Microsoft's Ripley: A New Approach to Web App Integrity Security

I'd sure like to see something like this for Linux. Could be very useful for secure helpdesk troubleshooting. Are you already doing something like this with a secured VNC? Nowadays, it's easy for developers to build fully fledged applications that run inside the browser. Keeping these applications safe from hackers is another matter. With this in mind, scientists at Microsoft Research have unveiled a new way to secure complex Web applications by effectively cloning the user's browser and running it remotely.

Many of the latest Web applications split their executable code between the server and the client. The problem is detecting whether the code running on the user's home PC has been compromised in some way. The new Microsoft solution, known as Ripley, was announced on Tuesday at the Association for Computing Machinery's Computer and Communications Security Conference in Chicago.

Ripley goes further than previous efforts to secure the integrity of Web applications. "It takes integrity protection to its logical extreme," says Adam Barth, a researcher at the University of California, Berkeley who specializes in the security of Web applications. He was not involved with the project. "Instead of just verifying that a request came from the proper website, Ripley verifies that the user's actions are actually allowed by the application's user interface."

The link for this article located at Technology Review is no longer available.