Enhancing web browser security against malware extensions

Louw, Mike Ter; Lim, Jin Soon; Venkatakrishnan, V.

doi:10.1007/s11416-007-0078-5

Cited by 65 publications

(20 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…5. Ter Louw et al [23,24] present a code integrity checking mechanism for extension installation and a policy enforcement framework built into XPConnect and SpiderMonkey. In comparison, our approach is lighter, and we do not modify the core components or architecture of Firefox.…”

Section: Related Workmentioning

confidence: 99%

Securing Legacy Firefox Extensions with SENTINEL

Onarlıoğlu

Battal

Robertson

et al. 2013

Detection of Intrusions and Malware, and Vulnerability Assessment

View full text Add to dashboard Cite

Abstract.A poorly designed web browser extension with a security vulnerability may expose the whole system to an attacker. Therefore, attacks directed at "benign-but-buggy" extensions, as well as extensions that have been written with malicious intents pose significant security threats to a system running such components. Recent studies have indeed shown that many Firefox extensions are over-privileged, making them attractive attack targets. Unfortunately, users currently do not have many options when it comes to protecting themselves from extensions that may potentially be malicious. Once installed and executed, the extension needs to be trusted. This paper introduces Sentinel, a policy enforcer for the Firefox browser that gives fine-grained control to the user over the actions of existing JavaScript Firefox extensions. The user is able to define policies (or use predefined ones) and block common attacks such as data exfiltration, remote code execution, saved password theft, and preference modification. Our evaluation of Sentinel shows that our prototype implementation can effectively prevent concrete, realworld Firefox extension attacks without a detrimental impact on users' browsing experience.

show abstract

Section: Related Workmentioning

confidence: 99%

Securing Legacy Firefox Extensions with SENTINEL

Onarlıoğlu

Battal

Robertson

et al. 2013

Detection of Intrusions and Malware, and Vulnerability Assessment

View full text Add to dashboard Cite

show abstract

“…We evaluated Sabre with four JSEs that had known instances of malicious flows. These included two JSEs that contained exploitable vulnerabilities (Greasemonkey v0.3.3 and Firebug v1.01) and two publicly-available malicious JSEs (FFSniFF [13] and BrowserSpy [41]). …”

Section: Effectivenessmentioning

confidence: 99%

“…Ter-Louw et al [41] were the first to address the security of JSEs. However, as discussed in Section 1, their work was based on monitoring XPCOM calls; being coarse-grained, their approach can have both false positives and negatives.…”

Section: Related Workmentioning

confidence: 99%

“…Examples of such JSEs exist in the wild. They are extremely easy to create and can avoid detection using stealth techniques [11,13,14,15,18,41]. Indeed, we wrote several such JSEs during the course of this project.…”

Section: Introductionmentioning

confidence: 99%

“…Ter-Louw et al [41] developed a runtime agent to detect malicious JSEs by monitoring XP-COM calls and ensuring that these calls conform to a userdefined security policy. Such a security policy may, for instance, prevent a JSE from accessing the network after it has accessed browsing history.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Analyzing Information Flow in JavaScript-Based Browser Extensions

Dhawan

Ganapathy

2009

2009 Annual Computer Security Applications Conference

104

View full text Add to dashboard Cite

JavaScript-based browser extensions (JSEs) enhance the core functionality of web browsers by improving their look and feel, and are widely available for commodity browsers. To enable a rich set of functionalities, browsers typically execute JSEs with elevated privileges. For example, unlike JavaScript code in a web application, code in a JSE is not constrained by the same-origin policy. Malicious JSEs can misuse these privileges to compromise confidentiality and integrity, e.g., by stealing sensitive information, such as cookies and saved passwords, or executing arbitrary code on the host system. Even if a JSE is not overtly malicious, vulnerabilities in the JSE and the browser may allow a remote attacker to compromise browser security.We present Sabre (Security Architecture for Browser Extensions), a system that uses in-browser information-flow tracking to analyze JSEs. Sabre associates a label with each in-memory JavaScript object in the browser, which determines whether the object contains sensitive information. Sabre propagates labels as objects are modified by the JSE and passed between browser subsystems. Sabre raises an alert if an object containing sensitive information is accessed in an unsafe way, e.g., if a JSE attempts to send the object over the network or write it to a file. We implemented Sabre by modifying the Firefox browser and evaluated it using both malicious JSEs as well as benign ones that contained exploitable vulnerabilities. Our experiments show that Sabre can precisely identify potential information flow violations by JSEs.

show abstract

Desktop Browser Extension Security and Privacy Issues

Ursell

Hayajneh

2019

Lecture Notes in Networks and Systems

View full text Add to dashboard Cite

Enhancing web browser security against malware extensions

Cited by 65 publications

References 10 publications

Securing Legacy Firefox Extensions with SENTINEL

Securing Legacy Firefox Extensions with SENTINEL

Analyzing Information Flow in JavaScript-Based Browser Extensions

Desktop Browser Extension Security and Privacy Issues

Contact Info

Product

Resources

About