Browsing by Subject "Security threats"

Filter results by typing the first few letters
Now showing 1 - 2 of 2
  • Thumbnail Image
    ItemOpen Access
    Securing legacy firefox extensions with SENTINEL
    (Springer, 2013-07) Onarlıoğu, K.; Battal, Mustafa; Robertson, W.; Kırda, E.
    A poorly designed web browser extension with a security vulnerability may expose the whole system to an attacker. Therefore, attacks directed at "benign-but-buggy" extensions, as well as extensions that have been written with malicious intents pose significant security threats to a system running such components. Recent studies have indeed shown that many Firefox extensions are over-privileged, making them attractive attack targets. Unfortunately, users currently do not have many options when it comes to protecting themselves from extensions that may potentially be malicious. Once installed and executed, the extension needs to be trusted. This paper introduces Sentinel, a policy enforcer for the Firefox browser that gives fine-grained control to the user over the actions of existing JavaScript Firefox extensions. The user is able to define policies (or use predefined ones) and block common attacks such as data exfiltration, remote code execution, saved password theft, and preference modification. Our evaluation of Sentinel shows that our prototype implementation can effectively prevent concrete, real-world Firefox extension attacks without a detrimental impact on users' browsing experience. © 2013 Springer-Verlag.
  • Thumbnail Image
    ItemOpen Access
    A survey on information security threats and solutions for Machine to Machine (M2M) communications
    (Academic Press Inc., 2017) Tuna, G.; Kogias, D. G.; Gungor, V. C.; Gezer, C.; Taşkın, E.; Ayday, E.
    Although Machine to Machine (M2M) networks allow the development of new promising applications, the restricted resources of machines and devices in the M2M networks bring several constraints including energy, bandwidth, storage, and computation. Such constraints pose several challenges in the design of M2M networks. Furthermore, some elements that contributed to the rise of M2M applications have caused several new security threats and risks, typically due to the advancements in technology, increasing computing power, declining hardware costs, and freely available software tools. Due to the restricted capabilities of M2M devices, most of the recent research efforts on M2M have focused on computing, resource management, sensing, congestion control and controlling technologies. However, there are few studies on security aspects and there is a need to introduce the threats existing in M2M systems and corresponding solutions. Accordingly, in this paper, after presenting an overview of potential M2M applications, we present a survey of security threats against M2M networks and solutions to prevent or reduce their impact. Then, we investigate security-related challenges and open research issues in M2M networks to provide an insight for future research opportunities. Moreover, we discuss the oneM2M standard, one of the prominent standard initiatives for more secure and smoother M2M networks and the Internet of Things. © 2017 Elsevier Inc.