DOMtegrity: ensuring web page integrity against malicious browser extensions
- Submitting institution
-
University of Newcastle upon Tyne
- Unit of assessment
- 11 - Computer Science and Informatics
- Output identifier
- 258049-163219-1292
- Type
- D - Journal article
- DOI
-
10.1007/s10207-019-00442-1
- Title of journal
- International Journal of Information Security
- Article number
- -
- First page
- 801
- Volume
- 18
- Issue
- -
- ISSN
- 1615-5262
- Open access status
- Compliant
- Month of publication
- June
- Year of publication
- 2019
- URL
-
https://doi.org/10.1007/s10207-019-00442-1
- Supplementary information
-
-
- Request cross-referral to
- -
- Output has been delayed by COVID-19
- No
- COVID-19 affected output statement
- -
- Forensic science
- No
- Criminology
- No
- Interdisciplinary
- No
- Number of additional authors
-
3
- Research group(s)
-
E - Secure and Resilient Systems
- Citation count
- 1
- Proposed double-weighted
- No
- Reserve for an output with double weighting
- No
- Additional information
- This paper proposes a novel idea to ensure web page's source code integrity in presence of a malicious browser extension. The solution, DOMtegrity, does not need modifications to the browser engine, installing third-party software, or use of external hardware tokens for such protection. We conduct extensive experiments on more than 14,000 real-world extensions to evaluate the effectiveness of DOMtegrity and show how DOMtegrity prevents a whole range of man-in-the-browser attacks. After publication of this paper, Mozilla has shown interest in collaboration and potentially the adaptation of the DOMtegrity method into their browser.
- Author contribution statement
- -
- Non-English
- No
- English abstract
- -