Top

Published in:

2016 | OriginalPaper | Chapter

Protecting the Augmented Browser Extension from Mutation Cross-Site Scripting

Authors : S. Remya, K. Praveen

Published in: Proceedings of the Second International Conference on Computer and Communication Technologies

Publisher: Springer India

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

Browser extensions have a great role in bringing changes to the web browser behavior and improving browser performance. However, nowadays, many browser extensions fail to meet the security requirements. Due to this, they become a medium for various attackers to steal the credential information of the users. The proposal in this paper makes a pitch for the protection of an augmented browser extension against mutation-based cross-site scripting attack. A method is introduced for hardening the browser extension script along with dead code injection. A mutation-based cross-site scripting identifier to identify the attacks that affect the extensions is also discussed in this paper. These methods will protect browser extensions from various malicious script injection attacks.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter A Novel Action Descriptor to Recognize Actions from Surveillance Videos

next chapter Large-Scale Data Management System Using Data De-duplication System

Guarnieri, S., Pistoia, M., Tripp, O., Dolby, J., Teilhet, S., Berg, R.: Saving the world wide web from vulnerable javascript. In: Proceedings of the 2011 International Symposium on Software Testing and Analysis, pp. 177–187. ACM (2011)

Sundareswaran, S., Squicciarini, A.C.: Xss-dec: A hybrid solution to mitigate cross-site scripting attacks. In: Data and Applications Security and Privacy XXVI, pp. 223–238. Springer (2012)

Heiderich, M., Schwenk, J., Frosch, T., Magazinius, J., Yang, E.Z.: mxss attacks: Attacking well-secured web-applications by using innerhtml mutations. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security, pp. 777–788. ACM (2013)

Van Acker, S., Nikiforakis, N., Desmet, L., Piessens, F., Joosen, W.: Monkey-in-the-browser: malware and vulnerabilities in augmented browsing script markets. In: Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security, pp. 525–530. ACM (2014)

Magazinius, J., Hedin, D., Sabelfeld, A.: Architectures for inlining security monitors in web applications. In: Engineering Secure Software and Systems, pp. 141–160. Springer (2014)

Manico, J.: Xss filter evasion cheat sheet. https://www.owasp.org/index.php/XSSFilterEvasionCheatSheet

Wang, Y.H., Mao, C.H., Lee, H.M.: Structural learning of attack vectors for generating mutated xss attacks (2010)

Hedin, D., Birgisson, A., Bello, L., Sabelfeld, A.: Jsflow: tracking information flow in javascript and its apis. In: Proceedings of the 29th Annual ACM Symposium on Applied Computing, pp. 1663–1671. ACM (2014)

Athanasopoulos, E., Pappas, V., Krithinakis, A., Ligouras, S., Markatos, E.P., Karagiannis, T.: xjs: practical xss prevention for web application development. In: Proceedings of the 2010 USENIX Conference on Web Application Development, pp. 13–13. USENIX Association (2010)

10.

Zalewski, M.: Vega vulnerability scanner. https://subgraph.com/vega/documentation/index.en.html

11.

NIST: National vulnerability database. https://nvd.nist.gov/CVSS-v2-Calculator?vector

12.

Barua, A., Zulkernine, M., Weldemariam, K.: Protecting web browser extensions from javascript injection attacks. In: 2013 18th International Conference on Engineering of Complex Computer Systems (ICECCS), pp. 188–197. IEEE (2013)

13.

Schneider, J.: The extrasolar planets encyclopaedia. http://exoplanet.eu/catalog.php

Title: Protecting the Augmented Browser Extension from Mutation Cross-Site Scripting
Authors: S. Remya
K. Praveen
Publisher: Springer India
Book: Proceedings of the Second International Conference on Computer and Communication Technologies
Print ISBN: 978-81-322-2516-4

Electronic ISBN: 978-81-322-2517-1

Copyright Year: 2016
DOI: https://doi.org/10.1007/978-81-322-2517-1_22

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"