Proceedings of the 7th ACM conference on Computer and communications security
Alloy: a lightweight object modelling notation
ACM Transactions on Software Engineering and Methodology (TOSEM)
A Safety-Oriented Platform for Web Applications
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Protecting browser state from web privacy attacks
Proceedings of the 15th international conference on World Wide Web
Software Abstractions: Logic, Language, and Analysis
Software Abstractions: Logic, Language, and Analysis
Secure Web Browsing with the OP Web Browser
SP '08 Proceedings of the 2008 IEEE Symposium on Security and Privacy
SOMA: mutual approval for included content in web pages
Proceedings of the 15th ACM conference on Computer and communications security
OMash: enabling secure web mashups via object abstractions
Proceedings of the 15th ACM conference on Computer and communications security
Isolating web programs in modern browser architectures
Proceedings of the 4th ACM European conference on Computer systems
Reining in the web with content security policy
Proceedings of the 19th international conference on World wide web
Towards a Formal Foundation of Web Security
CSF '10 Proceedings of the 2010 23rd IEEE Computer Security Foundations Symposium
The multi-principal OS construction of the gazelle web browser
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
An empirical study of privacy-violating information flows in JavaScript web applications
Proceedings of the 17th ACM conference on Computer and communications security
Protecting browsers from cross-origin CSS attacks
Proceedings of the 17th ACM conference on Computer and communications security
An analysis of private browsing modes in modern browsers
USENIX Security'10 Proceedings of the 19th USENIX conference on Security
SP '11 Proceedings of the 2011 IEEE Symposium on Security and Privacy
Establishing browser security guarantees through formal shim verification
Security'12 Proceedings of the 21st USENIX conference on Security symposium
Privilege separation in HTML5 applications
Security'12 Proceedings of the 21st USENIX conference on Security symposium
BetterAuth: web authentication revisited
Proceedings of the 28th Annual Computer Security Applications Conference
Sweetening android lemon markets: measuring and combating malware in application marketplaces
Proceedings of the third ACM conference on Data and application security and privacy
Security Verification of Hardware-enabled Attestation Protocols
MICROW '12 Proceedings of the 2012 45th Annual IEEE/ACM International Symposium on Microarchitecture Workshops
GlassTube: a lightweight approach to web application integrity
Proceedings of the Eighth ACM SIGPLAN workshop on Programming languages and analysis for security
Protecting sensitive web content from client-side vulnerabilities with CRYPTONS
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Auto-FBI: a user-friendly approach for secure access to sensitive content on the web
Proceedings of the 29th Annual Computer Security Applications Conference
Hi-index | 0.00 |
Many browser-based attacks can be prevented by using separate browsers for separate web sites. However, most users access the web with only one browser. We explain the security benefits that using multiple browsers provides in terms of two concepts: entry-point restriction and state isolation. We combine these concepts into a general app isolation mechanism that can provide the same security benefits in a single browser. While not appropriate for all types of web sites, many sites with high-value user data can opt in to app isolation to gain defenses against a wide variety of browser-based attacks. We implement app isolation in the Chromium browser and verify its security properties using finite-state model checking. We also measure the performance overhead of app isolation and conduct a large-scale study to evaluate its adoption complexity for various types of sites, demonstrating how the app isolation mechanisms are suitable for protecting a number of high-value Web applications, such as online banking.