Security/Safe Browsing/V4 Implementation

From MozillaWiki
< Security‎ | Safe Browsing
Revision as of 09:57, 27 July 2016 by Ethantseng (talk | contribs) (Move dashboards to an independent page.)
Jump to navigation Jump to search

Introduction

Safe Browsing v4 is designed to reduce network bandwidth and disk storage (mainly for mobile devices). The usage of partial URL hashes (aka prefixes) and complete hashes remains the same but the way we get those prefixes and complete hashes is changed. The update and hash completion API will be based on protobuf and content compression (in additional to HTTP compression) is introduced. For further information, see https://developers.google.com/safe-browsing/v4 (The public specification is not complete. For example, the protobuf is not mentioned.)

Design and Implementation

To have v2 and v4 run in parallel, we must carefully refactor some core components like ListManager and HashCompleter. Instead of having a master preference to switch between v2 and v4, we take the "table name driven" approach. The plan is to add a separate provider called google4, which owns v4 tables: goog-phish-proto, goog-unwanted-proto and goog-malware-proto. The suffix "-proto" indicates that the table should be updated and completed via protobuf. Besides, the new provider google4 has its own updateURL and gethashURL. You can consider google4 yet another provider like mozilla.

When ListManager and HashCompleter (and any other related components like ProtocolParser) sees table names suffixed by "-proto", they would behave differently. For example, in listmanager.js, while making update request for table goog-phish-proto, nsIUrlClassifier.makeUpdateRequestV4 will be called to build a v4 specific request. (See bug 1264885 and bug 1275507 for more information.)

Milestones

All of the V4 bugs can be seen in this dependency tree.
And they are tracked by this dashboard

M0 (2016/7/31)

Deliverables

  1. Send v4 update request on time
  2. Parse v4 update response but not store to disk
  3. Use v4 request backoff settings
  4. v2 will still be up and running

Notes

  1. v4 table download/update will be opt-in.
  2. To test M0 features, modify the following preferences:
    • urlclassifier.malwareTable ==> Add goog-malware-proto and goog-unwanted-proto
    • urlclassifier.phishTable ==> Add goog-phish-proto

Bugs

Dashboard for M0 bugs


M1 (2016/9/30)

Deliverables

  1. Store v4 tables to disk (including fixed and variable length prefixes)
  2. Store table states
  3. Split v4 tables to different directory per provider

Bugs

Dashboard for M1 bugs


M2 (Right before Hawaii Workweek)

Deliverables

  1. Check v4 prefixes (in addition to v4) but ignore the result
  2. v2/v4 prefix matching consistency telemetry (e.g. v2/v4 should both 'have' or 'not have' certain URL hash)
    1. Be careful of the variable length prefixes: it's possible to get a 32-bit prefix match for foo.com in V2 and no match on V4 because that entry uses a 48-bit prefix instead

Bugs

Dashboard for M2 bugs


M3 (Deadline TBD)

Deliverables

  1. Do and use v4 complete hashes (in addition to v2) but ignore the result
  2. v2/v4 URL hash matching consistency telemetry

Bugs

Dashboard for M3 bugs


M4 (Deadline TBD)

Deliverables

  1. Cache
  2. Anything else

Bugs

Dashboard for M4 bugs


M5 (Deadline TBD)

Deliverables

  1. Enable v4 by default!

Bugs

Dashboard for M5 bugs