Verified Security for Browser Extensions

Guha, Arjun; Fredrikson, Matthew; Livshits, Benjamin; Swamy, Nikhil

doi:10.1109/sp.2011.36

Cited by 86 publications

(66 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…IBEX proposed writing extensions in a high-level language (FINE) that can later by analyzed to ensure conformance with specific policies [21]. In contrast, our work does not require significant changes to web applications.…”

Section: Related Workmentioning

confidence: 99%

Data-Confined HTML5 Applications

Akhawe

et al. 2013

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Rich client-side applications written in HTML5 proliferate diverse platforms such as mobile devices, commodity PCs, and the web platform. These client-side HTML5 applications are increasingly accessing sensitive data, including users' personal and social data, sensor data, and capability-bearing tokens. To fulfill their security and privacy guarantees, these applications need to maintain certain data-confinement invariants. These invariants are not explicitly stated in today's HTML5 applications and are enforced using ad-hoc mechanisms. The complexity of web applications, coupled with hard-to-analyze client-side languages, leads to low-assurance data-confinement mechanisms in which the whole application needs to be in the TCB to ensure data-confinement invariants.We propose a new mechanism called a data-confined sandbox or DCS. A DCS enables complete mediation of communication channels in a high-assurance, small-TCB manner. Our primitive extends currently standardized primitives and has negligible performance overhead and a modest compatibility cost to retrofit into existing applications. We re-implement four real-world HTML5 applications with our proposed design with a small amount of effort, achieving much stronger data-confinement guarantees. We also study over twenty HTML5 applications and find that dataconfinement invariants are implicit in the vast majority of them and crucial to achieving their privacy expectations.

show abstract

Section: Related Workmentioning

confidence: 99%

Data-Confined HTML5 Applications

Akhawe

et al. 2013

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…Similarly, Dhawan and Ganapathy [6] propose SABRE, a framework for dynamically tracking in-browser information flows to detect when a JavaScript extension attempts to compromise browser security. Guha et al [11] propose IBEX, a framework for extension authors to develop extensions with verifiable access control policies, and for curators to detect policy-violating extensions through static analysis. Wang et al [26] dynamically track and examine the behavior of Firefox extensions using an instrumented browser and a test web site.…”

Section: Related Workmentioning

confidence: 99%

Securing Legacy Firefox Extensions with SENTINEL

Onarlıoğlu

Battal

Robertson

et al. 2013

Detection of Intrusions and Malware, and Vulnerability Assessment

View full text Add to dashboard Cite

Abstract.A poorly designed web browser extension with a security vulnerability may expose the whole system to an attacker. Therefore, attacks directed at "benign-but-buggy" extensions, as well as extensions that have been written with malicious intents pose significant security threats to a system running such components. Recent studies have indeed shown that many Firefox extensions are over-privileged, making them attractive attack targets. Unfortunately, users currently do not have many options when it comes to protecting themselves from extensions that may potentially be malicious. Once installed and executed, the extension needs to be trusted. This paper introduces Sentinel, a policy enforcer for the Firefox browser that gives fine-grained control to the user over the actions of existing JavaScript Firefox extensions. The user is able to define policies (or use predefined ones) and block common attacks such as data exfiltration, remote code execution, saved password theft, and preference modification. Our evaluation of Sentinel shows that our prototype implementation can effectively prevent concrete, realworld Firefox extension attacks without a detrimental impact on users' browsing experience.

show abstract

“…IBEX Guha et al [14] develop Fine, a secure-by-construction language for writing extensions. Fine is pure, dependently-typed, and bears no resemblance to idiomatic JS.…”

mentioning

confidence: 99%

Verifying Web Browser Extensions’ Compliance with Private-Browsing Mode

Lerner

Elberty

Poole

et al. 2013

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. Modern web browsers implement a private browsing mode that is intended to leave behind no traces of a user's browsing activity on their computer. This feature is in direct tension with support for extensions, which can silently void this guarantee. We create a static type system to analyze JavaScript extensions for observation of private browsing mode. Using this type system, extension authors and app stores can convince themselves of an extension's safety for private browsing mode. In addition, some extensions intentionally violate the private browsing guarantee; our type system accommodates this with a small annotation overhead, proportional to the degree of violation. These annotations let code auditors narrow their focus to a small fraction of the extension's codebase. We have retrofitted type annotations to Firefox's a p is and to a sample of actively used Firefox extensions. We used the type system to verify several extensions as safe, find actual bugs in several others (most of which have been confirmed by their authors), and find dubious behavior in the rest. Firefox 20, released April 2, 2013, implements a finer-grained private browsing mode; we sketch both the new challenges in this implementation and how our approach can handle them.

show abstract

Verified Security for Browser Extensions

Cited by 86 publications

References 12 publications

Data-Confined HTML5 Applications

Data-Confined HTML5 Applications

Securing Legacy Firefox Extensions with SENTINEL

Verifying Web Browser Extensions’ Compliance with Private-Browsing Mode

Contact Info

Product

Resources

About