Global ETD Search

1	LibX 2.0 Nicholson, Brian Robert 06 January 2012 (has links) As Internet applications continue to gain popularity, users are becoming increasingly comfortable with using the Web as part of their daily lives. Content is becoming digitized on a massive scale, and web browsers are emerging as the platform of choice. Library catalogs, or OPACs, have become widely digitized as part of this trend. Unlike modern search engines, however, many OPACs require antiquated, boolean-based search queries. Consequently, OPAC usage has declined. Libraries have recently begun to introduce modernized services that enable Google-like queries with convenient syntaxes; however, these services are not widely adopted since Google remains more accessible and familiar. LibX 2.0 is a browser extension for Mozilla Firefox and Google Chrome that provides an interface for locating library resources. LibX 2.0 gives users instant access to library searches, links, and proxies. It provides support for the modernized search services that libraries are beginning to offer. Additionally, as a browser extension, LibX 2.0 is more accessible than the OPACs themselves. LibX 2.0 is the next iteration of the popular LibX extension. LibX 2.0 borrows several software engineering concepts for its design, including code reuse and modularity. As a result, we have created and updated many components to be compatible with these software engineering goals. We have designed a new user interface, inspired by Google Chrome, whose design we share between browsers. We have developed a framework for library applications, or LibApps, which enable user-created, extensible code. We have also developed custom caching, internationalization, and user preferences libraries to support our new design. / Master of Science libraries browser extensions
2	Securing Script-based Extensibility in Web Browsers Djeric, Vladan 15 January 2010 (has links) Web browsers are increasingly designed to be extensible to keep up with the Web's rapid pace of change. This extensibility is typically implemented using script-based extensions. Script extensions have access to sensitive browser APIs and content from untrusted web pages. Unfortunately, this powerful combination creates the threat of privilege escalation attacks that grant web page scripts the full privileges of script extensions and control over the entire browser process. This thesis describes the pitfalls of script-based extensibility based on our study of the Firefox Web browser, and is the first to offer a classification of script-based privilege escalation vulnerabilities. We propose a taint-based system to track the spread of untrusted data in the browser and to detect the characteristic signatures of privilege escalation attacks. We show that this approach is effective by testing our system against exploits in the Firefox bug database and finding that it detects the vast majority of attacks with no false alarms. web browser browser extensions privilege escalation JavaScript Firefox vulnerability 0984
3	Securing Script-based Extensibility in Web Browsers Djeric, Vladan 15 January 2010 (has links) Web browsers are increasingly designed to be extensible to keep up with the Web's rapid pace of change. This extensibility is typically implemented using script-based extensions. Script extensions have access to sensitive browser APIs and content from untrusted web pages. Unfortunately, this powerful combination creates the threat of privilege escalation attacks that grant web page scripts the full privileges of script extensions and control over the entire browser process. This thesis describes the pitfalls of script-based extensibility based on our study of the Firefox Web browser, and is the first to offer a classification of script-based privilege escalation vulnerabilities. We propose a taint-based system to track the spread of untrusted data in the browser and to detect the characteristic signatures of privilege escalation attacks. We show that this approach is effective by testing our system against exploits in the Firefox bug database and finding that it detects the vast majority of attacks with no false alarms. web browser browser extensions privilege escalation JavaScript Firefox vulnerability 0984
4	Ledsagande av seniorer i samband med webben : Identifiering av tillvägagångssätt att bistå seniorer i utförandet av uppgifter på webben Lindahl, Daniel January 2019 (has links) Webben kan användas i många syften och kan skapa ett mervärde både i arbetslivet och det privata livet för människor. Idag förekommer användande av datorer, webben och IT generellt i ett flertal branscher. IT har också blivit en del av det svenska utbildningssystemet där det händer att skolan förser eleverna med en dator och tillhörande program att utföra studier med. De flesta av svenskarna får idag någon form av datorvana genom antingen jobb eller studier, något som vissa seniorer har gått miste om. Personer över 75 år är med marginal den åldersgrupp (räknat från tolv år och äldre) som i Sverige använder internet mest sällan. När frågan ställs om varför är svaret ”det är för krångligt” vanligt förekommande. Denna studie syftar att ta reda på hur användande av webben kan underlättas för seniorer (definierat till personer 75 år och äldre i denna studie). Till en början gick studien ut på att ta reda på vad seniorer kan få ut av att använda internet och webben. Det gjordes genom en litteratursökning och genom ett antal intervjuer. Det framkom att seniorer som faktiskt använder webben på ett eller annat sätt nyttjar exempelvis internetbank, mail och nyheter genom såväl dator som smartphone och surfplatta. Dessa tre områden (mail, internetbank och nyheter) användes i studien som centra för testen som skulle undersöka hur seniorers interaktion med webben kan underlättas. Ett webbläsartillägg utformades anpassat till ovan tre beskrivna områden. Kort beskrivet är ett webbläsartillägg ett lokalt program/tillägg som går att installera i sin webbläsare för att personligen ha tillgång till extern funktionalitet, exempelvis att blockera reklam. Webbläsartillägget som skapades i denna studie gav användarens webbläsare grafiska element som var tänkta att hjälpa användaren att lösa ett antal fördefinierade uppgifter. Tre olika koncept testades under studien. Med koncept syftas här hur den grafiska hjälpen utformas. Användartester utfördes med och utan webbläsartillägg som hjälp för att kunna se om det var någon skillnad på resultaten. När tester utfördes med webbläsartillägget roterades koncepten beskrivna ovan så att alla tre koncept testades under likvärdiga förutsättningar. Testpersonerna som utförde tester med webbläsartillägget fick även möjlighet att ge anonym respons på koncepten genom att fylla i enkäter. Enligt resultaten av denna studie lyckas seniorer bättre (större andel lyckade försök) och snabbare att utföra vardagliga uppgifter när det fanns tillgång till en lista med hur uppgiften ska utföras eller genom att viktiga rubriker och knappar för uppgiften är markerade. / The web can be used in multiple purposes and can create a value both at work and in the personal life of people. Today computers, internet and IT in general are commonly used in multiple professions. IT has also become a part of the Swedish educational system where it happens that the schools provides the students with a computer with including programs to conduct their studies. Most swedes today gets some kind of computer habit from either work or education, something that certain seniors have missed out on. People above the age of 75 is by margin the age-group (taking in to account twelve years and older) that most seldom uses internet in Sweden. When asked why a common answer is “it is too hard”. This study aims to find out in what ways the use of the web can be made easier for seniors (in this study defined as 75 years of age and older). For starters the study focused on finding out what seniors can get out of using internet and the web. That was done by literature searching and a number of interviews. It showed that seniors who actually uses the web one way or the other uses for example internet banking, mail and news by computer, smartphone and/or tablet. These three areas (internet banking, mail and news) was used as a Centre in the user tests who was conducted in order to find out how seniors can be assisted in their interaction with the web. A browser extension was formed suited to the three areas mentioned above. Browser extensions is a sort of a local program/extension to install in your browser to personally have access to external functionality, such as blocking advertisement. The browser extension formed in this study gave the users browser graphic elements with the purpose to help the user solve a number of predetermined tasks. Three concepts was tested in the study. In the context of this study a concept is the way that the graphic assist is formed. User tests was conducted with and without the browser extension as an assist in order to see if there was a difference in the results. When tests was conducted with the browser extension the concepts was rotated so that all three concepts was tested on equal basis. The test persons who conducted the tests with the browser extension also got the opportunity to give anonymous feedback on the concepts through an inquiry that was filled out after conducted test. The result of the user tests and the inquiry indicates that seniors would appreciate a step by step guide for tasks on the web. According to the results of this study seniors conducts everyday tasks both quicker and with more success when there is a step by step list or highlighted headlines and buttons describing said task. Seniors Usability Digital interaction Browser extensions Seniorer Användbarhet Digital interaktion Webbläsartillägg Engineering and Technology Teknik och teknologier
5	Analýza a vylepšování aplikací pro prohlížeče na základě trendů užívání. / Browser extensions analysis based on usage trends and their improvements Marek, Lukáš January 2013 (has links) This master thesis deals with the topic of browser extensions, their environment and analysis. The goal is to describe the extensions environment, online Webstores, that offers extensions and to show best practices for analysis and optimization of its extensions and their assets. Within the thesis you can find very precise analysis of online Webstores for Google Chrome extensions and Mozilla Firefox add-ons. Conclusions are made based on this analysis that include special characteristics of the previously mentioned browsers. The master thesis consists of two parts, theoretical and practical. The theoretical parts deals with the description of the browser extensions environment and it presents specific characteristics about online Webstores and browser extensions to the reader. In the practical part the thesis is focused on objectives set by the thesis and it presents the results of the Webstore analysis and description of the universal Google Analytics solution that helps developers to analyze their extensions The thesis contributes to the topic mainly with the precise description of the browser Webstores and extensions environment, best practices and recommendations and by creating the universal Google Analytics solutions for the developers.
6	Разработка фреймворка для создания расширений веб-браузера : магистерская диссертация / Development of a framework for creating web browser extensions Воложанин, С. С., Volozhanin, S. S. January 2023 (has links) Целью работы является разработка фреймворка для создания веб-браузерных расширений. Объектом исследования является класс программных средств для автоматизации и упрощения работы разработчиков с веб-браузерными расширениями. Методы исследования включают: анализ, сравнение и обобщение данных о существующих способах автоматизации разработки веб-браузерных расширений; апробация современных WEB-технологий. Магистерская диссертация содержит 4 главы. В первой главе описаны основные теоретические аспекты предметной области. Вторая глава содержит анализ и описание средств разработки. Третья глава посвящена описанию процесса разработки фреймворка. В четвертой главе представлено описание возможностей фреймворка. Результатом работы является разработанный фреймворк для создания расширений веб-браузера. / The aim of the work is to develop a framework for developing web browser extensions. The object of research is a class of software tools for automating and simplifying the work of developers with web browser extensions. Research methods include analysis, comparison, and generalization of data on existing methods for automating the development of web browser extensions; approbation of modern WEB-technologies. The paper contains 4 chapters. The first chapter describes the main theoretical aspects of the subject area. The second chapter contains an analysis and description of development tools. The third chapter is devoted to describing the framework development process. The fourth chapter presents a description of framework capabilities. The result of the work is the framework for developing web browser extensions. ФРЕЙМВОРК WEB-ТЕХНОЛОГИИ MASTER'S THESIS FRAMEWORK WEB BROWSER EXTENSIONS WEB TECHNOLOGIES DEVELOPMENT AUTOMATION
7	Undersökning av webbsidors säkerhet vid användning avFacebook Login : Vidareutveckling och analys av OAuthGuard Hedmark, Alice January 2019 (has links) Single Sign-On (SSO) är en autentiseringsprocess som tillåter en utvecklare att delegera autentiseringsansvaret till en dedikerad tjänst. OAuth 2.0 är ett auktoriseringsramverk som ofta står som grund för ett autentiseringslager som i sin tur möjliggör SSO. En identitetsleverantör är tjänsten som står för hantering av användaruppgifterna och autentiseringen, två vanliga identitetsleverantörer är Google och Facebook som i sin tur implementerar SSO med hjälp utav autentiseringslagren OpenID Connect respektive Facebooks egna autentiseringslager. Det har visat sig att många klienter som ska utnyttja SSO med OAuth 2.0 implementerar det fel så att säkerhetsbrister uppstår, studier har utförts med förslag till lösningar men många bristande implementationer fortsätter produceras och existera. Att skapa diverse verktyg för att främja säkerhet i dessa sammanhang är en metod där OAuthGuard utvecklats med visionen att även kunna skydda användaren, direkt från en webbläsare. OAuthGuard har även tidigare använts för att analysera säkerheten med Google SSO och visat att 50% av undersökta klienter har brister, men motsvarande studie eller verktyg saknas för Facebook SSO. Denna studie gjorde en motsvarande undersökning för Facebook SSO-klienter med en vidareutvecklad version av OAuthGuard och fann att de lider av brister med liknande trend som tidigare studies resultat mot Google-SSO-klienter, men att färre Facebook- SSO-klienter har brister i jämförelse. Vid vidareutvecklingen av OAuthGuard upptäcktes ett antal svårigheter och framtiden för denna typ av verktyg behöver vidare analyseras. Vidare analys behöver även göras för att bedöma om Facebook-SSO kan vara att föredra över Google-SSO ur säkerhetsperspektiv samt vidare utforskande av nya säkerhetsfrämjande metoder behöver utföras. / Single Sign-On (SSO) is an authentication process that allows a developer to delegate the authentication responsibility to a dedicated service. OAuth 2.0 is an authorization framework that often serves as a base for authentication layers to be built upon that in turn allows for SSO. An identity provider is the service that is responsible for handling user credentials and the authentication, two common identity providers are Google and Facebook that implement SSO with the authentication layers OpenID Connect respectively Facebooks own authentication layer. It has been shown that many clients using OAuth 2.0 as base for SSO make faulty implementations leading to security issues, a number of studies has proposed solutions to these issues but faulty implementations are continually being made. To create various tools to promote security in these contexts is a method where OAuthGuard has been developed with the vision to also directly protect the common website user directly from the browser. OAuthGuard has been used in an earlier study to analyze the security of clients using Google SSO and discovered that 50% of the analyzed clients had flaws, no comparable study has been done for clients using Facebook SSO, which is the second largest third party log in variant. This study made a comparable investigation for Facebook SSO clients with a further developed version of OAuthGuard and found that these clients suffer from flaws with a similar trend as the previous study with Google-SSO clients, although fewer Facebook-SSO clients suffer from these flaws. When further developing OAuthGuard a dumber of difficulties was discovered and the future of these kind of tools needs to be investigated. Further analysis needs to be done to assess if Facebook-SSO should be recommended over Google-SSO from a security perspective and also further exploration of new methods to promote security needs to be done. Web browser extensions OpenID Connect OIDC OAuth2.0 Single Sign-On SSO Security Facebook Social login. Webbläsartillägg OpenID Connect OIDC OAuth 2.0 Single Sign-On SSO Säkerhet Facebook Social login. Software Engineering Programvaruteknik
8	Sécurité et vie privée dans les applications web / Web applications security and privacy Somé, Dolière Francis 29 October 2018 (has links) Dans cette thèse, nous nous sommes intéressés aux problématiques de sécurité et de confidentialité liées à l'utilisation d'applications web et à l'installation d'extensions de navigateurs. Parmi les attaques dont sont victimes les applications web, il y a celles très connues de type XSS (ou Cross-Site Scripting). Les extensions sont des logiciels tiers que les utilisateurs peuvent installer afin de booster les fonctionnalités des navigateurs et améliorer leur expérience utilisateur. Content Security Policy (CSP) est une politique de sécurité qui a été proposée pour contrer les attaques de type XSS. La Same Origin Policy (SOP) est une politique de sécurité fondamentale des navigateurs, régissant les interactions entre applications web. Par exemple, elle ne permet pas qu'une application accède aux données d'une autre application. Cependant, le mécanisme de Cross-Origin Resource Sharing (CORS) peut être implémenté par des applications désirant échanger des données entre elles. Tout d'abord, nous avons étudié l'intégration de CSP avec la Same Origin Policy (SOP) et démontré que SOP peut rendre CSP inefficace, surtout quand une application web ne protège pas toutes ses pages avec CSP, et qu'une page avec CSP imbrique ou est imbriquée dans une autre page sans ou avec un CSP différent et inefficace. Nous avons aussi élucidé la sémantique de CSP, en particulier les différences entre ses 3 versions, et leurs implémentations dans les navigateurs. Nous avons ainsi introduit le concept de CSP sans dépendances qui assure à une application la même protection contre les attaques, quelque soit le navigateur dans lequel elle s'exécute. Finalement, nous avons proposé et démontré comment étendre CSP dans son état actuel, afin de pallier à nombre de ses limitations qui ont été révélées dans d'autres études. Les contenus tiers dans les applications web permettent aux propriétaires de ces contenus de pister les utilisateurs quand ils naviguent sur le web. Pour éviter cela, nous avons introduit une nouvelle architecture web qui une fois déployée, supprime le pistage des utilisateurs. Dans un dernier temps, nous nous sommes intéressés aux extensions de navigateurs. Nous avons d'abord démontré que les extensions qu'un utilisateur installe et/ou les applications web auxquelles il se connecte, peuvent le distinguer d'autres utilisateurs. Nous avons aussi étudié les interactions entre extensions et applications web. Ainsi avons-nous trouvé plusieurs extensions dont les privilèges peuvent être exploités par des sites web afin d'accéder à des données sensibles de l'utilisateur. Par exemple, certaines extensions permettent à des applications web d'accéder aux contenus d'autres applications, bien que cela soit normalement interdit par la Same Origin Policy. Finalement, nous avons aussi trouvé qu'un grand nombre d'extensions a la possibilité de désactiver la Same Origin Policy dans le navigateur, en manipulant les entêtes CORS. Cela permet à un attaquant d'accéder aux données de l'utilisateur dans n'importe qu'elle autre application, comme par exemple ses mails, son profile sur les réseaux sociaux, et bien plus. Pour lutter contre ces problèmes, nous préconisons aux navigateurs un système de permissions plus fin et une analyse d'extensions plus poussée, afin d'alerter les utilisateurs des dangers réels liés aux extensions. / In this thesis, we studied security and privacy threats in web applications and browser extensions. There are many attacks targeting the web of which XSS (Cross-Site Scripting) is one of the most notorious. Third party tracking is the ability of an attacker to benefit from its presence in many web applications in order to track the user has she browses the web, and build her browsing profile. Extensions are third party software that users install to extend their browser functionality and improve their browsing experience. Malicious or poorly programmed extensions can be exploited by attackers in web applications, in order to benefit from extensions privileged capabilities and access sensitive user information. Content Security Policy (CSP) is a security mechanism for mitigating the impact of content injection attacks in general and in particular XSS. The Same Origin Policy (SOP) is a security mechanism implemented by browsers to isolate web applications of different origins from one another. In a first work on CSP, we analyzed the interplay of CSP with SOP and demonstrated that the latter allows the former to be bypassed. Then we scrutinized the three CSP versions and found that a CSP is differently interpreted depending on the browser, the version of CSP it implements, and how compliant the implementation is with respect to the specification. To help developers deploy effective policies that encompass all these differences in CSP versions and browsers implementations, we proposed the deployment of dependency-free policies that effectively protect against attacks in all browsers. Finally, previous studies have identified many limitations of CSP. We reviewed the different solutions proposed in the wild, and showed that they do not fully mitigate the identified shortcomings of CSP. Therefore, we proposed to extend the CSP specification, and showed the feasibility of our proposals with an example of implementation. Regarding third party tracking, we introduced and implemented a tracking preserving architecture, that can be deployed by web developers willing to include third party content in their applications while preventing tracking. Intuitively, third party requests are automatically routed to a trusted middle party server which removes tracking information from the requests. Finally considering browser extensions, we first showed that the extensions that users install and the websites they are logged into, can serve to uniquely identify and track them. We then studied the communications between browser extensions and web applications and demonstrate that malicious or poorly programmed extensions can be exploited by web applications to benefit from extensions privileged capabilities. Also, we demonstrated that extensions can disable the Same Origin Policy by tampering with CORS headers. All this enables web applications to read sensitive user information. To mitigate these threats, we proposed countermeasures and a more fine-grained permissions system and review process for browser extensions. We believe that this can help browser vendors identify malicious extensions and warn users about the threats posed by extensions they install. Web Navigateurs Applications web Sécurité Extensions de navigateurs Communication inter-iframes Confidentialité Vie privé Pistage Empreinte de navigateurs Web Browser Web applications Security Same origin policy Content origin policy Cross-origin resource sharing Browser extensions Privacy Cross-iframe communication Third party web tracking Browser fingerprinting

Search results