| Abstract |
Modern web browsers offer developers a wide variety of powerful features,
enabling them to push web application logic to the user side increasingly. This paradigm
shift aims to improve end-user quality of experience by minimizing the latency and
increasing the scalability of web services.
At the core of these features lie browser extensions, which have access to a rich
set of tools so that they can satisfy unique user needs, like customizing the user interface
or blocking ads. Extensions have also seen wide adoption in the industry, becoming a very
popular avenue for companies in the web ecosystem to deploy and maintain the client
side logic of their services. Unfortunately, malicious actors often exploit extensions to
launch Man-in-the-Browser attacks, where they serve as a vehicle for spying, phishing and
fraud at the expense of unknowing users. In some cases, compromising a privileged user
opens up a more potent attack vector against the web service or its broad userbase.
Motivated by the lack of effective countermeasures by major browser vendors,
this thesis proposes WRIT, a practical framework that enables websites and web service
providers to protect critical functionality from malicious extension abuse. WRIT's primary
objective is to establish and maintain a trusted execution environment isolated both from
conventional client-sided code and extensions, where security-sensitive code can be
deployed and run safely. WRIT then provides the necessary tools to attest the integrity of
outgoing web requests and verify their authenticity, ensuring they were triggered by a
user's action and not by a malicious extension.
We evaluate WRIT's security properties by analyzing the possible attacks
extensions
can launch against a web service's client-sided code and WRIT itself. Each attack scenario
is executed and tested against WRIT in practice through an individual custom extension.
We also conduct a performance evaluation testing WRIT's prototype implementation
under varying network conditions. Our experimental results show that it adds a negligible
7.29 ms latency to sensitive actions triggered by users, such as posting a message on social
media.
|
Developing an isolated in-browser platform for security applications against malicious browser extensions
