Analyzing Information Flow in JavaScript-Based Browser Extensions
ACSAC '09 Proceedings of the 2009 Annual Computer Security Applications Conference
An analysis of the dynamic behavior of JavaScript programs
PLDI '10 Proceedings of the 2010 ACM SIGPLAN conference on Programming language design and implementation
Bait your hook: a novel detection technique for keyloggers
RAID'10 Proceedings of the 13th international conference on Recent advances in intrusion detection
KLIMAX: profiling memory write patterns to detect keystroke-harvesting malware
RAID'11 Proceedings of the 14th international conference on Recent Advances in Intrusion Detection
| Hi-index | 0.00 |
Web browsers are undoubtedly one of the most popular user applications. This is even more evident in recent times, with Google introducing a platform where the browser is the only application provided to the user. With their modular and extensible architecture, modern browsers are also an appealing platforms for third-party software developers, who can easily publish new extensions to extend any standard web browser functionality. Extendability is a crucial feature that makes web browsers a very attractive service platform. From a security perspective, however, extensions opened up new opportunities for attacks. Most extensions do not require any special privilege to be installed, despite their ability to access all the user private data. Delegating the decision about extension's security to trusted parties is not a conclusive solution, given that privacy-breaching behavior has been found even in store-approved extensions [1].