, which gave me and my colleagues the opportunity of reviewing the code and documentation.

So, what works ?

• The Thunderbird extension can detect that you’re trying to send e-mail to someone with a lower level of accreditation — although, for the moment, it gets confused easily. For this purpose, it may use either SELinux or a text database of recipients.
• The Thunderbird extension can warn you that you need to sanitize and decrease confidentiality of the information and can mark the outgoing e-mail as sanitized for a given level — the UI needs a bit polish, but that works.
• The Sendmail extension can detect that you’re trying to send e-mail to someone with a lower level of accreditation — although, for the moment, it gets confused just as easily and is subject to a number of security holes.
• The Sendmail extension can reject unsanitized e-mail going to unaccredited targets — logging needs a bit of polish, but that works.
• That’s it.

All in all, that’s about 150 lines of code in JavaScript, XUL, C and C++. Not quite ready for prime-time but a good 0.1 release. I expect either the students or I will upload it somewhere for public release in the near future.

A few months ago, I introduced “MLS for Thunderbird“, an on-going effort to add support for confidentiality in Thunderbird. After long months of silence, it seems that this student project, undertaken by Vincent Tarbouriech and Roland Thaisong, two Master Students in ENSI Bourges, is finally getting somewhere.

This extension interfaces with the underlying operating system (SELinux for now) to determine your security level and, if possible, that of your correspondants. If you attempt to send an e-mail to some recipient whose security level is inferior to yours, Thunderbird will warn you that a declassification is going to happen. Lisez la suite de cette entrée »

A few months ago, I started JStify, a project for static analysis of programs written in JavaScript 2.

While this work has seen some progress, to my regret, I have received instructions to de-prioritize that project. According to my estimates, this will entail a delay of at least one year on JStify.

The good news is that the project which has been prioritized, Extrapol, shares a number of traits with JStify. I will try and post a more complete presentation of Extrapol later this week. Without entering all the details for now, let’s just say that Extrapol is also a static analyzer written in OCaml, although this one targets C. It is my hope that most of the experience gathered with Extrapol will prove useful when JStify resumes.

OpenBerg Lector, c’est mon dada. Un logiciel de lecture de livres électroniques qui vient se greffer sur Firefox. Et bien, mon dada, aujourd’hui, vient d’avoir droit à un test sur TeleRead, l’un des blogs les plus importants sur le livre électronique. Le bilan ?

Lector has now set the bar that other e-readers will have to to meet.

Il faut avouer que ça fait plaisir.

Work on JStify proceeds a bit slower than expected, due to difficulties with the specificationss & Reference Implementation of ECMAScript 4.
Lisez la suite de cette entrée »

Tadam ! OpenBerg Lector, logiciel libre de lecture de livres électroniques est maintenant une extension Firefox reconnue et téléchargeable sur le site officiel des extensions Firefox. Bon, il va falloir trouver le temps de travailler sur la prochaine version.

This entry is a brief presentation of an on-going work in progress by my second group of students in ENSI de Bourges, Benjamin Meslin and Jeremy Colombet.

The problem

As I detailed in a previous entry, Firefox Extensions — just like their counterparts in Internet Explorer, Safari or Air — are essentially unsafe: once an extension is installed, nothing prevents it from reading, writing or removing files on the user’s hard drive or running arbitrary programs or downloading further instructions from a malicious web site. More subtle problems may also arise, as a malicious extension may read or alter the data of Firefox or of another extension during its execution, so as to, say, steal passwords or reroute transparently from a legitimate website to an identical but forged website.

Now, most recent operating systems have a form of Mandatory Access Control layer (sometimes marketed as “sandboxes”), designed to permit refined security checks of what a program should be able to do when used by a given person and in a given role. Unfortunately, in the current state of things, these layers are completely unadapted to universal clients such as web browsers (or virtual machines, by the way), which act as smaller operating systems themselves, without a clear separation of roles or uses.

That doesn’t mean that MAC can’t be made to work for Firefox, of course. Just that it needs work.

Lisez la suite de cette entrée »