Skip to main content


Techniques & Tools For Secure Web Browser


Many modern application platforms support an extensible architecture that allows the application core to be extended with functionality developed by third-parties. This bootstraps a developer community that works together to enhance and customize the basic functionality of those platforms. To ease development of such extensions, these platforms expose an API that third-parties can use to implement their functionality.


These APIs usually endow extension developers with privileges to access various system resources. However, to isolate the platform from any new security threats caused by these untrusted extensions, the API must ideally restrict extensions’ authority.

Thus, an important challenge is to simplify extension programming for the third-party developers while ensuring that these extensions do not compromise the security of the application core.

This dissertation seeks to address the above issues in the context of Web browser extensions. It presents algorithms and tools to facilitate secure Web browser extension development.

In particular, it makes the following two contributions. First, it studies and characterizes the security of a modern Web browser extension architecture, the Mozilla Jetpack framework — proposes solutions to improve the security of the architecture and extensions developed on top of it.

It presents Beacon, which leverages JavaScript-level information flow technique to detect unsafe programming practices in browser extensions.

Upon analyzing 68000 lines of JavaScript code from modern extension framework and real world extensions, Beacon found 36 instances of potentially unsafe programming practices. Second, it addresses the problem of porting unsafe legacy extensions to modern, privilege- separated extension architectures.


File Type: PDF
File Size: 769 KB
Total Pages: 112

Direct Link Mega:
Download Now
Direct Link AnonFiles:
Download Now
Direct Link Mediafire:
Download Now
Direct Link Solidfiles:
Download Now
Direct Link Sabercathost:
Download Now
Direct Link Tusfiles:
Download Now

Labels:

Comments

Post a Comment

Popular posts from this blog

Web Hacking 101

With a Foreword written by HackerOne Co-Founders Michiel Prins and Jobert Abma, Web Hacking 101 is about the ethical exploration of software for security issues but learning to hack isn't always easy. With few exceptions, existing books are overly technical, only dedicate a single chapter to website vulnerabilities or don't include any real world examples. This book is different. Using publicly disclosed vulnerabilities, Web Hacking 101 explains common web vulnerabilities and will show you how to start finding vulnerabilities and collecting bounties.
Post a Comment
Read more

High Performance Cloud Auditing

This eBook mainly focuses on cloud security and high performance computing for cloud auditing. The eBook discusses emerging challenges and techniques developed for high performance semantic cloud auditing, and presents the state of the art in cloud auditing, computing and security techniques with focus on technical aspects and feasibility of auditing issues in federated cloud computing environments.
Post a Comment
Read more

Hack-X-Crypt (By Ujjwal Sahay)

This is basically a straight forward guide towards ethical hacking and cyber security.Computer hacking is the practice of altering computer hardware and software to carry out a goal outside of the creator‘s original intention. People who slot in computer hacking actions and activities are often entitled as hackers. The majority of people assume that hackers are computer criminals. They fall short to identify the fact that criminals and hackers are two entirely unrelated things.
Post a Comment
Read more