Web browsers are conquering more and more areas of our interactions with IT systems. In fact, they are increasingly taking over the role of operating systems: critical parts of personal or business life are supported by web apps, i.e., executed in the browser.

Moreover, browsers extensions or apps allow users to extend the functionality. Thus, users of web browsers do not only need to trust the browser vendor and the web service provider: browser extensions can access everything happening in the browser and, thus, can modify any data that is shown to users as well as any data that is sent to a web service.

To address this problem, we recently started to develop novel security models for browser extensions that focus on protecting the security and privacy of the users of web browsers.

Important Publications

A. D. Brucker and M. Herzberg, “A formal semantics of the Core DOM in Isabelle/HOL,” in The 2018 web conference companion (WWW), 2018, pp. 741–749. doi: 10.1145/3184558.3185980.
A. D. Brucker and M. Herzberg, “Formalizing (web) standards: An application of test and proof,” in TAP 2018: Tests and proofs, C. Dubois and B. Wolff, Eds. Heidelberg: Springer-Verlag, 2018, pp. 159–166. doi: 10.1007/978-3-319-92994-1_9.