Memoirs of a browser: a cross-browser detection model for privacy-breaching extensions

Asia CCS '22 : proceedings of the 2022 ACM Asia Conference on Computer and Communications Security : May 30-June 3, 2022, Nagasaki, Japan. ACM Asia Conference on Computer and Communications Security (17th : 2022 : Nagasaki-shi, Japan ; ... Pub Date : 2012-05-02 DOI:10.1145/2414456.2414461

Cristiano Giuffrida, Stefano Ortolani, B. Crispo

{"title":"Memoirs of a browser: a cross-browser detection model for privacy-breaching extensions","authors":"Cristiano Giuffrida, Stefano Ortolani, B. Crispo","doi":"10.1145/2414456.2414461","DOIUrl":null,"url":null,"abstract":"Web browsers are undoubtedly one of the most popular user applications. This is even more evident in recent times, with Google introducing a platform where the browser is the only application provided to the user. With their modular and extensible architecture, modern browsers are also an appealing platforms for third-party software developers, who can easily publish new extensions to extend any standard web browser functionality. Extendability is a crucial feature that makes web browsers a very attractive service platform. From a security perspective, however, extensions opened up new opportunities for attacks. Most extensions do not require any special privilege to be installed, despite their ability to access all the user private data. Delegating the decision about extension's security to trusted parties is not a conclusive solution, given that privacy-breaching behavior has been found even in store-approved extensions [1].","PeriodicalId":72308,"journal":{"name":"Asia CCS '22 : proceedings of the 2022 ACM Asia Conference on Computer and Communications Security : May 30-June 3, 2022, Nagasaki, Japan. ACM Asia Conference on Computer and Communications Security (17th : 2022 : Nagasaki-shi, Japan ; ...","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2012-05-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"10","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Asia CCS '22 : proceedings of the 2022 ACM Asia Conference on Computer and Communications Security : May 30-June 3, 2022, Nagasaki, Japan. ACM Asia Conference on Computer and Communications Security (17th : 2022 : Nagasaki-shi, Japan ; ...","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2414456.2414461","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 10

Abstract

Web browsers are undoubtedly one of the most popular user applications. This is even more evident in recent times, with Google introducing a platform where the browser is the only application provided to the user. With their modular and extensible architecture, modern browsers are also an appealing platforms for third-party software developers, who can easily publish new extensions to extend any standard web browser functionality. Extendability is a crucial feature that makes web browsers a very attractive service platform. From a security perspective, however, extensions opened up new opportunities for attacks. Most extensions do not require any special privilege to be installed, despite their ability to access all the user private data. Delegating the decision about extension's security to trusted parties is not a conclusive solution, given that privacy-breaching behavior has been found even in store-approved extensions [1].

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

浏览器回忆录:一种针对隐私泄露扩展的跨浏览器检测模型

Web浏览器无疑是最流行的用户应用程序之一。最近，随着谷歌推出一个平台，浏览器是提供给用户的唯一应用程序，这一点更加明显。由于其模块化和可扩展的架构，现代浏览器对于第三方软件开发人员来说也是一个很有吸引力的平台，他们可以很容易地发布新的扩展来扩展任何标准的web浏览器功能。可扩展性是使web浏览器成为一个非常有吸引力的服务平台的关键特性。然而，从安全角度来看，扩展为攻击提供了新的机会。大多数扩展不需要安装任何特殊权限，尽管它们能够访问所有用户私有数据。考虑到即使在商店批准的扩展中也发现了侵犯隐私的行为，将扩展安全性的决定权委托给受信任的各方并不是一个决定性的解决方案[1]。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

Asia CCS '22 : proceedings of the 2022 ACM Asia Conference on Computer and Communications Security : May 30-June 3, 2022, Nagasaki, Japan. ACM Asia Conference on Computer and Communications Security (17th : 2022 : Nagasaki-shi, Japan ; ...

自引率

0.00%

发文量