• Effective detection of vulnera...

Treffer: Effective detection of vulnerable and malicious browser extensions

Title:
Effective detection of vulnerable and malicious browser extensions
Authors:
SHAHRIAR, Hossain, WELDEMARIAM, Komminist, ZULKERNINE, Mohammad, LUTELLIER, Thibaud
Source:
Special issue on trust in cyber, physical and social computingComputers & security. 47:66-84
Publisher Information:
Amsterdam: Elsevier, 2014.
Publication Year:
2014
Physical Description:
print, 1 p.1/4
Original Material:
INIST-CNRS
Subject Terms:
Computer science, Informatique, Security, safety, Sécurité (multidisciplinaire, général), Sciences exactes et technologie, Exact sciences and technology, Sciences et techniques communes, Sciences and techniques of general use, Mathematiques, Mathematics, Probabilités et statistiques, Probability and statistics, Théorie des probabilités et processus stochastiques, Probability theory and stochastic processes, Processus de markov, Markov processes, Sciences appliquees, Applied sciences, Informatique; automatique theorique; systemes, Computer science; control theory; systems, Informatique théorique, Theoretical computing, Recherche information. Graphe, Information retrieval. Graph, Logiciel, Software, Systèmes informatiques et systèmes répartis. Interface utilisateur, Computer systems and distributed systems. User interface, Organisation des mémoires. Traitement des données, Memory organisation. Data processing, Gestion des mémoires et des fichiers (y compris la protection et la sécurité des fichiers), Memory and file management (including protection and security), Agression, Aggression, Agresión, Analyse information, Information analysis, Architecture basée modèle, Model driven architecture, Arquitectura basada modelo, Attaque informatique, Computer attack, Ataque informática, Collecte donnée, Data gathering, Recolección dato, Elargissement, Widening, Ensanche, Extension, Extensión, Extraction forme, Pattern extraction, Extracción forma, Flux donnée, Data flow, Flujo datos, Flux information, Information flow, Flujo información, Internet, Modèle Markov caché, Hidden Markov model, Modelo Markov oculto, Modélisation, Modeling, Modelización, Méthode heuristique, Heuristic method, Método heurístico, Navigation information, Information browsing, Navegacíon informacíon, Plugiciel, Plug in software, Plugicial, Politique, Policy, Política, Prototype, Prototipo, Risque élevé, High risk, Riesgo alto, Réseau web, World wide web, Red WWW, Scénario, Script, Argumento, Signature électronique, Digital signature, Firma numérica, Similitude, Similarity, Similitud, Sécurité informatique, Computer security, Seguridad informatica, Traitement flux donnée, Data flow processing, Vulnérabilité, Vulnerability, Vulnerabilidad, Exécution croisée de code, Cross-site scripting, Secuencias de comandos en sitios cruzados, Injection SQL, SQL injection, Inyección SQL, Logiciel malveillant, Malware, Código malicioso, Programmation coté client, End-user programming, Programación del lado del cliente, Browser extensions, Hidden Markov Model, JavaScript, Web security
Document Type:
Fachzeitschrift Article
File Description:
text
Language:
English
Author Affiliations:
Department of Computer Science, Kennesaw State University, Kennesaw, GA 30144, United States
School of Computing, Queen's University, Kingston, Ontario K7L 3N6, Canada
IBM Research - Africa, CUEA, Langata Road, Nairobi, Kenya
ISSN:
0167-4048
Access URL:
http://pascal-francis.inist.fr/vibad/index.php?action=search&terms=28858572
Rights:
Copyright 2015 INIST-CNRS
CC BY 4.0
Sauf mention contraire ci-dessus, le contenu de cette notice bibliographique peut être utilisé dans le cadre d’une licence CC BY 4.0 Inist-CNRS / Unless otherwise stated above, the content of this bibliographic record may be used under a CC BY 4.0 licence by Inist-CNRS / A menos que se haya señalado antes, el contenido de este registro bibliográfico puede ser utilizado al amparo de una licencia CC BY 4.0 Inist-CNRS
Notes:
Computer science; theoretical automation; systems

Mathematics
Accession Number:
edscal.28858572
Database:
PASCAL Archive

Weitere Informationen

Unsafely coded browser extensions can compromise the security of a browser, making them attractive targets for attackers as a primary vehicle for conducting cyber-attacks. Among others, the three factors making vulnerable extensions a high-risk security threat for browsers include: i) the wide popularity of browser extensions, ii) the similarity of browser extensions with web applications, and iii) the high privilege of browser extension scripts. Furthermore, mechanisms that specifically target to mitigate browser extension-related attacks have received less attention as opposed to solutions that have been deployed for common web security problems (such as SQL injection, XSS, logic flaws, client-side vulnerabilities, drive-by-download, etc.). To address these challenges, recently some techniques have been proposed to defend extension-related attacks. These techniques mainly focus on information flow analysis to capture suspicious data flows, impose privilege restriction on API calls by malicious extensions, apply digital signatures to monitor process and memory level activities, and allow browser users to specify policies in order to restrict the operations of extensions. This article presents a model-based approach to detect vulnerable and malicious browser extensions by widening and complementing the existing techniques. We observe and utilize various common and distinguishing characteristics of benign, vulnerable, and malicious browser extensions. These characteristics are then used to build our detection models, which are based on the Hidden Markov Model constructs. The models are well trained using a set of features extracted from a number of browser extensions together with user supplied specifications. Along the course of this study, one of the main challenges we encountered was the lack of vulnerable and malicious extension samples. To address this issue, based on our previous knowledge on testing web applications and heuristics obtained from available vulnerable and malicious extensions, we have defined rules to generate training samples. The approach is implemented in a prototype tool and evaluated using a number of Mozilla Firefox extensions. Our evaluation indicated that the approach not only detects known vulnerable and malicious extensions, but also identifies previously undetected extensions with a negligible performance overhead.