کد مقاله | کد نشریه | سال انتشار | مقاله انگلیسی | نسخه تمام متن |
---|---|---|---|---|
4955590 | 1444222 | 2016 | 30 صفحه PDF | دانلود رایگان |
عنوان انگلیسی مقاله ISI
Colluding browser extension attack on user privacy and its implication for web browsers
دانلود مقاله + سفارش ترجمه
دانلود مقاله ISI انگلیسی
رایگان برای ایرانیان
کلمات کلیدی
موضوعات مرتبط
مهندسی و علوم پایه
مهندسی کامپیوتر
شبکه های کامپیوتری و ارتباطات
پیش نمایش صفحه اول مقاله
چکیده انگلیسی
In this paper, we extend the concept of colluding extension discussed in the literature. Furthermore, we demonstrate a new attack that can leverage this concept and cause privacy leakage in a web browser. The communication between extensions permit two extensions to collude with each other, and share objects that are allocated in the same address space. As improvement on the work discussed in the literature, we show the way in which colluding extensions can communicate over overt and covert communication channels for executing colluding attacks. In addition, we test the effectiveness of newly identified attacks against representative state-of-art techniques for browser extensions. In particular, we identify: (a) object reference sharing; (b) event notification; and (c) preference overriding as the vulnerable points in the browser extension system. We illustrate the effectiveness of the proposed attack through colluding extensions using various attack scenarios, and we provide a proof-of-concept implementation for web domains including the banking and shopping domains. We believe that the use-case scenarios we consider in our demonstration further underlines the severity of the presented attack. Finally, we discuss possible mitigation techniques to address the given colluding attack.
ناشر
Database: Elsevier - ScienceDirect (ساینس دایرکت)
Journal: Computers & Security - Volume 63, November 2016, Pages 14-28
Journal: Computers & Security - Volume 63, November 2016, Pages 14-28
نویسندگان
Anil Saini, Manoj Singh Gaur, Vijay Laxmi, Mauro Conti,