Client-side attacks against web sessions are a real concern for many applications. Realizing protection mechanisms on the client side, e.g. as browser extensions, has become a popular approach for securing the Web. In this paper we report on our experience in the implementation of SessInt, an extension for Google Chrome that protects users against a variety of client-side attacks, and we discuss some limitations of the browser APIs that negatively impacted on the design process.

Development of security extensions based on Chrome APIs

FOCARDI, Riccardo;TEMPESTA, MAURO
2015-01-01

Abstract

Client-side attacks against web sessions are a real concern for many applications. Realizing protection mechanisms on the client side, e.g. as browser extensions, has become a popular approach for securing the Web. In this paper we report on our experience in the implementation of SessInt, an extension for Google Chrome that protects users against a variety of client-side attacks, and we discuss some limitations of the browser APIs that negatively impacted on the design process.
2015
8th International Workshop on Analysis of Security APIs (ASA-8)
4.2 Abstract in Atti di convegno
File in questo prodotto:
File Dimensione Formato  
asa.pdf

accesso aperto

Licenza: Accesso gratuito (solo visione)
Dimensione 443.38 kB
Formato Adobe PDF
Visualizza/Apri
443.38 kB Adobe PDF Visualizza/Apri

I documenti in ARCA sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/10278/3662277
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus ND
  • ???jsp.display-item.citation.isi??? ND
social impact