Skip to main content
SpringerLink
Log in

Enhancing web browser security against malware extensions

  • Original Paper
  • Published:
Journal in Computer Virology Aims and scope Submit manuscript

Abstract

In this paper we examine security issues of functionality extension mechanisms supported by web browsers. Extensions (or “plug-ins”) in modern web browsers enjoy unrestrained access at all times and thus are attractive vectors for malware. To solidify the claim, we take on the role of malware writers looking to assume control of a user’s browser space. We have taken advantage of the lack of security mechanisms for browser extensions and implemented a malware application for the popular Firefox web browser, which we call browserSpy, that requires no special privileges to be installed. browserSpy takes complete control of the user’s browser space, can observe all activity performed through the browser and is undetectable. We then adopt the role of defenders to discuss defense strategies against such malware. Our primary contribution is a mechanism that uses code integrity checking techniques to control the extension installation and loading process. We describe two implementations of this mechanism: a drop-in solution that employs JavaScript and a faster, in-browser solution that makes uses of the browser’s native cryptography implementation. We also discuss techniques for runtime monitoring of extension behavior to provide a foundation for defending threats posed by installed extensions.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. eTrust~PestPatrol. Pests detected by PestPatrol and classified as browser helper object. http://www.pestpatrol.com/pestinfo%5Cbrowser_helper_object.asp, March 2005

  2. Firefox extension security project website. http://alcazar.sisl.rites.uic.edu/wiki/view/Main/ExtensibleWebBrowserSecurity

  3. Goldberg, I., Wagner, D., Thomas, R., Brewer, E.A.: A secure environment for untrusted helper applications: Confining the wily hacker. In: Sixth USENIX Security Symposium, San Jose, CA, USA (1996)

  4. Hallaraker, O., Vigna, G.: Detecting malicious JavaScript code in Mozilla. In: 10th IEEE International Conference on Engineering of Complex Computer Systems (ICECCS), Shanghai, China (2005)

  5. Kirda, E., Kruegel, C., Banks, G., Vigna, G., Kemmerer, R.A.: Behavior-based spyware detection. In: 15th USENIX Security Symposium, Vancouver, BC, Canada (2006)

  6. Kirk, J.: Trojan cloaks itself as Firefox extension. Infoworld magazine, July 2006

  7. Lampson B.W. (1973). A note on the confinement problem. Commun. ACM 16(10): 613–615

    Article  Google Scholar 

  8. Li, Z., Wang, X., Choi, J.Y.: SpyShield: Preserving privacy from spy add-ons. In: 10th International Symposium on Recent Advances in Intrusion Detection (RAID), Gold Coast, QLD, Australia (2007)

  9. Information from http://addons.mozilla.org

  10. Mozilla Firefox at Wikipedia http://en.wikipedia.org/wiki/Mozilla_Firefox

  11. Necula, G.C.: Proof-carrying code. In: 24th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL), Paris, France (1997)

  12. Reis, C., Dunagan, J., Wang, H.J., Dubrovsky, O., Esmeir, S.: BrowserShield: Vulnerability-driven filtering of dynamic HTML. In: 7th USENIX Symposium on Operating Systems Design and Implementation (OSDI), Seattle, WA, USA (2006)

  13. Sekar, R., Venkatakrishnan, V.N., Basu, S., Bhatkar, S., DuVarney, D.C.: Model carrying code: a practical approach for safe execution of untrusted applications. In: 19th ACM Symposium on Operating Systems Principles (SOSP), Bolton Landing, NY, USA (2003)

  14. Soghoian, C.: A remote vulnerability in Firefox extensions. http://paranoia.dubfire.net/2007/05/remote-vulnerability-in-firefox.html (2007)

  15. Ter Louw, M., Lim, J.S., Venkatakrishnan, V.N.: Extensible web browser security. In: 4th GI International Conference on Detection of Intrusions & Malware, and Vulnerability Assesment (DIMVA), Lucerne, Switzerland (2007)

  16. Tsyrklevich, E., Yee, B.: Dynamic detection and prevention of race conditions in file accesses. In: 12th USENIX Security Symposium, Washington, D.C., USA (2003)

  17. Ungar D. and Smith R.B. (1987). Self: The power of simplicity. ACM SIGPLAN Notices 22(12): 227–242

    Article  Google Scholar 

  18. Vogt, P., Nentwich, F., Jovanovic, N., Kirda, E., Kruegel, C., Vigna, G.: Cross-site scripting prevention with dynamic data tainting and static analysis. In: 14th Annual Network & Distributed System Security Symposium (NDSS), San Diego, CA, USA (2007)

  19. Wahbe, R., Lucco, S., Anderson, T., Graham, S.: Efficient software-based fault isolation. In: 14th ACM Symposium on Operating System Principles (SOSP), Asheville, NC, USA (1993)

Download references

Author information

Authors and Affiliations

  1. University of Illinois, Chicago, Illinois, USA

    Mike Ter Louw, Jin Soon Lim & V. N. Venkatakrishnan

Authors
  1. Mike Ter Louw
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jin Soon Lim
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. V. N. Venkatakrishnan
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Mike Ter Louw.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Ter Louw, M., Lim, J.S. & Venkatakrishnan, V.N. Enhancing web browser security against malware extensions. J Comput Virol 4, 179–195 (2008). https://doi.org/10.1007/s11416-007-0078-5

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11416-007-0078-5

Keywords

Search

Navigation