Abstract
In this paper we examine the security issues in functionality extension mechanisms supported by web browsers. Extensions (or “plug-ins”) in modern web browsers enjoy unlimited power without restraint and thus are attractive vectors for malware. To solidify the claim, we take on the role of malware writers looking to assume control of a user’s browser space. We have taken advantage of the lack of security mechanisms for browser extensions and have implemented a piece of malware for the popular Firefox web browser, which we call browserSpy, that requires no special privileges to be installed. Once installed, browserSpy takes complete control of a user’s browser space and can observe all the activity performed through the browser while being undetectable. We then adopt the role of defenders to discuss defense strategies against such malware. Our primary contribution is a mechanism that uses code integrity checking techniques to control the extension installation and loading process. We also discuss techniques for runtime monitoring of extension behavior that provide a foundation for defending threats due to installed extensions.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Information from http://en.wikipedia.org/wiki/Mozilla_Firefox
Information from http://addons.mozilla.org
Project website. http://research.mike.tl/view/Research/ExtensibleWebBrowserSecurity
Protected mode in vista ie7. http://blogs.msdn.com/ie/archive/2006/02/09/528963.aspx
eTrust Pest Patrol. Pests detected by pestpatrol and classified as browser helper object http://www.pestpatrol.com/pestinfo2005
Goldberg, I., Wagner, D., Thomas, R., Brewer, E.A.: A secure environment for untrusted helper applications: confining the wily hacker. In: USENIX Security Symposium (1996)
Hallaraker, O., Vigna, G.: Detecting Malicious JavaScript Code in Mozilla. In: Proceedings of the IEEE International Conference on Engineering of Complex Computer Systems (ICECCS), pp. 85–94, Shanghai, China (June 2005)
Kirk, J.: Trojan cloaks itself as firefox extension. Infoworld magazine (July 2006)
Lampson, B.W.: A note on the confinement problem. Communications of the ACM 16(10) (1973)
Necula, G.C.: Proof-carrying code (ACM SIGACT and SIGPLAN). In: ACM Symposium on Principles of Programming Languages (POPL), pp. 106–119. ACM Press, New York (1997)
Reis, C., Dunagan, J., Wang, H., Dubrovsky, O., Esmeir, S.: Browsershield: Vulnerability-driven filtering of dynamic html. In: USENIX Symposium on Operating Systems Design and Implementation (OSDI) (2006)
Sekar, R., Venkatakrishnan, V.N., Basu, S., Bhatkar, S., DuVarney, D.C.: Model carrying code: A practical approach for safe execution of untrusted applications. In: ACM Symposium on Operating Systems Principles (SOSP) (2003)
Vogt, P., Nentwich, F., Jovanovic, N., Kirda, E., Kruegel, C., Vigna, G.: Cross site scripting prevention with dynamic data tainting and static analysis. In: Network and Distributed System Security Symposium (NDSS), San Diego (2007)
Wahbe, R., Lucco, S., Anderson, T., Graham, S.: Efficient software-based fault isolation. In: Proceedings of the Symposium of Operating System Principles (1993)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Ter Louw, M., Lim, J.S., Venkatakrishnan, V.N. (2007). Extensible Web Browser Security. In: M. Hämmerli, B., Sommer, R. (eds) Detection of Intrusions and Malware, and Vulnerability Assessment. DIMVA 2007. Lecture Notes in Computer Science, vol 4579. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-73614-1_1
Download citation
DOI: https://doi.org/10.1007/978-3-540-73614-1_1
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-73613-4
Online ISBN: 978-3-540-73614-1
eBook Packages: Computer ScienceComputer Science (R0)