ArticlePDF Available

Web Browser Security: Different Attacks Detection and Prevention Techniques

Authors:
Shital Patil at Hon annasaheb dange college of ayurved ashta
Shital Patil
  • Hon annasaheb dange college of ayurved ashta
Raosaheb Chavan at Shri Guru Gobind Singhji Institute of Engineering and Technology
Raosaheb Chavan
Download full-text PDF
Read full-text
Download citation
Content uploaded by Raosaheb Chavan
Author content
All content in this area was uploaded by Raosaheb Chavan on May 16, 2018
Content may be subject to copyright.
International Journal of Computer Applications (0975 8887)
Volume 170 No.9, July 2017
35
Web Browser Security: Different Attacks Detection
and Prevention Techniques
Patil Shital Satish
M.Tech 2nd year
CSE, Department
SGGSIE & T
Nanded-431606
Chavan R. K.
Associate Professor
CSE, Department
SGGSIE & T
Nanded-431606
ABSTRACT
In this paper, we present a systematic study of how to make a
browser secure. Web browser is vulnerable to different
attacks; these attacks are performed due to vulnerabilities in
the UI of the web page, Browser cache memory, extensions,
plug-in. The Attacker can run malicious JavaScript to exploit
user system by using these vulnerabilities. Buffer overflow
attack, Cross-site-scripting, Man-in-the-middle, Extension
vulnerability, Extreme Phishing, Browser Cache poisoning,
Session hijacking, Drive-by-download, Click-jacking attacks
are discussed. Browser with electrolysis system and
sandboxed processes are discussed to prevent the browser
from attack.
General Terms
Chrome process, Sandboxed process, Web Extension,
Electrolysis
Keywords
Web application security, Heap overflow, Electrolysis,
Sandboxing
1. INTRODUCTION
In today's Internet world, security is a widespread term. Web,
Internet-based social networking turn into an essential part for
all persons. Security becomes an important issue because the
number of attacks against systems is increasing rapidly.
Attacks are performed to steal private as well as financial
information of a web user. Malicious content loaded into the
system without knowledge of a user is a frequent problem for
host systems. [40]Nature of problems is same for Smartphone,
Desktops. The malevolent substance, for example, infections,
Trojans, malware, and vulnerabilities in the frameworks are
significant threats.
Vulnerable system or vulnerabilities in the system is a
significant factor for the attack. Different Vulnerabilities are
used to perform different attack. The Most influential factors
in the accomplishment of a threat are the success of delivery
of a malware and its execution. By using SMTP execution of
threats become easy. Mailborne threats are commonly used to
entice the recipient into executing the malicious attachment.
The delivery mechanism does not depend upon user action
rather most common path is to exploit some application.
System framework defenselessness with a specific end goal to
pick up execution. Abusing vulnerabilities in the client
browser stipulates a component for malware to pick up
execution when the victim peruses a malicious page. [3] [23]
2. ROLE OF THE WEB
The Web is used as the file repository for downloading other
malicious files via HTTP. By using Trojan downloader
vulnerable client browser visits an attack site. Attacker loads
malicious script keeping in mind to infect the victim.
Spammed Email messages and attack websites are acclimated
lure victims to malicious code. Generally modest number of
exploits is utilized as a part of attacks in similar ways in order
to attack the system and install the malware. As shown in
figure.
Figure 1. Role of the Web
Malicious sites: Attacker compromises a legitimate site and
creates a new site used as a launch area for an attack.
According to Malicious scripts inquiry the client browser will
load the appropriate exploits for that browser. By Trading off
a website malicious substance is stacked into the pages for
conveyance and execution of threat. Users trust level is adapt
with browser configuration to render the page appropriately.
HTML provides the IFRAME tag which is most commonly
used in methods to compromise a site, which can be utilized
to load content into the page. Height and width attributes are
most relevant to malicious use. They can be used to control
the size of the frame in the host web page in which malicious
content is loaded.
3. THE WEB BROWSER
Web browsers are the underlying execution platform shared
between web applications. Major web browsers, including
Firefox, Chrome, Internet Explorer, Safari, and Opera,
provide extension features that allow user to modify behavior
of the browser as well as enhance its functionality and GUI
interface Network Module gets a site page and plans content
to be parsed by the HTML parser. The HTML parser creates a
DOM which can then invoke other execution engines like
JavaScript engine, CSS. The legitimate ow of processed
content between components. [31] [39] Following table shows
XPCOM Interface and Possible impact in web browser.
International Journal of Computer Applications (0975 8887)
Volume 170 No.9, July 2017
36
Table 1.XPCOM Interface and Possible Impact
XPCOM Interface
Possible Impact
nsIHistoryListener
Notifies when a new
document is open to third
party
nsIHttpChannel
Allows access to HTTP GET
query parameter
nsIPasswordManager
Might reveal user stored
password
nsIRDFDataSource
Write access critical data
objects(extension manager)
nsICookieManager
Expose user cookies
nsIDownloader
Download malicious file into
user system
3.1 Web Browser Architecture
A Browsing page or frame encloses presentable content and a
JavaScript execution environment such as heap or code that
interact with content [47]. Document Object Module (DOM)
has control over interaction with content. Nesting of browsing
context performed by using IFRAMES. They also read and
write persistent storage like cookies .A network requests can
issue implicitly in page content that references URL retrieved
over the network. Network request also can issue in
JavaScript using the XMLHttpRequest (XHR).They
communicate by sharing DOM objects. JavaScript language
used to display a client-side web page. Attacker attacks on the
website by using malicious JavaScript. JavaScript is
downloaded into the browser and executed by an embedded
interpreter. The centralized repository for extension is known
as "Add-On" in Mozilla and Web store in Chrome.
.Extensions can directly access private browsing information
such as cookies, history and password stores. DOM is
responsible for rendering a web page.
DOM Manipulation: The DOM is a Programming interface
used to interface with the document .This Programming
interface is accessible in various languages as a library. The
browser changes all HTML in a page to a tree in light of the
nesting. In the event that client need to change any HTML,
client can communicate with the DOM Programming
interface keeping in mind the end goal to do as such,
<html>
<head >
<script src="first.js">
</script >
</head >
<body> blah </body >
</html >
In first.js reference the body using:
onload=function()
{document.getElementsByTagName('body')[0].style.display=
none';}
The getElementsByTagName is a method of the document
object. Here manipulating the body element, this is a DOM
element. If someone wanted to traverse and find say,
onload = function()
{var els = document.getElementsByTagName('*');
for ( var i = els.length; i; )
{if (els[i].nodeType == 1&&
els[i].nodeName.toLowerCase() == 'span' ){ alert( els[i] )}}}
Traversing the nodeList given back by
getElementsByTagName , and looking for a span based on the
nodeName property. [41].
Mozilla Platform Browser code is written in different
languages like C, C++, and JavaScript. The Large code is
partitioned into the different small component and the
mechanism of integration of this code is called as Cross-
Platform Component Object Model. Each component has
unique classID and contractID and they implement one or
more interfaces. The functionality of a component specified
by using methods and variables which are included in
interfaces. Interfaces are reference counted. XPConnect
permits JavaScript program access and controls XPCOM
objects. It is utilized amongst DOM and JavaScript. All
interfaces of an XPCOM objects must be declared in XPIDL.
XPIDL compiler is utilized to create both C++ header files
and type lib files. The type-lib files are the binary
representation of at least one interface.
Figure 2.Mozilla Platform
JavaScript is utilized to access and manipulate objects in the
DOM to make a dynamic situation for documents.
XPConnect is utilized to find DOM object using
DOMClassInfo.[43] [44]
4. WEBEXTENSIONS
WebExtensions is a new browser extension API.
WebExtensions must be compatible with multiprocess
Firefox (Electrolysis) as well as changes to Firefox's internal
code should be less likely to break add-ons.
Table 2.Comparison between XUL extensions and Web
Extensions
XUL/XPCOM extensions
WebExtensions
Uses two manifest
files:1.install.rtf
2.chrome.manifest
Uses Only One manifest file:
manifest.json
Extensions can directly
manipulate XUL. API:
Customazible UI.jsm
WebExtensions does not get
direct access UI.
API: browser Action API, page
Action, commands, context
Menus
Get access to the full
privileged set of XPCOM
APIs and JavaScript code
modules through the
Components object. Access
to browser internal through
Browser.
Get access to a limited set of
JavaScript API through
background scripts. Also get a
window global with all the
DOM objects available on
normal web page.
International Journal of Computer Applications (0975 8887)
Volume 170 No.9, July 2017
37
Gets direct access to web
content using Browser
.Refactoring the code using
frame script for multiprocess.
Compatible by default, code that
interacts with web content using
the content script.
Localization: using local
statements inside the chrome.
Manifest then include
localized strings in UI
elements or in code.
Don’t have direct access. Supply
localized strings as a collection
of JSON files.
WebExtensions should be easier to use than the existing
Firefox XPCOM/XUL APIs. [4].Following figure shows
structure of WebExtensions.
Figure 3.WebExtensions Structure
4.1 Servo: Servo is a trial web browser and the objective is
to make another layout engine utilizing an advanced
programming language. It is created by Mozilla Research. The
model tries to make an exceedingly parallel condition, in
which numerous parts like rendering, design, HTML parsing,
image decoding are ne-grained, multiple isolated task. The
project is composed in the Rust programming language. Two
significant components are utilized by Servo depend on prior
C++ code from Mozilla. JavaScript support is given by
SpiderMonkey, and the 2D designs library .Sky blue is
utilized to interface with OpenGL and Direct3D utilizing
parallelism and code safety, to accomplish more prominent
security and execution versus contemporary programs. Servo
is likely to be combining Gecko for making available the
Servo API in Firefox.
4.2 Electrolysis and Sandboxing
Elecrolysis: In multiprocess Firefox there are two processes:
Chrome process and content process. The Chrome or parent
process runs browser chrome or UI as trusted process which
controls interaction with the underlying operating system. The
parent process is not sandboxed and has regular access to the
operating system. It can also access files, devices and network
resources. Chrome process should only run trusted code. [56]
A child process should run all untrusted web content. The
parent process also acts as a broker for privileged resource
requests from the child process.
Chrome privileged JavaScript code in one process can
communicate with chrome-privileged JavaScript code in a
different process by using Message manager. [55] 1) Frame
message manager: FMM enables chrome process code to
load a script into a browser frame in a single browser tab in
the content process. It is called as frame script and scope is
limited within the browser frame. 2) Content frame message
manager: A Content frame message manager is provided for
every open tab. It is the content-side end of frame message
manager conversations. Messages from Chrome message
managers end up when Frame scripts are loaded into the
content frame message manager scope. 3) Process message
manager: PMM corresponds to process boundaries. Process
boundaries enable code running in the parent (chrome)
process to communicate with code running in the child
(content) process. Chrome process uses the different message
manager such as global frame message manager, window
message managers, and browser message managers. This
operates on all frames, in all content tabs. If you load a frame
script using the global frame message manager, the script gets
loaded separately into every open tab. [57]
Figure 4 . Electrolysis and Sandboxing
Sandboxing: Sandboxing will be an effective security
control; Firefox must be split into two different processes
called as parent and child processes. The child processes is
responsible for running untrusted web content. Due to this
child process can be restricted to limit damage in the event of
the compromise. In the Electrolysis project parsing and
execution of web content is moved to a content process and
sandboxing is based on this process model. A child process is
untrusted and intended to run remote web content. [58] A
sandbox provides restricted privileges to the child process.
Child processes parses and executes html and JavaScript code
corresponding to a web page.
The Content process is nothing but a process which runs the
html code corresponding to a tab. This web content process is
responsible for parsing and executing all the web content
currently loaded in the browser tabs that are open. Content
processes contain privileged code responsible for the
implementation of DOM APIs and code which connects back
to the parent to load the resources. The content process is
sandboxed and prevented from direct resource access. The
Content process only has the ability to execute web content.
[33] [59]. Mozilla has several major changes lined up for
Firefox, including the Servo rendering engine and the
Electrolysis multi-process model. WebExtensions are
supported by Mozilla's Add-On repository service and it will
replace XUL based extensions.
5. ATTACKS ON BROWSER
5.1. Buffer Overflow: Buffer Overflow attacks are
specified by overwriting of memory segments of process.
Exceptions, segmentation faults, and other errors are occurred
because of overwriting values of the IP, BP, and other
registers. These errors bring execution of the application in an
unexpected way. [51] Heap Overflow: JEMalloc Memory
allocator is used in Firefox, vulnerable to a heap overflow. We
plan heap overflow by placing a victim object in the same run
International Journal of Computer Applications (0975 8887)
Volume 170 No.9, July 2017
38
to the vulnerable object. The victim that can help us achieve
arbitrary code execution.[61] Heap underflows: when heap
objects are very small to store input. Dangling pointers or
“use-after-free” error occurs when a program frees an object
that is still in use before the due time. Uninitialized reads:
when programs read from newly allocated objects such object
carry data of old freed object .[62]Stack-based attack: When
the submitted data of an input string is evaluated as a
command by the application the Format String exploit occurs.
It is Very easy to write program for BOF. [7] [15] [18]
/* Program for Buffer overflow Attack.*/
# include <stdio.h>
void f((char)) { char buffer [10]; strcpy ((buffer,s))}
void main ((void)) { f (("98765432109876543210")) }
This program will result in segmentation fault. A simple
mistake can lead to buffer overflow attack.It is very difficult
to prevent. [50]
5.2. Cross-Site Scripting: This vulnerability makes it
happen for attackers to inject malicious code like JavaScript
programs into victim’s web browser. Cross-Site Scripting
vulnerability allows assailants to infuse malicious code like
JavaScript projects into victim’s web program. Using this
malicious code, the attackers can steal the victim's credentials,
like cookies, and passwords. [52] The content of the HTML
page can be rewrite by using malicious scripts. Stored XSS
Attacks: It is also known as Persistent or Type-I XSS. Stored
attacks are the ones where the injected script is permanently
stored on the target servers. They can store in the database, in
a message forum, visitor log, comment field. Reflected XSS
Attacks: It is also known as Non-Persistent, Type- II XSS. In
this attack the infused script is reflected off the web server.
For example, in the hunt result every reaction that
incorporates the info sent to the server as a part of the request.
[6] [8] [16]
5.3. Man-in-the-Middle: This attack can be
accomplished by using arp poisoning, DNS spoofing methods.
A Man-in-the-middle attack also called as bucket brigade
attack. MITM is an attack where the assailant access and
perhaps modifies the correspondence between two gatherings
without their knowledge. [23]Victim believes they are directly
communicating with each other. Active eavesdropping is one
of the examples of a man-in-the-middle attack. In which the
attacker makes autonomous associations with the casualties
and retransmit messages between them to make them trust
that they are talking specifically to each other over a private
connection. Actually the whole discussion is controlled by the
attacker. The attacker must have the capacity to remove every
single relevant message going between the two casualties and
infuse new ones. [1] [11] [24]
5.4. Extension vulnerability: In Firefox extension
architecture same JavaScript namespace is shared between all
JavaScript extensions installed on a system .Any extension
can modify, read, write to other global namespace and
introduces namespace pollution problem. In extension reuse,
vulnerability attacker uses an existing extension to make API
calls and Resource access to hide malicious extension.
Extensions interact with web page without any explicit
request for MIME type. A browser extension has the same
privilege as the Browser itself. The extension additionally has
full access to browser and clients working system. Extensions
can change the usefulness of the program, behavior of site,
access to file framework. An active attacker regulates content
loaded via HTTP and reuse it .By replacing this script attacker
hijacks extensions privileges and install malware. A
JavaScript capacity break is another reason for misuse of
extension. [46] [47]
5.5. Extreme Phishing: This attack support dynamic
user interaction. Web Single Sign-On (SSO) systems are
significant trend in inline user authentication. OpenID and
OAuth are open Web SSO standards rapidly gaining adoption
on the Web. In this system one single IDP account is used to
sign on multiple RP websites. Web SSO phishing has three
distinctive characteristics: 1.Highly concentrated value of IdP
account.2.Highly enlarged attack surface area.3.difficulty in
detection of attack either by algorithms or by users. A
compromised IdP account enable attackers to impersonate the
victim on a wide range of RP websites. Second-level context
is used Rather than sending emails or phishing URLs.
Attacker can host their own legitimate RP website or web
page and lure users posting URLs Everywhere. An HTML
<div> element contains real popup browser window. Spoofing
the EV-SSL symbol and HTTPs URL address in the <div>
component should be possible by duplicating a total preview
of the symbol and the URL address. [45] [48]
5.6. Browser Cache Poisoning: Clicking through of
SSL warnings: While Accessing a website having invalid
certificate browser shows SSL warning. At that point the
client is accepted to close that website page to ensure against
MITM attack. If client disregards notices can be prompt
disastrous to the security and protection of the sessions.
Attacks against HTTPS: [26] 1. Man-In-The-Script-In-The-
Browser attack to avoid enhanced channel -ID based defenses.
Attacks via browser cache: 1. Timing attack performed on the
browser to sniff browsing history and steal user credentials as
well as private information. 2. Attacks by poisoning browser
web cache, HTML5 AppCache, HTTP cache .A tool called
airpoison is used in the wireless network to move up on to
browser cache poisoning via HTTP. 3. Cross-site scripting
attack is used to inject malicious content into web page and
web storage. 4. Proxy cache poisoning attack uses existing
techniques to place poisoning attacks on the forward proxy
and reverse proxy. [5] [22]
5.7. Session Hijacking: Session hacking attack is
performed at two level, application level and network level
here. When establishing a connection with the server using
HTTP protocol a unique session ID or current live session is
used by client and server. The attacker takes control over a
session. Actually attacker hijacks the session from the user
and continues the connection to the server pretending to be the
user. The Session Hijacking attack is performed to gain
unauthorized access to the Web Server. The Attacker
compromises a session ID by sniffing or predicting a valid and
predictable session token. The attacker utilizes a sniffer to
catch a substantial token session. Sometimes the server
utilizes a protected encoded association like HTTPS but
specific session of the client yet remaining association is sent
in plain content. [13] [34] [36]
5.8. Drive-by-Download: In this attack, a victim is lure
to a malicious web page of malicious site and that page
contains code written in JavaScript programming language.
Then attacker waits for their target to browse to the web page.
The compromised page will look normal while at the same
time the exploits execute and install malware on the victim's
computer silently in the background. In drive-by download
attack attacker loads the shell code as payload using client-
side scripting code into memory and executes the exploit
against a vulnerable component. JavaScript is utilized to
designate the binary representation of shell code to a variable
International Journal of Computer Applications (0975 8887)
Volume 170 No.9, July 2017
39
that is stored in the address space of the browser. It utilizes
heap spraying to make heap area. Once heap memory has
been executed then the real exploit launched. [12] [14]
5.9. Clickjacking: Clickjacking attack is called as UI
redressing attack. Because this technique is tricking users to
click the button or image that will run hidden malicious script
from attacker site. The attacker uses to trick a user into
clicking on a button or link another page when user was
expecting to click on the safe page. So an attacker hijacks the
click to attacker website. Since this strategy is deceiving
clients to tap the catch or picture that will run hidden
malicious script from attacker site. The attacker uses to trap a
client into tapping on a catch or connection another page
when client was hoping to tap on the safe page. So an attacker
hijacks the snap to attacker site. To position an element from
the target website clickjacking attack uses two nested
IFrames. The Inner IFrame contains the target page and it
must be large enough to display entirely. The user will click
simply without scrolling the web page where the outer frame
is smaller and acts as a window onto the web page. User will
think he is clicking on the website he wants to open but
actually he is clicking on an invisible website and he cannot
see that is underneath his mouse. [9][21]
6. PREVENTION TECHNIQUES
6.1. Buffer Overflow Attack: Stack Buffer Overflow
protection techniques involve modification in the arrangement
of stack-allocated data. It contains Canary values when this
value exploded by stack buffer overflow. It presents that
program using more than its allocated size of the buffer. By
confirming canary value program can be closed to intercepting
it from misbehaving. Also, stops an attacker from allowing
taking control over it. [53] Bound Checking is another
prevention technique which checks permission to each
allocated block of memory. They cannot go apart from the
actually allocated space, and tagging assures that memory
allocated for storing data cannot contain executable code. The
user should use such programming languages that do not give
direct memory access like Java, Python, Perl, Lisp over
C/C++.If the user is using language that gives direct memory
access then use classes that handle memory access like std::
string. Security-related compiler options like DEP, ASLR
must be used. It will be helpful for mitigating the impact of
overflow. To discover overflow Static code analysis tools like
Veracode's service, Fortify, Qualys can be used. [7] [18]
6.2. Cross-Site Scripting: Input Validation is effective
XSS attack prevention technique. Input Validation technique
should not allow the user to enter incorrect data it should
return an error message .Input validation also includes valid
use of angular brackets, other characters, quotes. Escaping
strategies mention to injecting data in sensitive areas of
HTML which offer an attacker the opportunity to affect
markup parsing. The Content-Security-Policy (CSP) is an
HTTP header. The browser can trust white list of trusted
resource provided by CSP. The browser should ignore any
source which is not mentioned in whitelist since it is
untrusted. Generally, the htmlspecialchars() function is
sufficient for filtering output. The user can use htmlentities()
if he is using character encoding other than UTF-8. [8] [16]
6.3. Man-in-the-Middle Attack: To prevent DNS
spoofing ensure that latest version of DNS software with
recent security patches is installed. Also Ensure that auditing
is enabled on all DNS server. Most popular email services and
online banking applications rely on HTTPS to ensure that
communications between our web browser and their servers is
in encrypted form. By using DH for key generation and
Blowfish for encryption will enhance data security over SSL
and HTTPS. ARP poisoning can be avoided by running shell
script at the backend. This will keep track of entries in the
ARP cache table. Different security measures can be used
such as operating systems onto the network should be
upgraded, network designing from security point of view,
network devices and the computers onto the network should
be updated periodically and the patches should be installed
regularly. [11]
6.4. Extension Vulnerability: A new browser
extension system can be used to protect browser from this
attack. Extensions run with least privileges can be exploited
by a malicious website to avoid divide extension into three
components: content scripts, extension core, and native
library. An attacker would need to convince the extension to
forward malicious input from the content script to the
extension core and from the extension core to the native
binary to gain users full privileges. Different components of
an extension are isolated from each other by strong protection
boundaries: each component runs in a separate operating
system process. The content script and the extension core run
in sandboxed processes, they cannot use operating system
services. The content script is isolated from its associated web
page by running in a separate JavaScript heap but both uses
the same DOM, prevents JavaScript capability leaks. [17] [20]
[28]
6.5. Extreme Phishing: Extreme phishing attack is
avoided by utilizing heuristics based phishing detection
solution and Web SSO phishing identification procedures. For
instance, the goal of a tick activity on the base site page could
be catch attention. So it will be utilized to identify contrast if a
comparing genuine login window or a fake login window is
shown. Web clients ought to be prepared to know about
extraordinary phishing. The client ought to give careful
consideration to the domain name of a URL shown in the
address bar. Web users ought to know about the look and feel
of web pages. User ought to separate the parodied Web SSO
login windows from genuine ones. One method for
identifying distinction between a spoofed Web SSO login
window is to expand, drag, or resize. Because a spoofed
window can never connect with the website page content area.
Browser extensions could be useful for clients to get
instinctive data about the domain name continuously.
6.6. Browser Cache Poisoning: HTTP Strict
Transport Security (HSTS) provides a HTTP response header
for a website to force the browser to make SSL connections
compulsory for all sub resources on the site. HSTS compliant
browsers give users the option to ignore SSL certificate
warnings. Public Key Pining (HPKP): allows website to
specify their public keys with an HTTP header and instructs
browser that does not accept a certificate with the unknown
public key. Defenses implemented by browser vendor: Do not
cache resources in Web cache or AppCache over broken
HTTP connection. Preventing HTTPS sites from loading
resources over HTTP. To avoid browser cache poisoning
attack the target site checks the integrity of all cached
JavaScript sub-resources before loading them into the page,
only fresh uncontaminated resources can be loaded into the
target sites page. [11] [19] [29]
6.7. Session Hijacking: To prevent the user from session
hijacking use Strong Session ID to avoid hijacked or
deciphered. SSL and SSH provide strong encryption using
SSL certificate. There must be a log out function for every
session termination, login for regeneration of Session ID.
International Journal of Computer Applications (0975 8887)
Volume 170 No.9, July 2017
40
HTTPS connection should be used for passing authentication
cookies and also reduce the life span of session or cookie.
Session hijacking can be prevented at the user level by clear
the history, offline contents, and cookies from the browser
after every sensitive transaction. To protect from session
hijacking there are different tools and techniques are
available. By using a sniffer on network attacker can be
detected. ANTI-SNIFF-It can detect any sniffer on the
network used to capture packets. [27] [35]
6.8. Drive-By-Download: Anomaly discovery depends
on the theory that malicious action shows itself through
anomalous framework events. Anomaly discovery
frameworks screen occasions happening in the framework
under investigation. For every occasion, various elements are
extracted. During a learning stage, typical component feature
values are found out, utilizing at least one show. After this
underlying stage, the framework is changed to location mode.
In this mode, the component benefits of happening occasions
are evaluated concerning the prepared models. Occasions that
are too distant from the built up models of typicality are
agged as malicious. [54] [60]
6.9. Clickjacking : To avoid Clickjacking attack provide
confirmation window for the click. If it is a different
component the user can decline his interaction and report it.
Frame busting is another defense against clickjacking attack,
which will hinder elements in an IFrame from being displayed
on web page. It can be achieved through JavaScript. At page
load time it will check if the active page is the top-level in the
browser window or not. A new HTTP header called X-
FRAME-OPTIONS is added to every authenticated. Server
should run in an HTML5 sandbox implementation and it
prevents any JavaScript from running on a server. [9]
7. CONCLUSION
Web browser like Mozilla uses JEMalloc memory allocator
which is vulnerable to heap overflow .Without security
patches, web browsers are vulnerable to different types of
attack. A web browser is not totally secure because plug-ins
are also vulnerable. Browser based attacks originate from
malicious websites. The Attacker can easily deliver malicious
code to user’s system. The user should block pop-up windows
to avoid malicious code to be downloaded on user system.
The browser is inherently insecure without multiprocess and
exposes the user to different exploits. Multiprocess and OS
level sandboxing must become standard and mandatory
features and eventually each tab must be contained within a
separate process. Multiprocess implementation will have an
insignificant effect on RAM usage. The effect on CPU is
none, because a multiprocess browser will be able to run on
multiple cores. In multiprocess based tabs, layout rendering
and JavaScript code should be put into a sandboxed process to
reduce kernel attack surface. Web browsers with electrolysis
and sandboxing feature restrict access to file system. This
protects the user from exploits. Hence, multiprocess and
sandbox should become mandatory to protect users from
malicious web pages.
8. REFERENCES
[1] Adi, Saltzman, Roi and Sharabani,Active Man in the
Middle Attacks: A Security Advisory, A whitepaper
from IBM Rational Application Security Group, 2009
[2] Bhargavaand Chen, Daniel,Shastry,DeFreez,Jean-Pierre
Haoand Seifert, A first look at Firefox OS
security,Nashville, TN USA, 2011
[3] Xiaowei and Xue,Yuan,Li,A survey on web application
security ,Nashville, TN USA, 2011
[4] Nicolas, Golubovic, Attacking Browser Extensions.
[5] Yue and Dong, Xinshu and Saxena,Jia,Prateek and Mao,
Jian and Liang,Yaoqi and Chen,Zhenkai, Man-in-the-
browser-cache: Persisting HTTPS attacks via browser
cache poisoning, computers security, 55, (2015)6280
[6] V and PandianS,Nithya, Lakshmana and Malarvizhi, C,A
Survey on Detection and Prevention of Cross-Site
Scripting Attack,International Journal of Security and Its
Applications,3,9,(2015),139152
[7] Calton and Beattie,,Cowan, F and Pu, Steve and
Walpole,Crispin and Wagle, Jonathan, Buffer Overflow :
Attacks and defenses for the vulnerability of the
decade,2,(2000)119129
[8] Gurvinder,Kaur ,Study of Cross-Site Scripting Attacks
and Their Countermeasures,International Journal of
Computer Applications Technology and
Research,10,3,(2014)604609
[9] A Sankara,Narayanan, Clickjacking vulnerability and
countermeasures, New York International Journal of
Applied Information Systems, 2012
[10] David, Stefan, Deian and Yang, Petr and Russo, Edward
Z and Marchenko, David and Karp, Alejandro and
Herman,Brad and Mazieres, Protecting Users by
Confining JavaScript with COWL, (2014)131–146
[11] Tarek S and Zaki,Ashraf and Sobh,Elgohary,
Mohammed, Design of an enhancement for SSL/TLS
protocols, 25, (2006)297306
[12] Giovanni,Cova, Christopher and Vigna,Marco and
Kruegel, Detection and analysis of drive-by-download
attacks and malicious JavaScript code, (2010)281290
[13] Jerry, Louis, Detection of session hijacking, 2011
[14] Manuel and Wurzinger, Egele, Peter and Kruegel, Engin,
Christopher and Kirda, Defending browsers against
drive-by downloads: Mitigating heap-spraying code
injection attacks, (2009)88106
[15] P Vadivel and Alagarsamy,Murugan,K,BufferOverflow
Attack Vulnerability in Stack,International Journal of
Computer Applications,5,13,(2011)12
[16] Rohilla, Rakesh,Monika and Kumar,XSS Attack:
Detection and Prevention Techniques
[17] Adam and Felt, Barth,Adrienne Porter and
SaxenaPrateek and Boodman, Aaron, Protecting
Browsers from Extension Vulnerabilities, 2010
[18] Benjamin A and Brodley, Hilmi and Vijaykumar,
Kuperman, TN and Jalote, Carla E and Ozdoganoglu,
Ankit,Detection and prevention of stack buffer overflow
attacks, Communications of the ACM11,48,(2005)5056
[19] Hodges, Collin and Barth, Jeff and Jackson,Adam, Http
strict transport security (hsts), 2012
[20] Gu, Boxuan and Zhang, Xiaole and Champion, Wenbin
and Bai, Adam C and Qin, Dong,Feng and Xuan,
Jsguard: shellcode detection in JavaScript, (2012)112
130
[21] Marchesini, Sean W and Zhao, John and Smith,
Meiyuan, Keyjacking: the surprising insecurity of client-
side SSL, Computers Security, 24, (2005)109123
[22] Jia, Yue and Dong, Yaoqi and Chen,Xinshu and Saxena,
Prateek and Mao, Jian and Liang, Zhenkai, Poster: Man-
International Journal of Computer Applications (0975 8887)
Volume 170 No.9, July 2017
41
in-the-Browser-Cache: Persisting HTTPS Attacks via
Browser Cache Poisoning
[23] Callegati, Walter and Ramilli, Franco and Cerroni,
Marco, Man-inthe-Middle Attack to the HTTPS
Protocol, IEEE Security Privacy, 7, (2009)7881
[24] Eriksson, Mattias and Johansson, TT, An example of a
man-in-themiddle attack against server authenticated ssl-
sessions, 2003
[25] Fraser,Howard, Modern web attacks, Network Security,
2008, (2008)13 15
[26] Matthias and Ben-David,Vallentin, Yahel, Persistent
browser cache poisoning,2010
[27] Karapanos, Srdjan,Nikolaos and Capkun, On the
Effective Prevention of TLS Man-In-The-Middle Attacks
in Web Applications, 14, 2014
[28] Barth, Adrienne Porter,Adam and Felt,SaxenaPrateek
and Boodman, Aaron, Protecting Browsers from
Extension Vulnerabilities, 2010
[29] Jackson, Adam, Collin and Barth, Forcehttps: protecting
high-security web sites from network attacks,
(2008)525534
[30] Vallentin, Yahel, Matthias and Ben-David, Quantifying
persistent browser cache poisoning, 2014
[31] Jackson,Andrew and Boneh,Collin and Bortz,JohnC,D
an and Mitchell, Protecting browser state from web
privacy attacks, (2006)737744
[32] Liang, Wei and Liu, Bin and You,Liangkun and Shi,
Mario, Wenchang and Heiderich, Scriptless timing
attacks on web browser privacy, (2014)112123
[33] Jemel, Ahmed,Mayssa and Serhrouchni, Security
assurance of local data stored by HTML5 web
application, (2014)4752
[34] Vishnoi, Monika and Tech,Laxman and Agarwal, MIT,
Session Hijacking And Its Countermeasures,
International Journal of Scientific Research Engineering
and Technology (IJSRET), (2013)250252
[35] Deepak Singh,Jain, Divya Rishi and Tomar, Vineeta and
Sahu, Session Hijacking: Threat Analysis and
Countermeasures
[36] Kapoor, Shray, Session hijacking exploiting TCP, UDP
and HTTP sessions, infosecwriters. com/text
resources/.../SKapoorSessionHijacking. pdf, 2006
[37] Ralf and Basin,Rolf and Hauser, David,Oppliger,
SSL/TLS sessionaware user authentication revisited,
Computers Security, 27,(2008)6470
[38] Piekarska, Bhargava and Borgaonkar,Marta and Shastry,
Ravishankar, Piekarska, Bhargava and Borgaonkar,Marta
and Shastry, Ravishankar,What Does the Fox Say? On
the Security Architecture of Firefox OS,(2014)172 177
[39] Securing web browser, http://www.us-
cert.gov/publications/ securing-your-web-browser
[40] Attacks on browser, http://www.owasp.org/index.php
[41] See xed patches in mozilla on bugzilla,
http://www.bugzilla.mozilla.org/quickserack=attachment
[42] Mozilla foundation security advisory,
https://www.mozilla.org/en-US/
security/advisoris/mfsa2017-01
[43] How Appliction Cache works,
https://developer.mozilla.org/en-US/
docs/web/HTML/Using the application cache
[44] All errors in Mozilla browser can see one time
at,https://www.mozilla.org/en-US/security/known-
vulnerabilities/firefox
[45] Zhao, Rui and John, Stacy and Bussell,Samantha and
Karas, Cara and Roberts, Daniel and Gavett,Jennifer and
Six, Brandon and Yue, Chuan,The Highly Insidious
Extreme Phishing Attacks,(2016)110
[46] Privilege escalation vulnerabilities in WebExtensions
APIs,
https://bugzilla.mozilla.org/showbug.cgi?id=1226423
[47] Pandikumar, T and Girma, Teklish,Analyzing
Information Flow in Java based Browser
Extensions,(2016)
[48] Chuan,Yue,The Devil Is Phishing: Rethinking Web
Single Sign-On Systems Security.,(2013)
[49] Zhao,Chuan and Yi,Rui and Yue,Qing,Automatic
detection of information leakage vulnerabilities in
browser extensions,(2015)13841394
[50] Interger overflow in Websockets during data buffering,
https://bugzilla.mozilla.org/showbug.cgi?id=1287266
[51] Buffer overflow rendering SVG with bidirectional
content,
https://bugzilla.mozilla.org/showbug.cgi?id=1270381
[52] Cross-site reading attack through data and view-source
URIs,
https://bugzilla.mozilla.org/showbug.cgi?id=1228950
[53] Integer overflow in MP4 playback in 64-bit versions,
https://bugzilla.mozilla.org/showbug.cgi?id=1206211
[54] Same origin violation and local file stealing via PDF
reader,
https://bugzilla.mozilla.org/showbug.cgi?id=1178058
[55] Electrolysis and Accessbility,
https://wiki.mozilla.org/Electrolysis/Accessibility
[56] Introduction to Electrolysis,
https://wiki.mozilla.org/Electrolysis
[57] Electrolys and multiple content process,
https://wiki.mozilla.org/Electrolysis/Multiplecontentproc
esses
[58] Sandbox security process model
https://wiki.mozilla.org/Security/Sandbox/Processmodel
[59] Hardening the Firefox Security Sandbox
https://wiki.mozilla.org/Security/Sandbox/Hardening
[60] Tammo and Dewald,Rieck,Andreas,Konrad and
Krueger,Cujo: efficient detection and prevention of
drive-by-download attacks,(2010)3139.
[61] Chariton, Argyroudis, Patroklos and Karamitas,
Exploiting the jemalloc Memory Allocator: Owning
Firefox's Heap,Blackhat USA,2012
[62] Emery D,Novark, Gene and Berger, DieHarder: securing
the heap,(2010) 573584
... Users need to understand how to prevent networked data breaches, which often occur due to browser vulnerabilities. Educating users about security features that enhance browser security is crucial for secure online browsing (Shital & Raosaheb Chavan, 2017). Almost everyone with an internet connection has access to a web browser on their PC or mobile device. ...
... Emphasizing secure browsing behaviours increases awareness of potential threats, highlighting the importance of keeping browsers updated, identifying secure websites, and avoiding suspicious links (Shital & Raosaheb Chavan, 2017). Beyond providing protection, browser security promotes responsible online conduct, fosters a cyber-aware mindset, and contributes to making the internet a safer place for everyone (Shital & Raosaheb Chavan, 2017). ...
... Emphasizing secure browsing behaviours increases awareness of potential threats, highlighting the importance of keeping browsers updated, identifying secure websites, and avoiding suspicious links (Shital & Raosaheb Chavan, 2017). Beyond providing protection, browser security promotes responsible online conduct, fosters a cyber-aware mindset, and contributes to making the internet a safer place for everyone (Shital & Raosaheb Chavan, 2017). ...
The Role of Cybersecurity Knowledge on Employees' Awareness
Conference Paper
Full-text available
  • Aug 2024
This study investigates the role of cybersecurity knowledge on the level of awareness among personnel at Iskandar Puteri City Council. The study examines various aspects of cybersecurity knowledge including, cybersecurity countermeasures, password management, and browser security, and their relationship to employees' awareness. Data was collected through questionnaires and analysed quantitatively to identify significant relationships. The findings reveal a substantial correlation between cybersecurity awareness and knowledge, with the most critical factor being understanding password management. The study underscores the importance of comprehensive cybersecurity training programs in enhancing awareness and recommends the implementation of regular, mandatory training sessions and phishing simulation exercises to improve employees' ability to recognize and respond to online threats. These initiatives aim to cultivate a cybersecurity culture within the organization, thereby reducing the risk of cyber-attacks and protecting sensitive information.
View
... Before searching for malicious payloads in the HTTP request sent by the browser on behalf of the user, it must transform the URL request and any POST data to mimic how the browser sees them (Satish & Chavan, 2017). The transformation includes URL decode, Character set decode, and HTML entity decode. ...
... The transformation is necessary because the server-side detection system must mimic what the browser does (Satish & Chavan, 2017) to reduce and even prevent the different interpretations between them (the client's browser and the server). We did not design the pre-processing step to be run during the development of the system, but instead is embedded in the system and runs imminently every time an HTTP request or data from the database is about to be put into the HTML document inside the HTTP response. ...
Server-side Cross-site Scripting Detection Powered by HTML Semantic Parsing Inspired by XSS Auditor
Article
  • Mar 2023
Cross-site Scripting attacks have been a perennial threat to web applications for many years. Conventional practices to prevent cross-site scripting attacks revolve around secure programming and client-side prevention techniques. However, client-side preventions are still prone to bypasses as the inspection is done on the user’s browser, so an adversary can alter the inspection algorithm to come up with the bypasses or even manipulate the victim to turn off the security measures. This decreases the effectiveness of the protection and leads to many web applications are still vulnerable to cross-site scripting attacks. We believe that XSS Auditor, which was pre-installed in Google Chrome browser for more than 9 years, is a great approach in combating and preventing XSS attacks. Hence, in this paper, we proposed a novel approach to thoroughly identify two types of cross-site scripting attacks through server-side filter implementation. Our proposed approach follows the original XSS Auditor mechanism implemented in Google Chrome. However, instead of placing the detection system on the client side, we design a detection mechanism that checks HTTP requests and responses as well as database responses for possible XSS attacks from the server side. From 500 payloads used to evaluate the proposed method, 442 payloads were classified correctly, thus showing that the proposed method was able to reach 88.4% accuracy. This work showed that the proposed approach is very promising in protecting users from devastating Cross-site Scripting attacks.
View
... The way the website is operated could be used by attackers to target its end users. Through pop-ups and clickjacking, attackers inject websites with malicious code [9], and the end-user systems forward sensitive data to attackers. ...
View
... As a result, their devices are at risk of being compromised when they visit vulnerable or insecure websites [5,6]. The rendering of unfiltered content directly in a browser can pose serious security threats [7]. Likewise, accepting arbitrary content in APIs and plugins is risky because they might contain malicious data or executable code. ...
Mitigating Insecure Outputs in Large Language Models(LLMs): A Practical Educational Module
Conference Paper
Full-text available
  • Jul 2024
Large Language Models (LLMs) have extensive ability to produce promising output. Nowadays, people are increasingly relying on them due to easy accessibility, rapid and outstanding outcomes. However, the use of these results without appropriate scrutiny poses serious security risks, particularly when they are integrated with other software, APIs, or plugins. This is because the LLM outputs are highly dependent on the prompts they receive. Therefore, it is essential to carefully clean these outputs before using them in additional software environments. This paper is designed to teach students about the potential dangers of contaminated LLM output within the context of web development through prelab, hands-on, and postlab experiences. Hands-on lab provides practical guidance on how to handle LLM vulnerabilities to make applications safe with some real-world examples in Python. This approach aims to provide students with a deeper understanding of the precautions necessary to ensure software against the vulnerabilities introduced by LLM output.
View
... Obfuscation is an increasingly common technique used to conceal an attack by making its operation more complex and thus harder to detect [39]. Attacks targeting multimedia, reader, browser and third party software vulnerabilities are dicult, if not impossible, to detect using traditional virus signatures since these attacks are displayed automatically in the browser, exploiting the underlying vulnerability [39] [40]. ...
An Approach for Detecting Malware in Web Advertisements
Thesis
  • Oct 2022
Malware detection is a very crucial component of Computer Security with the current malware prevalence on the internet. With disastrous malware infiltration, early detection functions can help prevent malicious software from compromising Information and Communication Technology Systems. Different machine learning algorithms have been used to detect malicious activities on the web. The intent of using machine learning algorithm is to detect future high-risk malicious activities before they can turn into security breaches. Precisely, the majority of this research's efforts was placed on crawling 1873 top Alexa advertisement URLs for static malware analysis; Sandbox environment for analysing the malicious websites dynamically; extract dynamic and static analysis features to train K-nearest neighbors (KNN) classifier for malware detection; and applied K-Folds cross-validator to evaluate the approach. The model designed in this approach attained 99.2% accuracy and precision. The result as well showed a very low false positive and false negative rates. Thus, the designed malware detection approach can be used to support malware detection in web advertisements. Keywords: Web Advertisement, Malware Analysis, Dynamic Malware Analysis, Static Malware Analysis, Sandbox; Machine Learning; K-nearest neighbors; K-Folds Cross-validator, Classification
View
... Internet-centric social networking turns into a necessary part for every single person. Security becomes an important issue since the attacks frequency against the systems is rising rapidly [1]. Internet WB comprises several entry points and could consequently be attacked as of multiple sources. ...
Security of Web Browser: A Study on Attacks and Their Defences
Article
Full-text available
  • Jul 2023
Today, the internet with its flexible nature and time-saving features have influenced and made all age-groups to depend on it, which has exponentially elevated internet usage. Web browsers (WB) are the utmost significant end-user applications for browsing, presenting and retrieving Internet resources. Now, WB like Apple Safari, Microsoft Internet Explorer, along with Mozilla Firefox is installed on almost all computers. There are countless attacks on WB. Since WB is utilized so frequently, it is essential to configure them securely. The security of such WB has turned into a prime issue in current years. More research has to be performed in the area of WB security attacks. Hence, there stands a requirement to discuss the protection against security attacks for implementing a new effectual defense mechanism. The principal object of this article is to review all the research directions in defense against WB attacks.
View
... These include entering extra data than asked for by a program that accepts input, entering malformed data for a program that accepts data in a standard format and the use of data block larger than the one specified in the size field. They further suggested a perfect coding style that would eliminate unchecked buffers which will eliminate buffer overflows Patil and Chavan (2017) presented a systematic study on ways to make a browser secure. They listed attacks on a browser to include buffer overflow, browser cache poisoning, man-inmiddle, session hijacking and clickjacking. ...
AN EXPERIMENTAL STACK ATTACKS DETECTION AND RECOVERY FRAMEWORK USING AGENTS, CHECKPOINTS AND ROLLBACK
Article
Full-text available
  • Mar 2019
Stack based attacks are on the increase. This work generally studied stack-based vulnerabilities and attacks and focused on attacks which employ the modification of return addresses used by control stacks. A control stack keeps track of the point in which a function returns control to after its execution. We proposed a framework that mitigates control stack attacks which utilizes kernel-controlled agent, checkpoints and rollback mechanisms. In the framework once a function is called the same return address (RA) is pushed to the control stack and also passed to the kernel-controlled agent. When a function call terminates the RA in the control stack is popped and passed to the kernel protected agent for comparison and if there is any disparity in the values of the RAs then there is an attack. In such cases the kernel protected agent directs execution of the process to stack at the latest checkpoint. The framework was implemented using Java Netbeans 7.2.1. Experimental results of the framework indicated successful detection of attacks and rollbacks in case of the attacks. Rollback indicated recovery from the attacks.
View
... The nature of the issues is the same for Smart-phones and Desktops. Infections, Trojans, ransom ware, and vulnerabilities in applications are all dangerous substances (Shital and R., 2017). ...
An Analysis of the Relationship between High Tech Exports and Unemployment
Conference Paper
Full-text available
  • Jul 2022
This empirical study analyzes the relationship between high tech exports and unemployment. The study is conducted only thirteen years for the period of 2007 – 2019. The data set of high technology exports (% of manufactured exports) and unemployment total (labor force (percentage) – modeled International Labor Organization (ILO) estimate) was gathered from The World Bank. We use covariance analysis, correlation analysis, and cointegration to achieve the goals of this study. The Matrix form of Covariance analysis and Ellipse, Kernel fit of correlation analysis were used it. It was found there is no significant direction between high technology exports and unemployment total. The Augmented Dicky Fuller test has confirmed that those variables were stationary at logarithm first difference. At the same time, the residual series was non-stationary at level form. Therefore, the researcher concludes that there is no long-run relationship between high technology exports and unemployment and the changes in high-tech exports do not affect unemployment worldwide. So, researchers need to find other technical indicators for how to determinant unemployment. Future studies want to find short-run and causality between those two variables and want to include more.
View
Evaluation of the Preference of Web Browsers Among Undergraduates Using AHP-TOPSIS Model
Chapter
  • Feb 2023
Technology has advanced at a rapid speed over the years, causing people to spend a majority of their time surfing the Internet. For the convenience of the users, people come up with a sustainable technology called web browsers. However, many web browsers exist nowadays, and the user's face resides in their ability to select the most suitable alternative. The primary objective of this research study is to determine the priority of the decision criteria in the selection of web browsers among undergraduates by using Analytic Hierarchy Process Techniques for Order of Preference by Similarity to Ideal Solution (AHP-TOPSIS) model. Moreover, this study also aims to identify the most preferred web browsers. The decision alternatives such as Google Chrome, Mozilla Firefox, Internet Explorer, Opera, Safari, and Microsoft Edge are considered in this study. Besides, the decision criteria identified in this study are appearance, extension, speed, web features, technical help and support, and lastly privacy and security. The results show that Google Chrome is the most preferred web browser, followed by Safari, Mozilla Firefox, Microsoft Edge, Opera, and lastly Internet Explorer. Privacy and security, speed, and technical help and support are ranked as the top three influential criteria by undergraduate students. The significance of this study is to analyze web browsers as sustainable technology by determining the most preferred web browser as well as the most influential decision criterion in the selection of web browsers by the undergraduates with the AHP-TOPSIS model. This study remains a reference to enhance the improvements of the web browser as a sustainable technology in order to meet the users’ expectations in the future.
View
Application of Artificial Intelligence in Human Resource Activities for Advanced Governance and Welfare
Chapter
Full-text available
  • Feb 2023
Artificial Intelligence (AI) technology is becoming one of the master instruments in the new world for many companies worldwide. The future of learning and the process of development have been bundled with innovations in the coming years. The application of AI helps to enhance the quality of employees through training and development at par with industrial needs. AI involves in the functional areas of the human resource segment such as recruitment, training, performance assessment, and employee retention. AI creates a next-gen technological workplace that succeeds in the seamless association between organisational systems and employees. Hence, human capitals are not obsolescent, but their efficiencies are bolstered by upcoming technology. In reality, AI offers organisations with a good amount of freeing up resources for greater tasks. The AI-enabled advanced software will read the employee based on their documents entered. Moreover, the AI application helps to identify various issues of the employees through staff data related to their stress level, late coming, unnecessary leaves, and so on. It has great market potential and is applicable not only in HR operations but also across the organisation. Therefore, AI helps the HR professional to make the decision-making process easier and smarter.
View
Analyzing Information Flow in Java based Browser Extensions
Article
Full-text available
  • Dec 2016
JavaScript-based browser extensions (JSEs) enhance the core functionality of web browsers by improving their look and feel, and are widely available for commodity browsers. To enable a rich set of functionalities, browsers typically execute JSEs with elevated privileges. For example, unlike JavaScript code in a web application, code in a JSE is not constrained by the same-origin policy. Malicious JSEs can misuse these privileges to compromise confidentiality and integrity, e.g., by stealing sensitive information, such as cookies and saved passwords, or executing arbitrary code on the host system. Even if a JSE is not overtly malicious, vulnerabilities in the JSE and the browser may allow a remote attacker to compromise browser security. We present SABRE (Security Architecture for Browser Extensions), a system that uses in-browser information-flow tracking to analyze JSEs. SABRE associates a label with each in-memory JavaScript object in the browser, which determines whether the object contains sensitive information. Sabre propagates labels as objects are modified by the JSE and passed between browser subsystems. Sabre raises an alert if an object containing sensitive information is accessed in an unsafe way, e.g., if a JSE attempts to send the object over the network or write it to a file. We implemented Sabre by modifying the Firefox browser and evaluated it using both malicious JSEs as well as benign ones that contained exploitable vulnerabilities. Our experiments show that Sabre can precisely identify potential information flow violations by JSEs.
View
A Survey on Detection and Prevention of Cross-Site Scripting Attack
Article
Full-text available
  • Mar 2015
In present-day time, securing the web application against hacking is a big challenge. One of the common types of hacking technique to attack the web application is Cross-Site Scripting (XSS). Cross-Site Scripting (XSS) vulnerabilities are being exploited by the attackers to steal web browser's resources such as cookies, credentials etc. by injecting the malicious JavaScript code on the victim's web applications. Since Web browsers support the execution of commands embedded in Web pages to enable dynamic Web pages attackers can make use of this feature to enforce the execution of malicious code in a user's Web browser. The analysis of detection and prevention of Cross-Site Scripting (XSS) help to avoid this type of attack. We describe a technique to detect and prevent this kind of manipulation and hence eliminate Cross-Site Scripting attack.
View
Automatic Detection of Information Leakage Vulnerabilities in Browser Extensions
Conference Paper
  • May 2015
A large number of extensions exist in browser vendors' online stores for millions of users to download and use. Many of those extensions process sensitive information from user inputs and webpages; however, it remains a big question whether those extensions may accidentally leak such sensitive information out of the browsers without protection. In this paper, we present a framework, LvDetector, that combines static and dynamic program analysis techniques for automatic detection of information leakage vulnerabilities in legitimate browser extensions. Extension developers can use LvDetector to locate and fix the vulnerabilities in their code; browser vendors can use LvDetector to decide whether the corresponding extensions can be hosted in their online stores; advanced users can also use LvDetector to determine if certain extensions are safe to use. The design of LvDetector is not bound to specific browsers or JavaScript engines, and can adopt other program analysis techniques. We implemented LvDetector and evaluated it on 28 popular Firefox and Google Chrome extensions. LvDetector identified 18 previously unknown information leakage vulnerabilities in 13 extensions with a 87% accuracy rate. The evaluation results and the feedback to our responsible disclosure demonstrate that LvDetector is useful and effective.
View
View
View
Security assurance of local data stored by HTML5 web application
Article
  • Mar 2015
Local data storage is one of the features that came with the HTML5 standard. Its purpose is to ensure the storage of web application's data in the device of the user rather than in the server side. With HTM5, the storage is no more achieved by proprietary solution as it is ensured by standardized APIs. However, with this new functionality that improves the user's quality of experience, it is crucial to reassure the end user about his data protection when they are stored locally and when they are externalized. In this work, our contribution deals with the assurance and security of data stored by HTML5 APIs. These measures are integrated into the browser to be performed automatically. In fact, data will be stored safely in a secure local space devoted to each user. As a proof of concept, we implemented our approach on the chromium browser, and we studied its performances.
View
Man-in-the-browser-cache: Persisting HTTPS attacks via browser cache poisoning
Article
  • Aug 2015
  • COMPUT SECUR
In this paper, we present a systematic study of browser cache poisoning (BCP) attacks, wherein a network attacker performs a one-time Man-In-The-Middle (MITM) attack on a user's HTTPS session, and substitutes cached resources with malicious ones. We investigate the feasibility of such attacks on five mainstream desktop browsers and 16 popular mobile browsers. We find that browsers are highly inconsistent in their caching policies for loading resources over SSL connections with invalid certificates. In particular, the majority of desktop browsers (99% of the market share) and popular mobile browsers (over a billion user downloads) are affected by BCP attacks to a large extent. Existing solutions for safeguarding HTTPS sessions fail to provide comprehensive defense against this threat. We provide guidelines for users and browser vendors to defeat BCP attacks. Meanwhile, we propose defense techniques for website developers to mitigate an important subset of BCP attacks on existing browsers without cooperation of users and browser vendors. We have reported our findings to browser vendors and confirmed the vulnerabilities. For example, Google has acknowledged the vulnerability we reported in Chrome's HTML5 AppCache and has fixed the problem according to our suggestion.
View
View
A First Look at Firefox OS Security
Article
  • Oct 2014
With Firefox OS, Mozilla is making a serious push for an HTML5-based mobile platform. In order to assuage security concerns over providing hardware access to web applications, Mozilla has introduced a number of mechanisms that make the security landscape of Firefox OS distinct from both the desktop web and other mobile operating systems. From an application security perspective, the two most significant of these mechanisms are the the introduction of a default Content Security Policy and code review in the market. This paper describes how lightweight static analysis can augment these mechanisms to find vulnerabilities which have otherwise been missed. We provide examples of privileged applications in the market that contain vulnerabilities that can be automatically detected. In addition to these findings, we show some of the challenges that occur when desktop software is repurposed for a mobile operating system. In particular, we argue that the caching of certificate overrides across applications--a known problem in Firefox OS--generates a counter-intuitive user experience that detracts from the security of the system.
View
Session Hijacking Exploiting TCP, UDP and HTTP Sessions
Article
Preface With the emerging fields in e-commerce, financial and identity information are at a higher risk of being stolen. The purpose of this paper is to illustrate a common cum valiant security threat to which most systems are prone to i.e. Session Hijacking. Sensitive user information are constantly transported between sessions after authentication and hackers are putting their best efforts to steal them .In this paper I will discuss mechanics of the act of session hijacking in TCP and UDP sessions i.e. hijacking at the network level and at Application levels i.e. hijacking HTTP sessions.
View