Efficient software-based fault isolation
SOSP '93 Proceedings of the fourteenth ACM symposium on Operating systems principles
Proceedings of the 24th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
A note on the confinement problem
Communications of the ACM
Model-carrying code: a practical approach for safe execution of untrusted applications
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Detecting Malicious JavaScript Code in Mozilla
ICECCS '05 Proceedings of the 10th IEEE International Conference on Engineering of Complex Computer Systems
BrowserShield: vulnerability-driven filtering of dynamic HTML
OSDI '06 Proceedings of the 7th USENIX Symposium on Operating Systems Design and Implementation - Volume 7
A secure environment for untrusted helper applications confining the Wily Hacker
SSYM'96 Proceedings of the 6th conference on USENIX Security Symposium, Focusing on Applications of Cryptography - Volume 6
An automatic HTTP cookie management system
Computer Networks: The International Journal of Computer and Telecommunications Networking
Exploiting the client vulnerabilities in internet E-voting systems: hacking Helios 2.0 as an example
EVT/WOTE'10 Proceedings of the 2010 international conference on Electronic voting technology/workshop on trustworthy elections
VEX: vetting browser extensions for security vulnerabilities
USENIX Security'10 Proceedings of the 19th USENIX conference on Security
SessionShield: lightweight protection against session hijacking
ESSoS'11 Proceedings of the Third international conference on Engineering secure software and systems
Vetting browser extensions for security vulnerabilities with VEX
Communications of the ACM
Towards fine-grained access control on browser extensions
ISPEC'12 Proceedings of the 8th international conference on Information Security Practice and Experience
An empirical study of dangerous behaviors in firefox extensions
ISC'12 Proceedings of the 15th international conference on Information Security
The darker side of Firefox extension
Proceedings of the 6th International Conference on Security of Information and Networks
Securing legacy firefox extensions with SENTINEL
DIMVA'13 Proceedings of the 10th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
| Hi-index | 0.02 |
In this paper we examine the security issues in functionality extension mechanisms supported by web browsers. Extensions (or "plug-ins") in modern web browsers enjoy unlimited power without restraint and thus are attractive vectors for malware. To solidify the claim, we take on the role of malware writers looking to assume control of a user's browser space. We have taken advantage of the lack of security mechanisms for browser extensions and have implemented a piece of malware for the popular Firefox web browser, which we call browserSpy, that requires no special privileges to be installed. Once installed, browserSpytakes complete control of a user's browser space and can observe all the activity performed through the browser while being undetectable. We then adopt the role of defenders to discuss defense strategies against such malware. Our primary contribution is a mechanism that uses code integrity checking techniques to control the extension installation and loading process. We also discuss techniques for runtime monitoring of extension behavior that provide a foundation for defending threats due to installed extensions.