Speeding Up Mobile Browsers without Infrastructure Support

Wang, Zhen

05 September 2012

Mobile browsers are known to be slow. We characterize the performance of mobile browsers and find out that resource loading is the bottleneck. Leveraging an unprecedented set of web usage data collected from 24 iPhone users continuously over one year, we examine the three fundamental, orthogonal approaches to improve resource loading without infrastructure support: caching, prefetching, and speculative loading, which is first proposed and studied in this work. Speculative loading predicts and speculatively loads the subresources needed to open a webpage once its URL is given. We show that while caching and prefetching are highly limited for mobile browsing, speculative loading can be significantly more effective. Empirically, we show that client-only solutions can improve the browser speed by 1.4 seconds on average. We also report the design, realization, and evaluation of speculative loading in a WebKit-based browser called Tempo. On average, Tempo can reduce browser delay by 1 second (~20%).

mobile

browser

performance

Protecting Browser Extensions from JavaScript Injection Attacks with Runtime Protection and Static Analysis

Barua, Anton

01 October 2012

With the rapid proliferation of the internet, web browsers have evolved from single-purpose remote document viewers into multifaceted systems for executing dynamic, interactive web applications. In order to enhance the web browsing experience of users and to facilitate on-demand customizability, most web browsers now can be fitted with extensions: pieces of software that utilize the underlying web platform of a browser and provide a wide range of features such as advertisement blocking, safety ratings of websites, in-browser web development, and many more. Extensible web browsers provide access to their powerful privileged components in order to facilitate the development of feature-rich extensions. This exposure comes at a price, though, as a vulnerable extension can introduce a security hole through which an attacker can access the privileged components and penetrate a victim user’s browser, steal the user’s sensitive information, and even execute arbitrary code in the user’s computer. The current browser security model is inadequate for preventing attacks via such vulnerable extensions. Therefore, an effective protection mechanism is required that would provide web browsers adequate security while still allowing them to be extended. In this thesis, we propose a runtime protection mechanism for JavaScript-based browser extensions. Our protection mechanism performs offline randomization of an extension’s source code and augments the corresponding browser with appropriate modifications. The protection from malicious injection attacks is enforced at runtime by distinguishing attack code from the randomized extension code. Furthermore, for maximum backward compatibility with existing extensions, we propose a complementary static points-to analysis technique that can be invoked on-demand for assessing the security of dynamic code generation functions present in the source code of extensions. Our combined approach of runtime protection and static analysis is independent of the existing extension platforms, thus obviating the need of radically changing the platforms and requiring developers to rewrite their extensions. We implement our protection mechanism in the popular Mozilla Firefox browser and evaluate our approach on a set of vulnerable and non-vulnerable Mozilla Firefox extensions. The evaluation results indicate that our approach can be a viable solution for preventing attacks on JavaScript-based browser extensions while incurring negligible performance overhead and maintaining backward compatibility with existing extensions. / Thesis (Master, Computing) -- Queen's University, 2012-09-27 23:41:46.455

Browser

Security

Injection

Extensions

Thin HTML Clients auf Basis von Application Server Technologie

Dorda, Clemens.

January 2002

Stuttgart, Univ., Diplomarb., 2002.

Zum Potential browserbasierter Applikationen

Breitschmid, Michael.

January 2007

Master-Arbeit Univ. St. Gallen, 2007.

LibX 2.0

Nicholson, Brian Robert

06 January 2012

As Internet applications continue to gain popularity, users are becoming increasingly comfortable with using the Web as part of their daily lives. Content is becoming digitized on a massive scale, and web browsers are emerging as the platform of choice. Library catalogs, or OPACs, have become widely digitized as part of this trend. Unlike modern search engines, however, many OPACs require antiquated, boolean-based search queries. Consequently, OPAC usage has declined. Libraries have recently begun to introduce modernized services that enable Google-like queries with convenient syntaxes; however, these services are not widely adopted since Google remains more accessible and familiar. LibX 2.0 is a browser extension for Mozilla Firefox and Google Chrome that provides an interface for locating library resources. LibX 2.0 gives users instant access to library searches, links, and proxies. It provides support for the modernized search services that libraries are beginning to offer. Additionally, as a browser extension, LibX 2.0 is more accessible than the OPACs themselves. LibX 2.0 is the next iteration of the popular LibX extension. LibX 2.0 borrows several software engineering concepts for its design, including code reuse and modularity. As a result, we have created and updated many components to be compatible with these software engineering goals. We have designed a new user interface, inspired by Google Chrome, whose design we share between browsers. We have developed a framework for library applications, or LibApps, which enable user-created, extensible code. We have also developed custom caching, internationalization, and user preferences libraries to support our new design. / Master of Science

libraries

browser extensions

Securing Script-based Extensibility in Web Browsers

Djeric, Vladan

15 January 2010

Web browsers are increasingly designed to be extensible to keep up with the Web's rapid pace of change. This extensibility is typically implemented using script-based extensions. Script extensions have access to sensitive browser APIs and content from untrusted web pages. Unfortunately, this powerful combination creates the threat of privilege escalation attacks that grant web page scripts the full privileges of script extensions and control over the entire browser process. This thesis describes the pitfalls of script-based extensibility based on our study of the Firefox Web browser, and is the first to offer a classification of script-based privilege escalation vulnerabilities. We propose a taint-based system to track the spread of untrusted data in the browser and to detect the characteristic signatures of privilege escalation attacks. We show that this approach is effective by testing our system against exploits in the Firefox bug database and finding that it detects the vast majority of attacks with no false alarms.

web browser

browser extensions

privilege escalation

JavaScript

Firefox

vulnerability

0984

Securing Script-based Extensibility in Web Browsers

Djeric, Vladan

15 January 2010

Web browsers are increasingly designed to be extensible to keep up with the Web's rapid pace of change. This extensibility is typically implemented using script-based extensions. Script extensions have access to sensitive browser APIs and content from untrusted web pages. Unfortunately, this powerful combination creates the threat of privilege escalation attacks that grant web page scripts the full privileges of script extensions and control over the entire browser process. This thesis describes the pitfalls of script-based extensibility based on our study of the Firefox Web browser, and is the first to offer a classification of script-based privilege escalation vulnerabilities. We propose a taint-based system to track the spread of untrusted data in the browser and to detect the characteristic signatures of privilege escalation attacks. We show that this approach is effective by testing our system against exploits in the Firefox bug database and finding that it detects the vast majority of attacks with no false alarms.

web browser

browser extensions

privilege escalation

JavaScript

Firefox

vulnerability

0984

Foundations of provably secure browser-based protocols

Gajek, Sebastian

January 2009

Zugl.: Bochum, Univ., Diss., 2009

Product Bundling in Software Industry: The Case of Operating System and Browser Market

Hsu, Tuang-Chou

20 June 2000

Product bundling is a common tool to increase sales and profits for the firms when they sell products. In traditional market, because the consumer¡¦s reserve price to each product is different, adopting product bundling strategy can achieve their goal. Now , owing to the highly changed technology and the prevailing of computer and internet, there are plenty of forms and varieties of product bundling. It is more different to do the research about the product bundling in computer, software, or some high-tech information industries. In the light of the characteristic of these industries, it is necessary to modify the product bundling strategy to meet the demand. This study focuses on the product bundling strategy in software industry. A few days ago, in the case of Microsoft who violates the antitrust law, the public starts to pay attention to the product bundling strategy in software industry again. But the software industry has two very important characteristics. First, there are compatibility problems between different products. Second, it is difficult to define the boundary of products. So this study tries to build a model to explain the application of product bundling strategy in software industry, and use the model to confer the case of Microsoft. There are three objects in this study. First, analyzing the advantages and disadvantages of product bundling strategies in all kinds of conditions in the recent years. Second, using the model to prove that if there is only one monopoly firm in the main product market and it bundles its main and downstream products. Then the downstream competitor and the consumers will be harmed. Third, using the inference of the model to comment the case that the U.S department of justice who accuses Microsoft bundling its personal computer operation system and browser.

operating system

product bundling

browser

Using Contextual Information to Improve Phishing Warning Effectiveness

January 2015

abstract: Internet browsers are today capable of warning internet users of a potential phishing attack. Browsers identify these websites by referring to blacklists of reported phishing websites maintained by trusted organizations like Google, Phishtank etc. On identifying a Unified Resource Locator (URL) requested by a user as a reported phishing URL, browsers like Mozilla Firefox and Google Chrome display an 'active' warning message in an attempt to stop the user from making a potentially dangerous decision of visiting the website and sharing confidential information like username-password, credit card information, social security number etc. However, these warnings are not always successful at safeguarding the user from a phishing attack. On several occasions, users ignore these warnings and 'click through' them, eventually landing at the potentially dangerous website and giving away confidential information. Failure to understand the warning, failure to differentiate different types of browser warnings, diminishing trust on browser warnings due to repeated encounter are some of the reasons that make users ignore these warnings. It is important to address these factors in order to eventually improve a user’s reaction to these warnings. In this thesis, I propose a novel design to improve the effectiveness and reliability of phishing warning messages. This design utilizes the name of the target website that a fake website is mimicking, to display a simple, easy to understand and interactive warning message with the primary objective of keeping the user away from a potentially spoof website. / Dissertation/Thesis / Masters Thesis Computer Science 2015

Computer science

Browser Warning

Usability