東華大學圖書館 |

語系: 繁體中文

說明(常見問題)

回圖書館首頁

手機版館藏查詢

登入

回首頁

切換: 標籤 | MARC模式 | ISBD

Understanding and Mitigating the Sec...

Arshad, Sajjad.

FindBook

Google Book

Amazon

博客來

Understanding and Mitigating the Security Risks of Content Inclusion in Web Browsers.

紀錄類型:	書目-電子資源 : Monograph/item
正題名/作者:	Understanding and Mitigating the Security Risks of Content Inclusion in Web Browsers./
作者:	Arshad, Sajjad.
出版者:	Ann Arbor : ProQuest Dissertations & Theses, : 2019,
面頁冊數:	111 p.
附註:	Source: Dissertations Abstracts International, Volume: 80-10, Section: B.
Contained By:	Dissertations Abstracts International80-10B.
標題:	Information Technology. -
電子資源:	http://pqdd.sinica.edu.tw/twdaoapp/servlet/advanced?query=13861478
ISBN:	9781392074749

Understanding and Mitigating the Security Risks of Content Inclusion in Web Browsers.
Arshad, Sajjad.

Understanding and Mitigating the Security Risks of Content Inclusion in Web Browsers. - Ann Arbor : ProQuest Dissertations & Theses, 2019 - 111 p.

Source: Dissertations Abstracts International, Volume: 80-10, Section: B.

Thesis (Ph.D.)--Northeastern University, 2019.

This item must not be sold to any third party vendors.

Thanks to the wide range of features offered by web browsers, modern websites include various types of content such as JavaScript and Cascading Style Sheets (CSS) in order to create interactive user interfaces. Browser vendors also provided extensions to enhance web browsers with additional useful capabilities that are not necessarily maintained or supported by default. However, included content can introduce security risks to users of these websites, unbeknownst to both website operators and users. In addition, the browser's interpretation of the resource URLs may be very different from how the web server resolves the URL to determine which resource should be returned to the browser. The URL may not correspond to an actual server-side file system structure at all, or the web server may internally rewrite parts of the URL. This semantic disconnect between web browsers and web servers in interpreting relative paths (path confusion) could be exploited by Relative Path Overwrite (RPO). On the other hand, even tough extensions provide useful additional functionality for web browsers, they are also an increasingly popular vector for attacks. Due to the high degree of privilege extensions can hold, extensions have been abused to inject advertisements into web pages that divert revenue from content publishers and potentially expose users to malware. In this thesis, I propose novel research into understanding and mitigating the security risks of content inclusion in web browsers to protect website publishers as well as their users. First, I introduce an in-browser approach called Excision to automatically detect and block malicious third-party content inclusions as web pages are loaded into the user's browser or during the execution of browser extensions. Then, I propose OriginTracer, an in-browser approach to highlight extension-based content modification of web pages. Finally, I present the first in-depth study of style injection vulnerability using RPO and discuss potential countermeasures.

ISBN: 9781392074749Subjects--Topical Terms:

1030799
Information Technology.

Understanding and Mitigating the Security Risks of Content Inclusion in Web Browsers.
LDR:03121nmm a2200325 4500 001 2207888
005 20190923114248.5
008 201008s2019 ||||||||||||||||| ||eng d
020 $a 9781392074749
035 $a (MiAaPQ)AAI13861478
035 $a (MiAaPQ)neucis:10136
035 $a AAI13861478
040 $a MiAaPQ $c MiAaPQ
100 1 $a Arshad, Sajjad. $3 3434886
245 1 0 $a Understanding and Mitigating the Security Risks of Content Inclusion in Web Browsers.
260 1 $a Ann Arbor : $b ProQuest Dissertations & Theses, $c 2019
300 $a 111 p.
500 $a Source: Dissertations Abstracts International, Volume: 80-10, Section: B.
500 $a Publisher info.: Dissertation/Thesis.
500 $a Advisor: Robertson, William;Kirda, Engin.
502 $a Thesis (Ph.D.)--Northeastern University, 2019.
506 $a This item must not be sold to any third party vendors.
520 $a Thanks to the wide range of features offered by web browsers, modern websites include various types of content such as JavaScript and Cascading Style Sheets (CSS) in order to create interactive user interfaces. Browser vendors also provided extensions to enhance web browsers with additional useful capabilities that are not necessarily maintained or supported by default. However, included content can introduce security risks to users of these websites, unbeknownst to both website operators and users. In addition, the browser's interpretation of the resource URLs may be very different from how the web server resolves the URL to determine which resource should be returned to the browser. The URL may not correspond to an actual server-side file system structure at all, or the web server may internally rewrite parts of the URL. This semantic disconnect between web browsers and web servers in interpreting relative paths (path confusion) could be exploited by Relative Path Overwrite (RPO). On the other hand, even tough extensions provide useful additional functionality for web browsers, they are also an increasingly popular vector for attacks. Due to the high degree of privilege extensions can hold, extensions have been abused to inject advertisements into web pages that divert revenue from content publishers and potentially expose users to malware. In this thesis, I propose novel research into understanding and mitigating the security risks of content inclusion in web browsers to protect website publishers as well as their users. First, I introduce an in-browser approach called Excision to automatically detect and block malicious third-party content inclusions as web pages are loaded into the user's browser or during the execution of browser extensions. Then, I propose OriginTracer, an in-browser approach to highlight extension-based content modification of web pages. Finally, I present the first in-depth study of style injection vulnerability using RPO and discuss potential countermeasures.
590 $a School code: 0160.
650 4 $a Information Technology. $3 1030799
650 4 $a Computer science. $3 523869
690 $a 0489
690 $a 0984
710 2 $a Northeastern University. $b Information Assurance. $3 3434887
773 0 $t Dissertations Abstracts International $g 80-10B.
790 $a 0160
791 $a Ph.D.
792 $a 2019
793 $a English
856 4 0 $u http://pqdd.sinica.edu.tw/twdaoapp/servlet/advanced?query=13861478