Your browser does not support JavaScript!

Post-graduate theses

Current Record: 30 of 787

Back to Results Previous page
Next page
Add to Basket
[Add to Basket]
Identifier 000443703
Title Developing an isolated in-browser platform for security applications against malicious browser extensions
Alternative Title Αναπτύσσοντας μία απομονωμένη πλατφόρμα εντός περιηγητή για εφαρμογές ασφάλειας εναντίον κακόβουλων επεκτάσεων
Author Καράμπελας, Απόστολος-Παράσχος Ι.
Thesis advisor Πρατικάκης, Πολύβιος
Reviewer Ιωαννίδης, Σωτήρης
Μαγκούτης, Κωνσταντίνος
Abstract Modern web browsers offer developers a wide variety of powerful features, enabling them to push web application logic to the user side increasingly. This paradigm shift aims to improve end-user quality of experience by minimizing the latency and increasing the scalability of web services. At the core of these features lie browser extensions, which have access to a rich set of tools so that they can satisfy unique user needs, like customizing the user interface or blocking ads. Extensions have also seen wide adoption in the industry, becoming a very popular avenue for companies in the web ecosystem to deploy and maintain the client side logic of their services. Unfortunately, malicious actors often exploit extensions to launch Man-in-the-Browser attacks, where they serve as a vehicle for spying, phishing and fraud at the expense of unknowing users. In some cases, compromising a privileged user opens up a more potent attack vector against the web service or its broad userbase. Motivated by the lack of effective countermeasures by major browser vendors, this thesis proposes WRIT, a practical framework that enables websites and web service providers to protect critical functionality from malicious extension abuse. WRIT's primary objective is to establish and maintain a trusted execution environment isolated both from conventional client-sided code and extensions, where security-sensitive code can be deployed and run safely. WRIT then provides the necessary tools to attest the integrity of outgoing web requests and verify their authenticity, ensuring they were triggered by a user's action and not by a malicious extension. We evaluate WRIT's security properties by analyzing the possible attacks extensions can launch against a web service's client-sided code and WRIT itself. Each attack scenario is executed and tested against WRIT in practice through an individual custom extension. We also conduct a performance evaluation testing WRIT's prototype implementation under varying network conditions. Our experimental results show that it adds a negligible 7.29 ms latency to sensitive actions triggered by users, such as posting a message on social media.
Language English
Issue date 2021-11-26
Collection   School/Department--School of Sciences and Engineering--Department of Computer Science--Post-graduate theses
  Type of Work--Post-graduate theses
Permanent Link Bookmark and Share
Views 108

Digital Documents
No preview available

Download document
View document
Views : 3