Skip to main content

Techniques & Tools For Secure Web Browser

Many modern application platforms support an extensible architecture that allows the application core to be extended with functionality developed by third-parties. This bootstraps a developer community that works together to enhance and customize the basic functionality of those platforms. To ease development of such extensions, these platforms expose an API that third-parties can use to implement their functionality.

These APIs usually endow extension developers with privileges to access various system resources. However, to isolate the platform from any new security threats caused by these untrusted extensions, the API must ideally restrict extensions’ authority.

Thus, an important challenge is to simplify extension programming for the third-party developers while ensuring that these extensions do not compromise the security of the application core.

This dissertation seeks to address the above issues in the context of Web browser extensions. It presents algorithms and tools to facilitate secure Web browser extension development.

In particular, it makes the following two contributions. First, it studies and characterizes the security of a modern Web browser extension architecture, the Mozilla Jetpack framework — proposes solutions to improve the security of the architecture and extensions developed on top of it.

It presents Beacon, which leverages JavaScript-level information flow technique to detect unsafe programming practices in browser extensions.

Upon analyzing 68000 lines of JavaScript code from modern extension framework and real world extensions, Beacon found 36 instances of potentially unsafe programming practices. Second, it addresses the problem of porting unsafe legacy extensions to modern, privilege- separated extension architectures.

File Type: PDF
File Size: 769 KB
Total Pages: 112

Direct Link Mega:
Download Now
Direct Link AnonFiles:
Download Now
Direct Link Mediafire:
Download Now
Direct Link Solidfiles:
Download Now
Direct Link Sabercathost:
Download Now
Direct Link Tusfiles:
Download Now


Popular posts from this blog

Web Hacking 101

With a Foreword written by HackerOne Co-Founders Michiel Prins and Jobert Abma, Web Hacking 101 is about the ethical exploration of software for security issues but learning to hack isn't always easy. With few exceptions, existing books are overly technical, only dedicate a single chapter to website vulnerabilities or don't include any real world examples. This book is different. Using publicly disclosed vulnerabilities, Web Hacking 101 explains common web vulnerabilities and will show you how to start finding vulnerabilities and collecting bounties.

Android Things Quick Start Guide

Android Things is the new Android based Operating System for the Internet of Things. With this book you will learn the core concepts by running code examples on different peripherals. Android Things is the IoT platform made by Google, based on Android. It allows us to build smart devices in a simple and convenient way, leveraging on the Android ecosystem tools and libraries, while letting Google take care of security updates.

Programming QuickStart Box Set

This tutorial on HTML is designed specifically for aspiring developers and web designers. This tutorial is explained in enough detail with practical examples and a simple overview so that it can be easily understood by beginners and provides enough knowledge to design their own webpages. You can get a higher level of expertise with some practice.  HTML or Hyper Text Markup Language is the most commonly used language for developing web pages.