SandFOX: Secure sandboxed and isolated environment for firefox browser
- Publication Type:
- Conference Proceeding
- ACM International Conference Proceeding Series, 2015, 08-10-Sep-2015
- Issue Date:
© 2015 ACM. Browser functionalities can be widely extended by browser extensions. One of the key features that makes browser extensions so powerful is that they run with "high" privi-leges. As a consequence, a vulnerable or malicious extension might expose browser, and operating system (OS) resources to possible attacks such as privilege escalation, information stealing, and session hijacking. The resources are referred as browser as well as OS components accessed through browser extension such as accessing information on the web appli-cation, executing arbitrary processes, and even access files from a host file system. This paper presents sandFOX (secure sandbox and iso-lated environment), a client-side browser policies for constructing sandbox environment. sandFOX allows the browser exten-sion to express fine-grained OS specific security policies that are enforced at runtime. In particular, our proposed policies provide the protection to OS resources (e.g., host file system, network and processes) from the browser attacks. We use Security-Enhanced Linux (SELinux) to tune OS and build a sandbox that helps in reducing potential damage from at-tacks on the OS resources. To show the practicality of sand-FOX in a range of settings, we compute the effectiveness of sandFOX for various browser attacks on OS resources. We also show that sandFOX enabled browser experiences low overhead on loading pages and utilizes negligible memory when running with sandbox environment.
Please use this identifier to cite or link to this item: