This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
View analytic
Thursday, May 11 • 15:00 - 15:45
The evil friend in your browser

Sign up or log in to save this to your schedule and see who's attending!

Feedback form is now closed.
On the one hand, browser extensions, e.g., for Chrome, are very useful, as they extend web browsers with additional functionality (e.g., blocking ads). On the other hand, they are the most dangerous code that runs in your browsers: extension can read and modify both the content displayed in the browser. As they also can communicate with any web-site or web-service, they can report data and metadata to external parties.

The current security model for browser extensions seems to be inadequate for expressing the security or privacy needs of browser users. Thus, browser extensions are a "juice target" for attackers targeting web users.

We present results of analysing over 2500 browser extensions on how they use the current security model and discuss examples of extensions that are potentially of high risk. Based on the results of our analysis of real world browser extensions as well as our own threat model, we discuss the limitations of the current security model form a user perspective.

avatar for Achim D. Brucker

Achim D. Brucker

The University of Sheffield
Dr. Achim D. Brucker (www.brucker.ch) is a Senior Lecturer and consultant at The University of Sheffield, UK where he heads the heads the Software Assurance & Security Research Team (logicalhacking.com). Until December 2015, he was a Research Expert (Architect), Security Testing... Read More →
avatar for Michael Herzberg

Michael Herzberg

PhD Student, University of Sheffield
Michael is a PhD student at the University of Sheffield, working together with Achim Brucker. His focus lies on formal methods for building secure systems, in particular ones using web technologies. Previously he graduated from the | Karlsruhe Institute of Technology, Germany... Read More →

Thursday May 11, 2017 15:00 - 15:45
Waterfront Center: Hall 2B

Attendees (25)