ATProto Browser

ATProto Browser

Experimental browser for the Atmosphere

Post

WEBCAT: Web-based Code Assurance and Transparency (Giulio Berra) ia.cr/2025/797

May 5, 2025, 2:34 AM

Record data

{
  "uri": "at://did:plc:fwa55bujvdrwlwlwgqmmxmuf/app.bsky.feed.post/3lofdg6joqw2i",
  "cid": "bafyreihahfjdvx5vishy7dzoxxid4shfizojiofru22zssvnp3e3wsas3y",
  "value": {
    "text": "WEBCAT: Web-based Code Assurance and Transparency (Giulio Berra) ia.cr/2025/797",
    "$type": "app.bsky.feed.post",
    "embed": {
      "$type": "app.bsky.embed.images",
      "images": [
        {
          "alt": "Abstract. Ensuring code integrity in browser-based applications remains a longstanding challenge exacerbated by the complexity of modern web environments. We propose Web-based Code Assurance and Transparency, a novel code integrity verification and enforcement mechanism that prevents the execution of unverified code, unlike previous approaches premised on user-visible error indicators or permissive failure modes. WEBCAT remains compatible with modern web features, uses existing cryptographic components without reinventing primitives or requiring expensive infrastructure, and provides verifiable logs of all system components, even under degraded operational conditions. It follows a separation-of-concerns model in which hosting providers require no special trust or cryptographic keys to deploy developer-signed applications, reflecting real-world deployment scenarios in which trusted applications may be served by multiple less-trusted hosts.\n\nWe evaluate our approach by porting Jitsi, GlobaLeaks, Element, CryptPad, Standard Notes, and Bitwarden, demonstrating compatibility across a diverse set of applications. Benchmark results indicate an overhead of up to 2% for non-enrolled domains on cold starts and up to 20% for enrolled ones. Under warm start conditions, the overhead reaches 25% for enrolled domains and 5% for non-enrolled ones—lower than previous methods while addressing a larger threat model and remaining compatible with existing applications.\n",
          "image": {
            "$type": "blob",
            "ref": {
              "$link": "bafkreihige5hc5uweg7l6qpmxmhix6f2nwtme4ocs7w7ezffmtql27dbee"
            },
            "mimeType": "image/png",
            "size": 96769
          },
          "aspectRatio": {
            "width": 1200,
            "height": 800
          }
        },
        {
          "alt": "Image showing part 2 of abstract.",
          "image": {
            "$type": "blob",
            "ref": {
              "$link": "bafkreidiymzn7slqbcgd26ed25w2s4mjewtdggcy7zd7vgg7jfhqjvdhhi"
            },
            "mimeType": "image/png",
            "size": 43479
          },
          "aspectRatio": {
            "width": 1200,
            "height": 800
          }
        }
      ]
    },
    "facets": [
      {
        "index": {
          "byteEnd": 79,
          "byteStart": 65
        },
        "features": [
          {
            "uri": "https://ia.cr/2025/797",
            "$type": "app.bsky.richtext.facet#link"
          }
        ]
      }
    ],
    "createdAt": "2025-05-05T02:34:37.782591Z"
  }
}