D. Leon, Venkata A. Bhandari, Ananth A. Jillepalli, Frederick T. Sheldon
{"title":"Using a knowledge-based security orchestration tool to reduce the risk of browser compromise","authors":"D. Leon, Venkata A. Bhandari, Ananth A. Jillepalli, Frederick T. Sheldon","doi":"10.1109/SSCI.2016.7849910","DOIUrl":null,"url":null,"abstract":"Today, web browsers are used to access and modify sensitive data and systems including intranets and critical control systems. Due to their computational capabilities and network connectivity, browsers are vulnerable to several types of attacks, even when fully patched. Browsers are also the main target of phishing attacks. Many browser attacks, including phishing, could be prevented or mitigated by using site-, user-, and device-specific security configurations in a diverse browsing ecosystem. However, in our research, we discovered that all major browsers expose disparate security configuration procedures, option names, values, and semantics. This results in an extremely hard to secure browsing ecosystem. We analyzed in detail more than a thousand browser security configuration options in three major browsers and found that only 17 had common names with common semantics. In this paper, we describe the results of this in-depth analysis. We also describe a knowledge-based solution, Open Browser GP, that would enable organizations to implement highly-granular secure configurations for their information and operational technology (IT/OT) browsing ecosystem.","PeriodicalId":120288,"journal":{"name":"2016 IEEE Symposium Series on Computational Intelligence (SSCI)","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2016-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"8","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 IEEE Symposium Series on Computational Intelligence (SSCI)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SSCI.2016.7849910","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 8
Abstract
Today, web browsers are used to access and modify sensitive data and systems including intranets and critical control systems. Due to their computational capabilities and network connectivity, browsers are vulnerable to several types of attacks, even when fully patched. Browsers are also the main target of phishing attacks. Many browser attacks, including phishing, could be prevented or mitigated by using site-, user-, and device-specific security configurations in a diverse browsing ecosystem. However, in our research, we discovered that all major browsers expose disparate security configuration procedures, option names, values, and semantics. This results in an extremely hard to secure browsing ecosystem. We analyzed in detail more than a thousand browser security configuration options in three major browsers and found that only 17 had common names with common semantics. In this paper, we describe the results of this in-depth analysis. We also describe a knowledge-based solution, Open Browser GP, that would enable organizations to implement highly-granular secure configurations for their information and operational technology (IT/OT) browsing ecosystem.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
