Abstract:
Many browser extensions process sensitive information, such as bookmarks and browsing history that are available from the browsers, and social security number and passwor...Show MoreMetadata
Abstract:
Many browser extensions process sensitive information, such as bookmarks and browsing history that are available from the browsers, and social security number and password that are shown on Web pages. Thus, an increasing interest has been growing among attackers to exploit this new attacking platform to compromise browser security. The most common attacks from malicious extensions include accessing users' sensitive information and leaking them to unauthorized third parties. Some recent studies discussed the possible attacks launched from malicious extensions but few proposed practical solutions to address the issue. In this paper, we present the ExtensionGuard, an optimized and customizable dynamic taint tracking system that can closely track the sensitive information processed by browser extensions, and detect any information leakage events at runtime. We evaluate ExtensionGuard against a set of malicious and benign extensions. The evaluation results show that ExtensionGuard is able to effectively mitigate various information leakage attacks without incurring high performance overhead.
Date of Conference: 17-19 October 2016
Date Added to IEEE Xplore: 23 February 2017
ISBN Information: