TIIS (Çѱ¹ÀÎÅͳÝÁ¤º¸ÇÐȸ)
| ÇѱÛÁ¦¸ñ(Korean Title) |
Analysis of Web Browser Security Configuration Options |
| ¿µ¹®Á¦¸ñ(English Title) |
Analysis of Web Browser Security Configuration Options |
| ÀúÀÚ(Author) |
Ananth A. Jillepalli
Daniel Conte de Leon
Stuart Steiner
Jim Alves-Foss
|
| ¿ø¹®¼ö·Ïó(Citation) |
VOL 12 NO. 12 PP. 6139 ~ 6160 (2018. 12) |
Çѱ۳»¿ë
(Korean Abstract) |
|
¿µ¹®³»¿ë
(English Abstract) |
For ease of use and access, web browsers are now being used to access and modify sensitive data and systems including critical control systems. Due to their computational capabilities and network connectivity, browsers are vulnerable to several types of attacks, even when fully updated. Browsers are also the main target of phishing attacks. Many browser attacks, including phishing, could be prevented or mitigated by using site-, user-, and device-specific security configurations. However, we discovered that all major browsers expose disparate security configuration procedures, option names, values, and semantics. This results in an extremely hard to secure web browsing ecosystem. We analyzed more than a 1000 browser security configuration options in three major browsers and found that only 13 configuration options had syntactic and semantic similarity, while 4 configuration options had semantic similarity, but not syntactic similarity. We: a) describe the results of our in-depth analysis of browser security configuration options; b) demonstrate the complexity of policy-based configuration of web browsers; c) describe a knowledge-based solution that would enable organizations to implement highly-granular and policy-level secure configurations for their information and operational technology browsing infrastructures at the enterprise scale; and d) argue for necessity of developing a common language and semantics for web browser configurations.
|
| Å°¿öµå(Keyword) |
Security policy
application hardening
secure configurations
enforcing least privilege
web browser security
phishing prevention
|
| ÆÄÀÏ÷ºÎ |
PDF ´Ù¿î·Îµå
|
