User:Rjain9

From Expertiza_Wiki
Revision as of 02:16, 10 November 2016 by Rjain9 (talk | contribs)
Jump to navigation Jump to search

M1654: Improve network security features for Servo (cookies and strict referrer policies)

Introduction

Servo

Servo is a modern high-performance browser engine designed for both application and embedded use which is written in Rust. It is created by Mozilla Research and is being built by a global community of individual contributors and companies such as Mozilla and Samsung.

HTTP Cookie

An HTTP Cookie is a small part of data which is sent by the website to the user's computer and is stored by the user's web browser while the user is browsing. A cookie is mainly used for recording a user's browsing activity or to remember stateful information for the websites.

Rust

Rust is a systems programming language developed and maintained by Mozilla. It is used as a multi-paradigm, compiled programming language for creating highly safe systems. Rust can be used for a variety of jobs including and not restricted to embedding into other languages, creating modular and optimized programs adhering to space-time constraints and can also be used to develop low-level code for writing device drivers.

Project Description

The goal of this project is to implement newer, more secure standards, and complete missing pieces of existing ones, in order to increase the security available to users of the Servo browser. The project entails adding improved network security features for Servo engine by implementing a maximum number of cookies per host, and restricting insecure cookies from overwriting secure ones. The initial steps for this project have been completed as part of the OSS Project.

Tasks

1) Compile Servo and ensure that it runs on tests/html/about-mozilla.html

2) Redesign CookieStorage to store cookies in a HashMap where the key is the base domain of the cookie's source (ie. "www.google.co.uk" becomes "google.co.uk")

3) Store a max_per_host limit in CookieStorage that is checked when adding new cookies; evict the oldest cookie if the limit is reached (add tests to tests/unit/net/cookie.rs)

4) Implement the Leave Secure Cookies Alone specification - ensure that newly created insecure cookies cannot override existing secure cookies (add tests to tests/unit/net/cookie.rs)

Key People

Developers

  • Guru Darshan
  • Raghavendra Nayak
  • Rishi Jain
  • Tsung-Ying Chuang

Mentor

  • Ed Gehringer