research-article

Public Access

Most Websites Don't Need to Vibrate: A Cost-Benefit Approach to Improving Browser Security

Authors:

Peter Snyder,

Cynthia Taylor,

Chris KanichAuthors Info & Claims

CCS '17: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security

Pages 179 - 194

https://doi.org/10.1145/3133956.3133966

Published: 30 October 2017 Publication History

PDF eReader

Abstract

Modern web browsers have accrued an incredibly broad set of features since being invented for hypermedia dissemination in 1990. Many of these features benefit users by enabling new types of web applications. However, some features also bring risk to users' privacy and security, whether through implementation error, unexpected composition, or unintended use. Currently there is no general methodology for weighing these costs and benefits. Restricting access to only the features which are necessary for delivering desired functionality on a given website would allow users to enforce the principle of lease privilege on use of the myriad APIs present in the modern web browser.

However, security benefits gained by increasing restrictions must be balanced against the risk of breaking existing websites. This work addresses this problem with a methodology for weighing the costs and benefits of giving websites default access to each browser feature. We model the benefit as the number of websites that require the feature for some user-visible benefit, and the cost as the number of CVEs, lines of code, and academic attacks related to the functionality. We then apply this methodology to 74 Web API standards implemented in modern browsers. We find that allowing websites default access to large parts of the Web API poses significant security and privacy risks, with little corresponding benefit.

We also introduce a configurable browser extension that allows users to selectively restrict access to low-benefit, high-risk features on a per site basis. We evaluated our extension with two hardened browser configurations, and found that blocking 15 of the 74 standards avoids 52.0% of code paths related to previous CVEs, and 50.0% of implementation code identified by our metric, without affecting the functionality of 94.7% of measured websites.

Supplemental Material

MP4 File

Download
2631.51 MB

References

[1]

Adblock plus. https://adblockplus.org/. [Online; accessed 16-October-2015].

Abstract

Supplemental Material

References

Cited By

Index Terms

Recommendations

Defeating Cross-Site Request Forgery Attacks with Browser-Enforced Authenticity Protection

Blueprint: Robust Prevention of Cross-site Scripting Attacks for Existing Browsers

When tolerance causes weakness: the case of injection-friendly browsers

Comments

Information

Published In

Sponsors

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Funding Sources

Conference

Acceptance Rates

Upcoming Conference

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

View options

PDF

eReader

Login options

Full Access

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations