CPL - Chalmers Publication Library
| Utbildning | Forskning | Styrkeområden | Om Chalmers | In English In English Ej inloggad.

Discovering Browser Extensions via Web Accessible Resources

Alexander Sjösten (Institutionen för Data- och informationsteknik, Informationssäkerhet (Chalmers)) ; Steven Van Acker (Institutionen för Data- och informationsteknik, Informationssäkerhet (Chalmers)) ; Andrei Sabelfeld (Institutionen för Data- och informationsteknik, Informationssäkerhet (Chalmers))
CODASPY 2017 - Proceedings of the 7th ACM Conference on Data and Applications Security and Privacy p. 329-336. (2017)
[Konferensbidrag, refereegranskat]

Browser extensions provide a powerful platform to enrich browsing experience. At the same time, they raise important security questions. From the point of view of a website, some browser extensions are invasive, removing intended features and adding unintended ones, e.g. extensions that hijack Facebook likes. Conversely, from the point of view of extensions, some websites are invasive, e.g. websites that bypass ad blockers. Motivated by security goals at clash, this paper explores browser extension discovery, through a non-behavioral technique, based on detecting extensions' web accessible resources. We report on an empirical study with free Chrome and Firefox extensions, being able to detect over 50% of the top 1,000 free Chrome extensions, including popular security- and privacy-critical extensions such as AdBlock, LastPass, Avast Online Security, and Ghostery. We also conduct an empirical study of non-behavioral extension detection on the Alexa top 100,000 websites. We present the dual measures of making extension detection easier in the interest of websites and making extension detection more difficult in the interest of extensions. Finally, we discuss a browser architecture that allows a user to take control in arbitrating the conflicting security goals.

Nyckelord: Web security, Browser extensions, Large-scale study



Denna post skapades 2017-03-23. Senast ändrad 2017-06-28.
CPL Pubid: 248659

 

Läs direkt!


Länk till annan sajt (kan kräva inloggning)