Using a knowledge-based security orchestration tool to reduce the risk of browser compromise

D. Leon, Venkata A. Bhandari, Ananth A. Jillepalli, Frederick T. Sheldon
{"title":"Using a knowledge-based security orchestration tool to reduce the risk of browser compromise","authors":"D. Leon, Venkata A. Bhandari, Ananth A. Jillepalli, Frederick T. Sheldon","doi":"10.1109/SSCI.2016.7849910","DOIUrl":null,"url":null,"abstract":"Today, web browsers are used to access and modify sensitive data and systems including intranets and critical control systems. Due to their computational capabilities and network connectivity, browsers are vulnerable to several types of attacks, even when fully patched. Browsers are also the main target of phishing attacks. Many browser attacks, including phishing, could be prevented or mitigated by using site-, user-, and device-specific security configurations in a diverse browsing ecosystem. However, in our research, we discovered that all major browsers expose disparate security configuration procedures, option names, values, and semantics. This results in an extremely hard to secure browsing ecosystem. We analyzed in detail more than a thousand browser security configuration options in three major browsers and found that only 17 had common names with common semantics. In this paper, we describe the results of this in-depth analysis. We also describe a knowledge-based solution, Open Browser GP, that would enable organizations to implement highly-granular secure configurations for their information and operational technology (IT/OT) browsing ecosystem.","PeriodicalId":120288,"journal":{"name":"2016 IEEE Symposium Series on Computational Intelligence (SSCI)","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2016-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"8","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 IEEE Symposium Series on Computational Intelligence (SSCI)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SSCI.2016.7849910","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 8

Abstract

Today, web browsers are used to access and modify sensitive data and systems including intranets and critical control systems. Due to their computational capabilities and network connectivity, browsers are vulnerable to several types of attacks, even when fully patched. Browsers are also the main target of phishing attacks. Many browser attacks, including phishing, could be prevented or mitigated by using site-, user-, and device-specific security configurations in a diverse browsing ecosystem. However, in our research, we discovered that all major browsers expose disparate security configuration procedures, option names, values, and semantics. This results in an extremely hard to secure browsing ecosystem. We analyzed in detail more than a thousand browser security configuration options in three major browsers and found that only 17 had common names with common semantics. In this paper, we describe the results of this in-depth analysis. We also describe a knowledge-based solution, Open Browser GP, that would enable organizations to implement highly-granular secure configurations for their information and operational technology (IT/OT) browsing ecosystem.
使用基于知识的安全编排工具来降低浏览器泄露的风险
今天,web浏览器被用来访问和修改敏感数据和系统,包括内部网和关键控制系统。由于其计算能力和网络连接性,浏览器容易受到几种类型的攻击,即使完全打了补丁。浏览器也是网络钓鱼攻击的主要目标。许多浏览器攻击,包括网络钓鱼,可以通过在不同的浏览生态系统中使用特定于站点、用户和设备的安全配置来防止或减轻。然而,在我们的研究中,我们发现所有主流浏览器都公开不同的安全配置过程、选项名称、值和语义。这导致了一个极其难以保护的浏览生态系统。我们详细分析了三种主要浏览器中的一千多个浏览器安全配置选项,发现只有17个具有具有共同语义的通用名称。在本文中,我们描述了这一深入分析的结果。我们还描述了一个基于知识的解决方案,Open Browser GP,它将使组织能够为其信息和操作技术(IT/OT)浏览生态系统实现高粒度的安全配置。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信