skip to main content
10.1145/2046707.2046734acmconferencesArticle/Chapter ViewAbstractPublication PagesccsConference Proceedingsconference-collections
research-article

App isolation: get the security of multiple browsers with just one

Published: 17 October 2011 Publication History

Abstract

Many browser-based attacks can be prevented by using separate browsers for separate web sites. However, most users access the web with only one browser. We explain the security benefits that using multiple browsers provides in terms of two concepts: entry-point restriction and state isolation. We combine these concepts into a general app isolation mechanism that can provide the same security benefits in a single browser. While not appropriate for all types of web sites, many sites with high-value user data can opt in to app isolation to gain defenses against a wide variety of browser-based attacks. We implement app isolation in the Chromium browser and verify its security properties using finite-state model checking. We also measure the performance overhead of app isolation and conduct a large-scale study to evaluate its adoption complexity for various types of sites, demonstrating how the app isolation mechanisms are suitable for protecting a number of high-value Web applications, such as online banking.

References

[1]
R. Cook, "The Next Big Browser Exploit," CSO Magazine, p. 15, Feb 2008.
[2]
E. Iverson, "Two Web Browsers can be More Secure than One." {Online}. Available: http://www.blueridgenetworks.com/securitynowblog/dual-web-browsers-can-avoid-information-disclosures
[3]
D. Jang, R. Jhala, S. Lerner, and H. Shacham, "An empirical study of privacy-violating information flows in JavaScript web applications," in phProceedings of the 17th ACM Conference on Computer and Communications Security. ACM, 2010, pp. 270--283.
[4]
C. Jackson, A. Bortz, D. Boneh, and J. C. Mitchell, "Protecting browser state from web privacy attacks," in Proceedings of the 15th International Conference on World Wide Web, ser. WWW '06. New York, NY, USA: ACM, 2006, pp. 737--744. {Online}. Available: http://doi.acm.org/10.1145/1135777.1135884
[5]
E. Felten and M. Schneider, "Timing attacks on web privacy," in Proceedings of the 7th ACM Conference on Computer and Communications Security. ACM, 2000, pp. 25--32.
[6]
A. Barth, C. Jackson, and C. Reis, "The Security Architecture of the Chromium Browser," 2008 Technical Report.
[7]
Mozilla Foundation Security Advisory 2009--29, "Arbitrary code execution using event listeners." {Online}. Available: http://www.mozilla.org/security/announce/2009/mfsa2009-29.html
[8]
Mozilla, "Test Pilot," https://testpilot.mozillalabs.com/.
[9]
D. Akhawe, A. Barth, P. E. Lam, J. Mitchell, and D. Song, "Towards a Formal Foundation of Web Security," Computer Security Foundations Symposium, Proceedings of, IEEE, vol. 0, pp. 290--304, 2010.
[10]
Mozilla, "Prism," http://prism.mozillalabs.com/.
[11]
T. Ditchendorf, "Fluid," http://fluidapp.com/.
[12]
M. Silbey and P. Brundrett, "Understanding and working in Protected Mode Internet Explorer," 2006, http://msdn.microsoft.com/en-us/library/bb250462.aspx.
[13]
C. Grier, S. Tang, and S. T. King, "Secure Web Browsing with the OP Web Browser," in IEEE Symposium on Security and Privacy, 2008, pp. 402--416.
[14]
H. J. Wang, C. Grier, A. Moshchuk, S. T. King, P. Choudhury, and H. Venter, "The Multi-Principal OS Construction of the Gazelle Web Browser," in USENIX Security Symposium, 2009, pp. 417--432.
[15]
L.-S. Huang, Z. Weinberg, C. Evans, and C. Jackson, "Protecting Browsers from Cross-Origin CSS Attacks," in ACM Conference on Computer and Communications Security), 2010.
[16]
R. S. Cox, S. D. Gribble, H. M. Levy, and J. G. Hansen, "A Safety-Oriented Platform for Web Applications," in IEEE Symposium on Security and Privacy, 2006, pp. 350--364.
[17]
S. Crites, F. Hsu, and H. Chen, "OMash: enabling secure web mashups via object abstractions," in ACM Conference on Computer and Communications Security, 2008, pp. 99--108.
[18]
S. Stamm, B. Sterne, and G. Markham, "Reining in the Web with Content Security Policy," in International Conference on World Wide Web (WWW), 2010.
[19]
T. Oda, G. Wurster, P. V. Oorschot, and A. Somayaji, "SOMA: Mutual Approval for Included Content in Web Pages," in ACM Conference on Computer and Communications Security, 2008.
[20]
L. D. Baron. (2010) Preventing attacks on a user's history through CSS:visited selectors. {Online}. Available: http://dbaron.org/mozilla/visited-privacy
[21]
Z. Weinberg, E. Y. Chen, P. Jayaraman, and C. Jackson, "I Still Know What You Visited Last Summer: Leaking browsing history via user interaction and side channel attacks," in IEEE Symposium on Security and Privacy, 2011.
[22]
D. Morin, "Announcing Facebook Connect," 2008, https://developers.facebook.com/blog/post/108/.
[23]
E. Hammer-Lahav, "Web Host Metadata," 2010, http://tools.ietf.org/html/draft-hammer-hostmeta-13.
[24]
C. Jackson and A. Barth, "Beware of Finer-Grained Origins," in Web 2.0 Security and Privacy, 2008.
[25]
Google, "Packaged Apps," http://code.google.com/chrome/extensions/apps.html.
[26]
Mozilla, "Manifest File," https://developer.mozilla.org/en/OpenWebApps/The_Manifest.
[27]
Google, "Verified Author," http://www.google.com/support/chrome_webstore/bin/answer.py?hl=en&answer=173657.
[28]
G. Aggarwal, E. Bursztein, C. Jackson, and D. Boneh, "An Analysis of Private Browsing Modes in Modern Browsers," in USENIX Security Symposium, 2010, pp. 79--94.
[29]
C. Reis and S. D. Gribble, "Isolating Web Programs in Modern Browser Architectures," in ACM European Conference on Computer Systems (EuroSys), 2009.
[30]
D. Jackson, "Alloy: a lightweight object modelling notation," ACM Transactions on Software Engineering and Methodology (TOSEM), vol. 11, no. 2, pp. 256--290, 2002.
[31]
----, Software Abstractions: Logic, Language, and Analysis.\hskip 1em plus 0.5em minus 0.4em\relax The MIT Press, 2006.
[32]
F. Kerschbaum, "Simple cross-site attack prevention," in Security and Privacy in Communications Networks and the Workshops, 2007. SecureComm 2007. Third International Conference on, Sept. 2007, pp. 464 --472.
[33]
Mozilla, "CSP specification," 2011, https://wiki.mozilla.org/Security/CSP/Specification#Report-Only_mode.

Cited By

View all
  • (2023)Analysis of OSPU security effect and data assembly verification under semi-network OS architectureInternational Journal of Information Security10.1007/s10207-023-00702-122:5(1497-1509)Online publication date: 18-May-2023
  • (2020)Context-Aware IPv6 Address HoppingInformation and Communications Security10.1007/978-3-030-41579-2_31(539-554)Online publication date: 18-Feb-2020
  • (2019)Towards Further Formal Foundation of Web Security: Expression of Temporal Logic in Alloy and Its Application to a Security Model With CacheIEEE Access10.1109/ACCESS.2019.29206757(74941-74960)Online publication date: 2019
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
CCS '11: Proceedings of the 18th ACM conference on Computer and communications security
October 2011
742 pages
ISBN:9781450309486
DOI:10.1145/2046707
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 17 October 2011

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. cross-site request forgery
  2. cross-site scripting
  3. isolation
  4. security modeling
  5. web application security
  6. web browser architecture

Qualifiers

  • Research-article

Conference

CCS'11
Sponsor:

Acceptance Rates

CCS '11 Paper Acceptance Rate 60 of 429 submissions, 14%;
Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '25

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)46
  • Downloads (Last 6 weeks)1
Reflects downloads up to 08 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2023)Analysis of OSPU security effect and data assembly verification under semi-network OS architectureInternational Journal of Information Security10.1007/s10207-023-00702-122:5(1497-1509)Online publication date: 18-May-2023
  • (2020)Context-Aware IPv6 Address HoppingInformation and Communications Security10.1007/978-3-030-41579-2_31(539-554)Online publication date: 18-Feb-2020
  • (2019)Towards Further Formal Foundation of Web Security: Expression of Temporal Logic in Alloy and Its Application to a Security Model With CacheIEEE Access10.1109/ACCESS.2019.29206757(74941-74960)Online publication date: 2019
  • (2017)Surviving the WebACM Computing Surveys10.1145/303892350:1(1-34)Online publication date: 6-Mar-2017
  • (2017)Revisiting Browser Security in the Modern Era: New Data-Only Attacks and Defenses2017 IEEE European Symposium on Security and Privacy (EuroS&P)10.1109/EuroSP.2017.39(366-381)Online publication date: Apr-2017
  • (2017)Modelling and Mitigation of Cross-Origin Request Attacks on Federated Identity Management Using Cross Origin Request PolicyInformation Systems Security10.1007/978-3-319-72598-7_16(263-282)Online publication date: 2-Dec-2017
  • (2016)RadiatusProceedings of the Seventh ACM Symposium on Cloud Computing10.1145/2987550.2987571(237-250)Online publication date: 5-Oct-2016
  • (2016)Implementation of the huffman coding algorithm in windows 10 IoT core2016 8th International Conference on Electronics, Computers and Artificial Intelligence (ECAI)10.1109/ECAI.2016.7861103(1-6)Online publication date: Jun-2016
  • (2016)Micro-policies for Web Session Security2016 IEEE 29th Computer Security Foundations Symposium (CSF)10.1109/CSF.2016.20(179-193)Online publication date: Jun-2016
  • (2016)Privilege-Based Scoring System Against Cross-Site Scripting Using Machine LearningArtificial Intelligence and Evolutionary Computations in Engineering Systems10.1007/978-81-322-2656-7_54(591-598)Online publication date: 6-Feb-2016
  • Show More Cited By

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media