Protecting Users against Phishing Attacks
The Computer Journal
Robust defenses for cross-site request forgery
Proceedings of the 15th ACM conference on Computer and communications security
Protecting browsers from DNS rebinding attacks
ACM Transactions on the Web (TWEB)
Preventing Information Leaks through Shadow Executions
ACSAC '08 Proceedings of the 2008 Annual Computer Security Applications Conference
SS'08 Proceedings of the 17th conference on Security symposium
An architecture for enforcing end-to-end access control over web applications
Proceedings of the 15th ACM symposium on Access control models and technologies
Noninterference through Secure Multi-execution
SP '10 Proceedings of the 2010 IEEE Symposium on Security and Privacy
An empirical study of privacy-violating information flows in JavaScript web applications
Proceedings of the 17th ACM conference on Computer and communications security
SP '11 Proceedings of the 2011 IEEE Symposium on Security and Privacy
App isolation: get the security of multiple browsers with just one
Proceedings of the 18th ACM conference on Computer and communications security
FlowFox: a web browser with flexible and precise information flow control
Proceedings of the 2012 ACM conference on Computer and communications security
Hi-index | 0.00 |
We propose a novel and simple approach for securing access to sensitive content on the web. The approach automates the best manual compartmentalization practices for accessing different kinds of content with different browser instances. The automation is transparent to the user and does not require any modification of how non-sensitive content is accessed. For sensitive content, a Fresh Browser Instance (FBI) is automatically created to access the content. Our prototype system Auto-FBI can provide support for novice users with predefined sensitive content sites as well as for more experienced users who can define conflict of interest (COI) classes which allows content from sites in the same user-defined class to coexist in a browser instance. Our initial performance evaluation of Auto-FBI shows that the overhead introduced by the approach is acceptable (less than 160 ms for sites that already have fast load time, but for slow sites the overhead can be as high as 750 ms).