Enhancing web browser security against malware extensions

Journal in Computer Virology

Volumn 4, Issue 3, 2008, Pages 179-195

  Ter Louw, Mike ^a   Lim, Jin Soon ^a   Venkatakrishnan, V N ^a  

^a UNIVERSITY OF ILLINOIS AT CHICAGO   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

COMPUTER CRIME; CRYPTOGRAPHY; MECHANISMS; REAL TIME SYSTEMS; RELIABILITY; WORLD WIDE WEB;

CODE INTEGRITY; COMPLETE CONTROL; DEFENSE STRATEGIES; EXTENSION MECHANISMS; FIREFOX WEB BROWSERS; JAVASCRIPT; LOADING PROCESSES; MALWARE; PLUG-INS; PRIMARY CONTRIBUTION; RUN-TIME MONITORING; SECURITY ISSUES; SECURITY MECHANISMS; WEB BROWSER SECURITY;

WEB BROWSERS;

EID: 48349087157     PISSN: 17729890     EISSN: 17729904     Source Type: Journal    
DOI: 10.1007/s11416-007-0078-5     Document Type: Article

References (19)

1. eTrust~PestPatrol. Pests detected by PestPatrol and classified as browser helper object. http://www.pestpatrol.com/pestinfo%5Cbrowser_helper_object.asp, March 2005
2. Firefox extension security project website. http://alcazar.sisl.rites. uic.edu/wiki/view/Main/ExtensibleWebBrowserSecurity
3. Goldberg, I., Wagner, D., Thomas, R., Brewer, E.A.: A secure environment for untrusted helper applications: Confining the wily hacker. In: Sixth USENIX Security Symposium, San Jose, CA, USA (1996)
4. Hallaraker, O., Vigna, G.: Detecting malicious JavaScript code in Mozilla. In: 10th IEEE International Conference on Engineering of Complex Computer Systems (ICECCS), Shanghai, China (2005)
5. Kirda, E., Kruegel, C., Banks, G., Vigna, G., Kemmerer, R.A.: Behavior-based spyware detection. In: 15th USENIX Security Symposium, Vancouver, BC, Canada (2006)
6. Kirk, J.: Trojan cloaks itself as Firefox extension. Infoworld magazine, July 2006
7. Lampson B.W. (1973). A note on the confinement problem. Commun. ACM 16(10): 613-615
8. Li, Z., Wang, X., Choi, J.Y.: SpyShield: Preserving privacy from spy add-ons. In: 10th International Symposium on Recent Advances in Intrusion Detection (RAID), Gold Coast, QLD, Australia (2007)
9. Information from http://addons.mozilla.org
10. Mozilla Firefox at Wikipedia http://en.wikipedia.org/wiki/Mozilla_Firefox
11. Necula, G.C.: Proof-carrying code. In: 24th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL), Paris, France (1997)
12. Reis, C., Dunagan, J., Wang, H.J., Dubrovsky, O., Esmeir, S.: BrowserShield: Vulnerability-driven filtering of dynamic HTML. In: 7th USENIX Symposium on Operating Systems Design and Implementation (OSDI), Seattle, WA, USA (2006)
13. Sekar, R., Venkatakrishnan, V.N., Basu, S., Bhatkar, S., DuVarney, D.C.: Model carrying code: a practical approach for safe execution of untrusted applications. In: 19th ACM Symposium on Operating Systems Principles (SOSP), Bolton Landing, NY, USA (2003)
14. Soghoian, C.: A remote vulnerability in Firefox extensions. http://paranoia.dubfire.net/2007/05/remote-vulnerability-in-firefox.html (2007 )
15. Ter Louw, M., Lim, J.S., Venkatakrishnan, V.N.: Extensible web browser security. In: 4th GI International Conference on Detection of Intrusions & Malware, and Vulnerability Assesment (DIMVA), Lucerne, Switzerland (2007)
16. Tsyrklevich, E., Yee, B.: Dynamic detection and prevention of race conditions in file accesses. In: 12th USENIX Security Symposium, Washington, D.C., USA (2003)
17. Ungar D. and Smith R.B. (1987). Self: The power of simplicity. ACM SIGPLAN Notices 22(12): 227-242
18. Vogt, P., Nentwich, F., Jovanovic, N., Kirda, E., Kruegel, C., Vigna, G.: Cross-site scripting prevention with dynamic data tainting and static analysis. In: 14th Annual Network & Distributed System Security Symposium (NDSS), San Diego, CA, USA (2007)
19. Wahbe, R., Lucco, S., Anderson, T., Graham, S.: Efficient software-based fault isolation. In: 14th ACM Symposium on Operating System Principles (SOSP), Asheville, NC, USA (1993)