Auto-FBI: a user-friendly approach for secure access to sensitive content on the web

Authors:
Mohsen Zohrevandi;Rida A. Bazzi
Affiliations:
Arizona State University, Tempe, AZ;Arizona State University, Tempe, AZ
Venue:
Proceedings of the 29th Annual Computer Security Applications Conference
Year:
2013

Citing 11
Cited 0

Protecting Users against Phishing Attacks

The Computer Journal
Robust defenses for cross-site request forgery

Proceedings of the 15th ACM conference on Computer and communications security
Protecting browsers from DNS rebinding attacks

ACM Transactions on the Web (TWEB)
Preventing Information Leaks through Shadow Executions

ACSAC '08 Proceedings of the 2008 Annual Computer Security Applications Conference
All your iFRAMEs point to Us

SS'08 Proceedings of the 17th conference on Security symposium
An architecture for enforcing end-to-end access control over web applications

Proceedings of the 15th ACM symposium on Access control models and technologies
Noninterference through Secure Multi-execution

SP '10 Proceedings of the 2010 IEEE Symposium on Security and Privacy
An empirical study of privacy-violating information flows in JavaScript web applications

Proceedings of the 17th ACM conference on Computer and communications security
I Still Know What You Visited Last Summer: Leaking Browsing History via User Interaction and Side Channel Attacks

SP '11 Proceedings of the 2011 IEEE Symposium on Security and Privacy
App isolation: get the security of multiple browsers with just one

Proceedings of the 18th ACM conference on Computer and communications security
FlowFox: a web browser with flexible and precise information flow control

Proceedings of the 2012 ACM conference on Computer and communications security

Quantified Score

Hi-index	0.00

Visualization

Abstract

We propose a novel and simple approach for securing access to sensitive content on the web. The approach automates the best manual compartmentalization practices for accessing different kinds of content with different browser instances. The automation is transparent to the user and does not require any modification of how non-sensitive content is accessed. For sensitive content, a Fresh Browser Instance (FBI) is automatically created to access the content. Our prototype system Auto-FBI can provide support for novice users with predefined sensitive content sites as well as for more experienced users who can define conflict of interest (COI) classes which allows content from sites in the same user-defined class to coexist in a browser instance. Our initial performance evaluation of Auto-FBI shows that the overhead introduced by the approach is acceptable (less than 160 ms for sites that already have fast load time, but for slow sites the overhead can be as high as 750 ms).