DOMtegrity: ensuring web page integrity against malicious browser extensions

@article{Toreini2019DOMtegrityEW,
  title={DOMtegrity: ensuring web page integrity against malicious browser extensions},
  author={Ehsan Toreini and M. Mehrnezhad and S. F. Shahandashti and F. Hao},
  journal={International Journal of Information Security},
  year={2019},
  volume={18},
  pages={801 - 814}
}
In this paper, we address an unsolved problem in the real world: how to ensure the integrity of the web content in a browser in the presence of malicious browser extensions? The problem of exposing confidential user credentials to malicious extensions has been widely understood, which has prompted major banks to deploy two-factor authentication. However, the importance of the “integrity” of the web content has received little attention. We implement two attacks on real-world online banking… Expand
4 Citations

References

SHOWING 1-10 OF 33 REFERENCES
Isolating malicious content scripts of browser extensions
  • Kailas Patil
  • Computer Science
  • Int. J. Inf. Priv. Secur. Integr.
  • 2017
Enhancing web browser security against malware extensions
Privacy Leakage Attacks in Browsers by Colluding Extensions
Verified Security for Browser Extensions
Chrome Extensions: Threat Analysis and Countermeasures
The Browser Hacker's Handbook
Towards improving browser extension permission management and user awareness
  • S. Marouf, Mohamed Shehab
  • Computer Science
  • 8th International Conference on Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom)
  • 2012
IceShield: Detection and Mitigation of Malicious Websites with a Frozen DOM
Detecting In-Flight Page Changes with Web Tripwires
...
1
2
3
4
...