Abstract
Web browsers are becoming the universal interface to reach applications and services related with these systems. Different browsing contexts may be required in order to reach them, e.g., use of VPN tunnels, corporate proxies, anonymisers, etc. By browsing context we mean how the user browsers the Web, including mainly the concrete configuration of its browser. When the context of the browser changes, its security requirements also change. In this work, we present the use of authorisation policies to automatise the process of controlling the resources of a Web browser when its context changes. The objective of our proposal is oriented towards easing the adaptation to the security requirements of the new context and enforce them in the browser without the need for user intervention. We present a concrete application of our work as a plug-in for the adaption of security requirements in Mozilla/Firefox browser when a context of anonymous navigation through the Tor network is enabled.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Abbott, T., Lai, K., Lieberman, M., Price, E.: Browser-Based Attacks on Tor. In: Borisov, N., Golle, P. (eds.) PET 2007. LNCS, vol. 4776, pp. 184–199. Springer, Heidelberg (2007)
Bauer, K., McCoy, D., Grunwald, D., Kohno, T., Sicker, D.: Low-resource routing attacks against Tor. In: ACM workshop on Privacy in electronic society, pp. 11–20 (2007)
Chaum, D.: Untraceable electronic mail, return addresses, and digital pseudonyms. Communications of the ACM 24(2), 84–88 (1981)
Christensen, A., et al.: Practical Onion Hacking. FortConsult (October 2006)
Dingledine, R., Mathewson, N., Syverson, P.F.: Tor: The second-generation Onion Router. In: 13th conference on USENIX Security Symposium (2004)
Ginda, R.: Writing a Mozilla Application with XUL and Javascript. O’Reilly, USA (2000)
Godik, S., et al.: eXtensible Access Control Markup Language (XACML) Version 2. Standard, OASIS (February 2005)
Leech, M., et al.: SOCKS Protocol Version 5. RFC1928 (March 1996)
Lemos, R.: Tor hack proposed to catch criminals. SecurityFocus (March 2007), http://www.securityfocus.com/news/11447
Lemos, R.: Embassy leaks highlight pitfalls of Tor. SecurityFocus (September 2007), http://www.securityfocus.com/news/11486
Mcfarlane, N.: Rapid Application Development with Mozilla. Prentice Hall PTR, Englewood Cliffs (2004)
Moore, H.D., et al.: The Metasploit Project, http://www.metasploit.com/
Murdoch, S.J., Danezis, G.: Low-cost traffic analysis of Tor. In: IEEE Symposium on Security and Privacy, pp. 183–195 (2005)
Privoxy - Home Page, http://www.privoxy.org/
Reed, M.G., Syverson, P.F., Goldschlag, D.M.: Anonymous connections and onion routing. IEEE Journal on Selected Areas in Communications 16(4), 482–494 (1998)
Sloman, M.: Policy Driven Management for Distributed Systems. Journal of Network and Systems Management 2, part 4 (1994)
Perry, M., Squires, S.: Torbutton, https://www.torproject.org/torbutton/
Sun Microsystems SunXACML, http://sunxacml.sourceforge.net
Wright, M.K., Adler, M., Levine, B.N., Shields, C.: Passive-Logging Attacks Against Anonymous Communications Systems. ACM Transactions on Information and System Security (TISSEC) 11(2), Article 7, 1–33 (2008)
Yavatkar, R., Pendarakis, D., Guerin, R.: A Framework for Policy-based Admission Control RFC 2753. The Internet Society (January 2000)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 IFIP International Federation for Information Processing
About this paper
Cite this paper
Navarro-Arribas, G., Garcia-Alfaro, J. (2009). A Policy Based Approach for the Management of Web Browser Resources to Prevent Anonymity Attacks in Tor. In: Gritzalis, D., Lopez, J. (eds) Emerging Challenges for Security, Privacy and Trust. SEC 2009. IFIP Advances in Information and Communication Technology, vol 297. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-01244-0_15
Download citation
DOI: https://doi.org/10.1007/978-3-642-01244-0_15
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-01243-3
Online ISBN: 978-3-642-01244-0
eBook Packages: Computer ScienceComputer Science (R0)