Enhancing web browser security against malware extensions (original) (raw)

Access this article

Log in via an institution

Subscribe and save

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

References

  1. eTrust~PestPatrol. Pests detected by PestPatrol and classified as browser helper object. http://www.pestpatrol.com/pestinfo%5Cbrowser_helper_object.asp, March 2005
  2. Firefox extension security project website. http://alcazar.sisl.rites.uic.edu/wiki/view/Main/ExtensibleWebBrowserSecurity
  3. Goldberg, I., Wagner, D., Thomas, R., Brewer, E.A.: A secure environment for untrusted helper applications: Confining the wily hacker. In: Sixth USENIX Security Symposium, San Jose, CA, USA (1996)
  4. Hallaraker, O., Vigna, G.: Detecting malicious JavaScript code in Mozilla. In: 10th IEEE International Conference on Engineering of Complex Computer Systems (ICECCS), Shanghai, China (2005)
  5. Kirda, E., Kruegel, C., Banks, G., Vigna, G., Kemmerer, R.A.: Behavior-based spyware detection. In: 15th USENIX Security Symposium, Vancouver, BC, Canada (2006)
  6. Kirk, J.: Trojan cloaks itself as Firefox extension. Infoworld magazine, July 2006
  7. Lampson B.W. (1973). A note on the confinement problem. Commun. ACM 16(10): 613–615
    Article Google Scholar
  8. Li, Z., Wang, X., Choi, J.Y.: SpyShield: Preserving privacy from spy add-ons. In: 10th International Symposium on Recent Advances in Intrusion Detection (RAID), Gold Coast, QLD, Australia (2007)
  9. Information from http://addons.mozilla.org
  10. Mozilla Firefox at Wikipedia http://en.wikipedia.org/wiki/Mozilla_Firefox
  11. Necula, G.C.: Proof-carrying code. In: 24th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL), Paris, France (1997)
  12. Reis, C., Dunagan, J., Wang, H.J., Dubrovsky, O., Esmeir, S.: BrowserShield: Vulnerability-driven filtering of dynamic HTML. In: 7th USENIX Symposium on Operating Systems Design and Implementation (OSDI), Seattle, WA, USA (2006)
  13. Sekar, R., Venkatakrishnan, V.N., Basu, S., Bhatkar, S., DuVarney, D.C.: Model carrying code: a practical approach for safe execution of untrusted applications. In: 19th ACM Symposium on Operating Systems Principles (SOSP), Bolton Landing, NY, USA (2003)
  14. Soghoian, C.: A remote vulnerability in Firefox extensions. http://paranoia.dubfire.net/2007/05/remote-vulnerability-in-firefox.html (2007)
  15. Ter Louw, M., Lim, J.S., Venkatakrishnan, V.N.: Extensible web browser security. In: 4th GI International Conference on Detection of Intrusions & Malware, and Vulnerability Assesment (DIMVA), Lucerne, Switzerland (2007)
  16. Tsyrklevich, E., Yee, B.: Dynamic detection and prevention of race conditions in file accesses. In: 12th USENIX Security Symposium, Washington, D.C., USA (2003)
  17. Ungar D. and Smith R.B. (1987). Self: The power of simplicity. ACM SIGPLAN Notices 22(12): 227–242
    Article Google Scholar
  18. Vogt, P., Nentwich, F., Jovanovic, N., Kirda, E., Kruegel, C., Vigna, G.: Cross-site scripting prevention with dynamic data tainting and static analysis. In: 14th Annual Network & Distributed System Security Symposium (NDSS), San Diego, CA, USA (2007)
  19. Wahbe, R., Lucco, S., Anderson, T., Graham, S.: Efficient software-based fault isolation. In: 14th ACM Symposium on Operating System Principles (SOSP), Asheville, NC, USA (1993)

Download references