Show simple item record

dc.contributor.authorOnarlıoğu, K.en_US
dc.contributor.authorBattal, Mustafaen_US
dc.contributor.authorRobertson, W.en_US
dc.contributor.authorKırda, E.en_US
dc.coverage.spatialBerlin, Germany
dc.date.accessioned2016-02-08T12:07:41Z
dc.date.available2016-02-08T12:07:41Z
dc.date.issued2013-07en_US
dc.identifier.urihttp://hdl.handle.net/11693/27988
dc.descriptionConference name:10th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, DIMVA 2013
dc.descriptionDate of Conference: 18-19 July , 2013
dc.description.abstractA poorly designed web browser extension with a security vulnerability may expose the whole system to an attacker. Therefore, attacks directed at "benign-but-buggy" extensions, as well as extensions that have been written with malicious intents pose significant security threats to a system running such components. Recent studies have indeed shown that many Firefox extensions are over-privileged, making them attractive attack targets. Unfortunately, users currently do not have many options when it comes to protecting themselves from extensions that may potentially be malicious. Once installed and executed, the extension needs to be trusted. This paper introduces Sentinel, a policy enforcer for the Firefox browser that gives fine-grained control to the user over the actions of existing JavaScript Firefox extensions. The user is able to define policies (or use predefined ones) and block common attacks such as data exfiltration, remote code execution, saved password theft, and preference modification. Our evaluation of Sentinel shows that our prototype implementation can effectively prevent concrete, real-world Firefox extension attacks without a detrimental impact on users' browsing experience. © 2013 Springer-Verlag.en_US
dc.language.isoEnglishen_US
dc.source.title10th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, 2013en_US
dc.relation.isversionofhttps://doi.org/10.1007/978-3-642-39235-1_7en_US
dc.subjectBrowser extensionsen_US
dc.subjectWeb browser securityen_US
dc.subjectAttack targeten_US
dc.subjectData exfiltrationen_US
dc.subjectFine-grained controlen_US
dc.subjectPrototype implementationsen_US
dc.subjectSecurity threatsen_US
dc.subjectSecurity vulnerabilitiesen_US
dc.subjectWeb browser securityen_US
dc.subjectComputer crimeen_US
dc.subjectWeb browsersen_US
dc.subjectWorld Wide Weben_US
dc.titleSecuring legacy firefox extensions with SENTINELen_US
dc.typeConference Paperen_US
dc.departmentDepartment of Computer Engineeringen_US
dc.citation.spage122en_US
dc.citation.epage138en_US
dc.identifier.doi10.1007/978-3-642-39235-1_7en_US
dc.publisherSpringeren_US


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record