Back to Search
Start Over
WebEnclave: Protect Web Secrets From Browser Extensions With Software Enclave
- Source :
- IEEE Transactions on Dependable and Secure Computing. 19:3055-3070
- Publication Year :
- 2022
- Publisher :
- Institute of Electrical and Electronics Engineers (IEEE), 2022.
-
Abstract
- Browser extensions are widely used nowadays to customize users' browsers with more functionalities, meanwhile introduce potential risks due to escalated privileges. Existing security mechanisms, such as Same Origin Policy and Content Security Policy, do not apply to browser extensions that can read and write on web applications at any time. In spite of the state-of-art industrial efforts that rely on centralized management to inspect and detect malicious behaviors massively, the detection-based method cannot analyze fast-evolving behaviors of malicious browser extensions. To this end, we adopt a novel approach to protect users from malicious browser extensions, where we consider the problem of malicious extensions on the side of web applications. From a high level point of view, web developers are allowed to specify sensitive parts in a web application by using our provided software enclave. With our proposed WebEnclave extension installed, when users visit a web application, sensitive information required for the web application to work normally is sealed into an isolated world locally that malicious extensions cannot access. Extensive evaluation of our built prototype shows it can effectively protect user secrets from malicious extensions with negligible performance overhead and usability inconvenience. We also publish source codes for public use.
- Subjects :
- Same-origin policy
Source code
business.industry
Computer science
media_common.quotation_subject
Overhead (engineering)
Usability
Content Security Policy
Computer security
computer.software_genre
Internet security
Information sensitivity
Web application
Electrical and Electronic Engineering
business
computer
media_common
Subjects
Details
- ISSN :
- 21609209 and 15455971
- Volume :
- 19
- Database :
- OpenAIRE
- Journal :
- IEEE Transactions on Dependable and Secure Computing
- Accession number :
- edsair.doi...........cf314c063992b1d25cabf43a6e597fdf