Securing legacy firefox extensions with SENTINEL
| dc.citation.epage | 138 | en_US |
| dc.citation.spage | 122 | en_US |
| dc.contributor.author | Onarlıoğu, K. | en_US |
| dc.contributor.author | Battal, Mustafa | en_US |
| dc.contributor.author | Robertson, W. | en_US |
| dc.contributor.author | Kırda, E. | en_US |
| dc.coverage.spatial | Berlin, Germany | |
| dc.date.accessioned | 2016-02-08T12:07:41Z | |
| dc.date.available | 2016-02-08T12:07:41Z | |
| dc.date.issued | 2013-07 | en_US |
| dc.department | Department of Computer Engineering | en_US |
| dc.description | Conference name:10th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, DIMVA 2013 | |
| dc.description | Date of Conference: 18-19 July , 2013 | |
| dc.description.abstract | A poorly designed web browser extension with a security vulnerability may expose the whole system to an attacker. Therefore, attacks directed at "benign-but-buggy" extensions, as well as extensions that have been written with malicious intents pose significant security threats to a system running such components. Recent studies have indeed shown that many Firefox extensions are over-privileged, making them attractive attack targets. Unfortunately, users currently do not have many options when it comes to protecting themselves from extensions that may potentially be malicious. Once installed and executed, the extension needs to be trusted. This paper introduces Sentinel, a policy enforcer for the Firefox browser that gives fine-grained control to the user over the actions of existing JavaScript Firefox extensions. The user is able to define policies (or use predefined ones) and block common attacks such as data exfiltration, remote code execution, saved password theft, and preference modification. Our evaluation of Sentinel shows that our prototype implementation can effectively prevent concrete, real-world Firefox extension attacks without a detrimental impact on users' browsing experience. © 2013 Springer-Verlag. | en_US |
| dc.description.provenance | Made available in DSpace on 2016-02-08T12:07:41Z (GMT). No. of bitstreams: 1 bilkent-research-paper.pdf: 70227 bytes, checksum: 26e812c6f5156f83f0e77b261a471b5a (MD5) Previous issue date: 2013 | en |
| dc.identifier.doi | 10.1007/978-3-642-39235-1_7 | en_US |
| dc.identifier.uri | http://hdl.handle.net/11693/27988 | en_US |
| dc.language.iso | English | en_US |
| dc.publisher | Springer | en_US |
| dc.relation.isversionof | https://doi.org/10.1007/978-3-642-39235-1_7 | en_US |
| dc.source.title | 10th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, 2013 | en_US |
| dc.subject | Browser extensions | en_US |
| dc.subject | Web browser security | en_US |
| dc.subject | Attack target | en_US |
| dc.subject | Data exfiltration | en_US |
| dc.subject | Fine-grained control | en_US |
| dc.subject | Prototype implementations | en_US |
| dc.subject | Security threats | en_US |
| dc.subject | Security vulnerabilities | en_US |
| dc.subject | Web browser security | en_US |
| dc.subject | Computer crime | en_US |
| dc.subject | Web browsers | en_US |
| dc.subject | World Wide Web | en_US |
| dc.title | Securing legacy firefox extensions with SENTINEL | en_US |
| dc.type | Conference Paper | en_US |
Files
Original bundle
1 - 1 of 1
Loading...
- Name:
- Securing legacy firefox extensions with SENTINEL.pdf
- Size:
- 219.76 KB
- Format:
- Adobe Portable Document Format
- Description:
- Full printable version