Evaluating the Manageability of Web Browsers Controls

The proliferation of smartphones has introduced new challenges in web browsing security. These devices often have limited resources and small size, which may limit the security ‘arsenal’ of their user. This, however, does not seem to deter smartphone users from accessing the Web via their devices. On the same time, the popularity of browser-based exploits among attackers is also on the rise, especially in the form of Blackhole exploit kit, i.e. frameworks that attack browsers using 0-day exploits (e.g., in Java, Flash). In this context, the paper contributes by comparing the availability and manageability of security controls that are offered by popular smartphone and desktop browsers. It also provides insights about their preconfigured protection against web threats.

[1]  Theodore Tryfonas,et al.  A Qualitative Approach to Information Availability , 2000, SEC.

[2]  Kirstie Hawkey,et al.  Do windows users follow the principle of least privilege?: investigating user account control practices , 2010, SOUPS.

[3]  Dimitris Gritzalis,et al.  Long-term verifiability of healthcare records authenticity , 2007 .

[4]  Eric Yawei Chen,et al.  App isolation: get the security of multiple browsers with just one , 2011, CCS '11.

[5]  Patrick Traynor,et al.  Measuring SSL Indicators on Mobile Browsers: Extended Life, or End of the Road? , 2012, ISC.

[6]  David A. Wagner,et al.  An Evaluation of the Google Chrome Extension Security Architecture , 2012, USENIX Security Symposium.

[7]  Tim Berners-Lee,et al.  Hypertext transfer protocol--http/i , 1993 .

[8]  Dimitris Gritzalis,et al.  Smartphone security evaluation The malware attack case , 2011, Proceedings of the International Conference on Security and Cryptography.

[9]  Lorrie Faith Cranor,et al.  Crying Wolf: An Empirical Study of SSL Warning Effectiveness , 2009, USENIX Security Symposium.

[10]  Dimitris Gritzalis,et al.  Long-term verifiability of the electronic healthcare records' authenticity , 2007, Int. J. Medical Informatics.

[11]  Benjamin Livshits,et al.  Rozzle: De-cloaking Internet Malware , 2012, 2012 IEEE Symposium on Security and Privacy.

[12]  Benjamin Livshits,et al.  ZOZZLE: Fast and Precise In-Browser JavaScript Malware Detection , 2011, USENIX Security Symposium.

[13]  Steven Furnell,et al.  Information Security and Privacy Research , 2012, IFIP Advances in Information and Communication Technology.

[14]  Peter Eckersley,et al.  How Unique Is Your Web Browser? , 2010, Privacy Enhancing Technologies.

[15]  Giovanni Vigna,et al.  Prophiler: a fast filter for the large-scale detection of malicious web pages , 2011, WWW.

[16]  Dimitris Gritzalis,et al.  A Risk Assessment Method for Smartphones , 2012, SEC.

[17]  Steven Furnell,et al.  From desktop to mobile: Examining the security experience , 2009, Comput. Secur..

[18]  Dimitris Gritzalis,et al.  Delegate the smartphone user? Security awareness in smartphone platforms , 2013, Comput. Secur..

[19]  Roy T. Fielding,et al.  Hypertext Transfer Protocol - HTTP/1.1 , 1997, RFC.

[20]  Sorin Lerner,et al.  An empirical study of privacy-violating information flows in JavaScript web applications , 2010, CCS '10.

[21]  Lorrie Faith Cranor,et al.  You've been warned: an empirical study of the effectiveness of web browser phishing warnings , 2008, CHI.