• About
  • Policies
  • What is openaccess
  • Library
  • Contact
Advanced search
      View Item 
      •   BUIR Home
      • Scholarly Publications
      • Work in Progress
      • View Item
      •   BUIR Home
      • Scholarly Publications
      • Work in Progress
      • View Item
      JavaScript is disabled for your browser. Some features of this site may not work without it.

      Securing legacy firefox extensions with SENTINEL

      Thumbnail
      View/Open
      Full printable version (219.7Kb)
      Author
      Onarlioglu, K.
      Battal, M.
      Robertson W.
      Kirda, E.
      Date
      2013
      Journal Title
      Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
      ISSN
      3029743
      Volume
      7967 LNCS
      Pages
      122 - 138
      Language
      English
      Type
      Conference Paper
      Metadata
      Show full item record
      Please cite this item using this persistent URL
      http://hdl.handle.net/11693/27988
      Abstract
      A poorly designed web browser extension with a security vulnerability may expose the whole system to an attacker. Therefore, attacks directed at "benign-but-buggy" extensions, as well as extensions that have been written with malicious intents pose significant security threats to a system running such components. Recent studies have indeed shown that many Firefox extensions are over-privileged, making them attractive attack targets. Unfortunately, users currently do not have many options when it comes to protecting themselves from extensions that may potentially be malicious. Once installed and executed, the extension needs to be trusted. This paper introduces Sentinel, a policy enforcer for the Firefox browser that gives fine-grained control to the user over the actions of existing JavaScript Firefox extensions. The user is able to define policies (or use predefined ones) and block common attacks such as data exfiltration, remote code execution, saved password theft, and preference modification. Our evaluation of Sentinel shows that our prototype implementation can effectively prevent concrete, real-world Firefox extension attacks without a detrimental impact on users' browsing experience. © 2013 Springer-Verlag.
      Published as
      http://dx.doi.org/10.1007/978-3-642-39235-1_7
      Collections
      • Work in Progress 656

      Related items

      Showing items related by title, author, creator and subject.

      • Thumbnail

        Sentinel : a dynamic security policy checker for firefox extensions 

        Battal, Mustafa (Bilkent University, 2014)
        A poorly designed web browser extension with a security vulnerability may expose the whole system to an attacker. Therefore, attacks directed at “benign-butbuggy” extensions, as well as extensions that have been written ...
      • Thumbnail

        Query Processing in Context-Oriented Retrieval of Information 

        Saygin, A.P.; Yavuz, T. (1998)
        This paper proposes a context-oriented approach towards document retrieval and presents the query processing component of the retrieval process in detail. Our approach differs from the existing ones by its use of word sense ...
      • Thumbnail

        3D thumbnails for mobile media browser interface with autostereoscopic displays 

        Gundogdu, R.B.; Yigit, Y.; Capin, T. (2009)
        In this paper, we focus on the problem of how to visualize and browse 3D videos and 3D images in a media browser application, running on a 3D-enabled mobile device with an autostereoscopic display. We propose a 3D thumbnail ...

      Browse

      All of BUIRCommunities & CollectionsTitlesAuthorsAdvisorsBy Issue DateKeywordsTypeDepartmentsThis CollectionTitlesAuthorsAdvisorsBy Issue DateKeywordsTypeDepartments

      My Account

      Login

      Statistics

      View Usage Statistics

      Bilkent University

      If you have trouble accessing this page and need to request an alternate format, contact the webmaster. Phone: (312) 290 1771
      Copyright © Bilkent University | Library IT

      Contact Us | Send Feedback | Off-Campus Access | Admin