Memoirs of a Browser: A Cross-browser Detection Model for Privacy-breaching Extensions

C. Giuffrida; S. Ortolani; B. Crispo

doi:10.1145/2414456.2414461

Memoirs of a Browser: A Cross-browser Detection Model for Privacy-breaching Extensions

C. Giuffrida, S. Ortolani, B. Crispo

Research output: Chapter in Book / Report / Conference proceeding › Conference contribution › Academic › peer-review

Abstract

Web browsers are undoubtedly one of the most popular user applications. This is even more evident in recent times, with Google introducing a platform where the browser is the only application provided to the user. With their modular and extensible architecture, modern browsers are also an appealing platforms for third-party software developers, who can easily publish new extensions to extend any standard web browser functionality. Extendability is a crucial feature that makes web browsers a very attractive service platform. From a security perspective, however, extensions opened up new opportunities for attacks. Most extensions do not require any special privilege to be installed, despite their ability to access all the user private data. Delegating the decision about extension's security to trusted parties is not a conclusive solution, given that privacy-breaching behavior has been found even in store-approved extensions.

Original language	English
Title of host publication	Proceedings of the 7th ACM Symposium on Information, Computer and Communications Security
Publisher	ACM
Pages	10-11
ISBN (Electronic)	978-1-4503-1648-4
DOIs	https://doi.org/10.1145/2414456.2414461
Publication status	Published - 2012

UN SDGs

This output contributes to the following UN Sustainable Development Goals (SDGs)

Access to Document

10.1145/2414456.2414461

Persistent URL (handle)

Persistent link

Cite this

@inproceedings{ca39073726bd4f4db0cdb5c2c036907e,

title = "Memoirs of a Browser: A Cross-browser Detection Model for Privacy-breaching Extensions",

abstract = "Web browsers are undoubtedly one of the most popular user applications. This is even more evident in recent times, with Google introducing a platform where the browser is the only application provided to the user. With their modular and extensible architecture, modern browsers are also an appealing platforms for third-party software developers, who can easily publish new extensions to extend any standard web browser functionality. Extendability is a crucial feature that makes web browsers a very attractive service platform. From a security perspective, however, extensions opened up new opportunities for attacks. Most extensions do not require any special privilege to be installed, despite their ability to access all the user private data. Delegating the decision about extension's security to trusted parties is not a conclusive solution, given that privacy-breaching behavior has been found even in store-approved extensions.",

author = "C. Giuffrida and S. Ortolani and B. Crispo",

year = "2012",

doi = "10.1145/2414456.2414461",

language = "English",

pages = "10--11",

booktitle = "Proceedings of the 7th ACM Symposium on Information, Computer and Communications Security",

publisher = "ACM",

}

TY - GEN

T1 - Memoirs of a Browser: A Cross-browser Detection Model for Privacy-breaching Extensions

AU - Giuffrida, C.

AU - Ortolani, S.

AU - Crispo, B.

PY - 2012

Y1 - 2012

N2 - Web browsers are undoubtedly one of the most popular user applications. This is even more evident in recent times, with Google introducing a platform where the browser is the only application provided to the user. With their modular and extensible architecture, modern browsers are also an appealing platforms for third-party software developers, who can easily publish new extensions to extend any standard web browser functionality. Extendability is a crucial feature that makes web browsers a very attractive service platform. From a security perspective, however, extensions opened up new opportunities for attacks. Most extensions do not require any special privilege to be installed, despite their ability to access all the user private data. Delegating the decision about extension's security to trusted parties is not a conclusive solution, given that privacy-breaching behavior has been found even in store-approved extensions.

AB - Web browsers are undoubtedly one of the most popular user applications. This is even more evident in recent times, with Google introducing a platform where the browser is the only application provided to the user. With their modular and extensible architecture, modern browsers are also an appealing platforms for third-party software developers, who can easily publish new extensions to extend any standard web browser functionality. Extendability is a crucial feature that makes web browsers a very attractive service platform. From a security perspective, however, extensions opened up new opportunities for attacks. Most extensions do not require any special privilege to be installed, despite their ability to access all the user private data. Delegating the decision about extension's security to trusted parties is not a conclusive solution, given that privacy-breaching behavior has been found even in store-approved extensions.

UR - https://www.scopus.com/pages/publications/84871975712

UR - https://www.scopus.com/inward/citedby.url?scp=84871975712&partnerID=8YFLogxK

U2 - 10.1145/2414456.2414461

DO - 10.1145/2414456.2414461

M3 - Conference contribution

SP - 10

EP - 11

BT - Proceedings of the 7th ACM Symposium on Information, Computer and Communications Security

PB - ACM

ER -

Memoirs of a Browser: A Cross-browser Detection Model for Privacy-breaching Extensions

Abstract

UN SDGs

Access to Document

Persistent URL (handle)

Other files and links

Fingerprint

Cite this