Analyzing Information Flow in JavaScript-Based Browser Extensions

14 years 6 months ago

Download www.cs.rutgers.edu

JavaScript-based browser extensions (JSEs) enhance the core functionality of web browsers by improving their look and feel, and are widely available for commodity browsers. To enable a rich set of functionalities, browsers typically execute JSEs with elevated privileges. For example, unlike JavaScript code in a web application, code in a JSE is not constrained by the same-origin policy. Malicious JSEs can misuse these privileges to compromise conﬁdentiality and integrity, e.g., by stealing sensitive information, such as cookies and saved passwords, or executing arbitrary code on the host system. Even if a JSE is not overtly malicious, vulnerabilities in the JSE and the browser may allow a remote attacker to compromise browser security. We present Sabre (Security Architecture for Browser Extensions), a system that uses in-browser informationﬂow tracking to analyze JSEs. Sabre associates a label with each in-memory JavaScript object in the browser, which determines whether the objec...

Mohan Dhawan, Vinod Ganapathy

Real-time Traffic

ACSAC 2009 | Browser Extensions | Sabre | Security Privacy | Sensitive Information |

claim paper

Post Info
More Details (n/a)

Added	18 May 2010
Updated	18 May 2010
Type	Conference
Year	2009
Where	ACSAC
Authors	Mohan Dhawan, Vinod Ganapathy

Comments (0)

Sciweavers

Analyzing Information Flow in JavaScript-Based Browser Extensions

ACSAC 2009 | Browser Extensions | Sabre | Security Privacy | Sensitive Information |

Explore & Download

Productivity Tools

Document Tools

Image Tools

Sciweavers