| In order to reduce the hazard produced by web application attacks and vulnerable exploit,privilege separation is established as the second line of defense.The traditional approach for privilege separation in web applications is to divide an application into different components,each of which executes in different web origin owning different privileges.This limits the practicality of privilege separation since creating and maintaining multiple web origins has significant administrative overheads.In this paper,we studied current browser extension platform and privilege separation approaches thoroughly and found that privilege bundling and over-privilege are very pervasive in current browser extensions,which is very dangerous.However,current platform can't provide further limitation to these extensions.Therefore,we propose a new design for achieving effective privilege separation in browser extensions and implement it by JavaScript programming.Our approach utilizes Web Worker,concurrent,separated browser threads already implemented in modern browsers.The main work of this thesis is below:First,we implement this privilege separation system that consists of three modules.Second,we ensure the system's further security by enforcing five security invariants and implementing them.Last,we retrofit several Google Chrome extensions under our system and measure their memory and time performance.In our examples,we empirically show a good reduction in TCB and our system has no user-perceivable time latency.Although,our approach leads to a relative high memory increase,its absolute costs can be accepted.We do not advocate any changes to the underlying browser or require learning new high-level languages and require no additional web domains which contrast prior approaches.Since Web Worker has no access to DOM,those extensions that use Jquery library do not fit with our model. |
PDF Full Text Request