Identifying Private Data Leakage Threats in Web Browsers

Open Access
Zhao, Bin
Graduate Program:
Information Sciences and Technology
Doctor of Philosophy
Document Type:
Date of Defense:
June 19, 2015
Committee Members:
  • Peng Liu, Dissertation Advisor
  • Peng Liu, Committee Chair
  • Sencun Zhu, Committee Member
  • Anna Cinzia Squicciarini, Committee Member
  • George Kesidis, Committee Member
  • Carleen Frances Maitland, Special Member
  • Browse extensions
  • dynamic analysis
  • system calls
  • private browsing mode
  • privacy breaches
  • Android applications
Modern web browsers now provide more customizations to improve the usability and their competitiveness. Browser extensions and private browsing mode (PBM) are arguably two most popular customizations. With billions of downloads, browser extensions enhance user experience by providing additional features. PBM enables users to browse the Internet while protecting their private browsing data. However, private data leakage threats still exist in browser extensions, even if under PBM. In this dissertation, we first investigate two aspects of private data leakage threats associated with browser extensions: (1), aspect-level behavior clustering on browser extensions and its security implications, and (2), identifying privacy breaches caused by extensions under PBM. First, many extensions can be downloaded from webstores without sufficient trust or safety scrutiny, which poses threats on user's private data. In this dissertation, we propose an aspect-level behavior clustering approach to enhancing the safety management of extensions. We decompose an extension's runtime behavior into several pieces, denoted as AEBs (Aspects of Extension Behavior). Similar AEBs of different extensions are grouped into an "AEB cluster" based on subgraph isomorphism. We then build profiles of AEB clusters for both extensions and categories (of extensions) to detect suspicious extensions. Second, browser extensions can greatly undermine PBM, mostly due to the fact that browsers let extensions handle the private data themselves even if under PBM. We propose an approach to comprehensively identify and stop privacy breaches caused by browser extensions under PBM. We combine dynamic analysis and symbolic execution to represent extensions' behavior. Our analysis shows that many extensions have not fulfilled PBM's guidelines on handling private browsing data. The evaluation results on 1,912 Firefox extensions show that our approach can effectively identify and stop privacy breaches under PBM caused by extensions, with almost negligible performance impact. Finally, we extend system-level behavior analysis on Android platform. We intend to map system level behavior with Android APIs, for further study to detect possible permission abusing.