Show simple item record

dc.contributor.advisorTekinerdoğan, Bediren_US
dc.contributor.authorBattal, Mustafaen_US
dc.date.accessioned2016-01-08T20:02:47Z
dc.date.available2016-01-08T20:02:47Z
dc.date.issued2014
dc.identifier.urihttp://hdl.handle.net/11693/16901
dc.descriptionAnkara : The Department of Computer Engineering and the Graduate School of Engineering and Science of Bilkent University, 2014.en_US
dc.descriptionThesis (Master's) -- Bilkent University, 2014.en_US
dc.descriptionIncludes bibliographical references leaves 41-44.en_US
dc.description.abstractA poorly designed web browser extension with a security vulnerability may expose the whole system to an attacker. Therefore, attacks directed at “benign-butbuggy” extensions, as well as extensions that have been written with malicious intents pose significant security threats to a system running such components. Recent studies have indeed shown that many Firefox extensions are over-privileged, making them attractive attack targets. Unfortunately, users currently do not have many options when it comes to protecting themselves from extensions that may potentially be malicious. Once installed and executed, the extension needs to be trusted. This thesis introduces Sentinel, a policy enforcer for the Firefox browser that gives fine-grained control to the user over the actions of existing JavaScript Firefox extensions. The user is able to define policies (or use predefined ones) and block common attacks such as data exfiltration, remote code execution, saved password theft, and preference modification. Our evaluation of Sentinel shows that our prototype implementation can effectively prevent concrete, real-world Firefox extension attacks without a detrimental impact on users’ browsing experience.en_US
dc.description.statementofresponsibilityBattal, Mustafaen_US
dc.format.extentix, 52 leaves, graphicsen_US
dc.language.isoEnglishen_US
dc.rightsinfo:eu-repo/semantics/openAccessen_US
dc.subjectWeb browser securityen_US
dc.subjectBrowser extensionsen_US
dc.subject.lccQA76.9.A25 B38 2014en_US
dc.subject.lcshComputer security.en_US
dc.subject.lcshWorld Wide Web (Information retrieval system)--Security measures.en_US
dc.titleSentinel : a dynamic security policy checker for firefox extensionsen_US
dc.typeThesisen_US
dc.departmentDepartment of Computer Engineeringen_US
dc.publisherBilkent Universityen_US
dc.description.degreeM.S.en_US
dc.identifier.itemidB149307


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record