Beeswax: a platform for private web apps
Authors: Jean-Sébastien Légaré (University of British Columbia), Robert Sumi (University of British Columbia), William Aiello (University of British Columbia)
Volume: 2016
Issue: 3
Pages: 24–40
DOI: https://doi.org/10.1515/popets-2016-0014
Abstract: Even if a web-based messaging service offered confidential channels, how would users know whether their keys, or indeed even their plaintext, was not being exfiltrated? What if a variety of applications offered confidentiality? How would a user gain trust in all of them? In this paper we argue that a platform for private web applications is the only practical way for users to gain assurance about the confidentiality claims of a large number of full-featured web-services. We introduce Beeswax, a client-side platform that allows confidential data to be exchanged between users at the behest of an application, through a narrow set of APIs. Beeswax installs in a modern browser to deliver a complete practical solution, from key distribution to isolation of private data from the applications, thereby making an analysis of application code unnecessary. This focuses scrutiny and trust on the platform itself, rather than on all the applications using it.
Copyright in PoPETs articles are held by their authors. This article is published under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 license.
