| 摘要(英) |
Recently, due to the advanced technology developed on the Internet, the Web browser has become one of the essential applications. A Web browser is not only used to surf on the internet, but also plays an important role as a portable operating system. For example, many users edit documents via an on-line editor and store the documents in an on-line storage. All those tasks are done with the help of a Web browser. This results in a large number of attacks on Web browsers. Therefore, the security of Web browsers has become a more and more important issue in recent years.
Through attacking Web browsers, the attackers may get our private information such as surfing habits and passwords. This is because that Web browsers always leave cookies, browsing history, and caches on the computer. To avoid malicious attacks, many Web browsers have developed the mechanism of private browsing mode. In the private browsing mode, a user’s behavior is not traced and his private information is not left either. However, the mechanism still creates files such as bookmarks. Most important of all, the files downloaded through a Web browser are saved on the disk unless the user deletes them himself. This is really a serious threat to the private security of Web users.
We design a mechanism on Windows XP to observe the behavior of creating and deleting files of Firefox in private browsing mode. Then we focus on the files which are not removed, and clear them by our mechanism. We hope that via our mechanism, the Web browsers can provide a comprehensively secure environment.
|
| 參考文獻 |
[1] IBM. (2011). 2011 Mid-year Trend and Risk Report. http://www-935.ibm.com/services/us/iss/xforce/trendreports/
[2] E. W. Felten, and M. A. Schneider, "Timing attacks on web privacy," ACM Conference on Computer and Communications Security, issue pp. 25-32, 2000.
[3] StatCounter. (2011). Top 5 Browsers. http://gs.statcounter.com/
[4] Microsoft. What is InPrivate Browsing? http://windows.microsoft.com/en-us/windows-vista/what-is-inprivate-browsing
[5] Google Chrome. Incognito mode. http://support.google.com/chrome/bin/answer.py?hl=zh-Hant&answer=95464
[6] Mozilla Firefox. Private Browsing - Browse the web without saving information about the sites you visit. http://support.mozilla.org/en-US/kb/private-browsing-browse-web-without-saving-info
[7] Qualys Security Labs. MS11-077: From Patch to Proof-of-Concept. https://community.qualys.com/blogs/securitylabs/tags/win32k.sys
[8] Microsoft. Using Nt and Zw Versions of the Native System Services Routines. http://msdn.microsoft.com/en-us/library/windows/hardware/ff565438(v=vs.85).aspx
[9] Umesh Shankar, and Chris Karlof, "Doppelganger: Better browser privacy without the bother," in Proceedings of the 13th ACM conference on Computer and communications security, Alexandria, Virginia, USA, 2006.
[10] Adam Barth, Adrienne Porter Felt, Prateek Saxena, and Aaron Boodman, "Protecting Browsers from Extension Vulnerabilities," in Proceedings of the 17th Network and Distributed System Security Symposium (NDSS), 2010.
[11] Felipe Saint-Jean, Aaron Johnson, Dan Boneh, and Joan Feigenbaum, "Private web search," in Proceedings of the 2007 ACM workshop on Privacy in electronic society, Alexandria, Virginia, USA, 2007.
[12] TotalRecal on Firefox. https://addons.mozilla.org/en-US/firefox/addon/totalrecall/
[13] Torbutton 1.4.1. https://blog.torproject.org/blog/torbutton-141-released
[14] Wang Jiang, Huang Yih, and A. Ghosh, "SafeFox: A Safe Lightweight Virtual Browsing Environment," in System Sciences (HICSS), 2010 43rd Hawaii International Conference on, 5-8 Jan. 2010,2010.
[15] Li Dongsheng, Lv Qin, Xia Huanhuan, Shang Li, Lu Tun, and Gu Ning, "Pistis: A Privacy-Preserving Content Recommender System for Online Social Communities,"
in Web Intelligence and Intelligent Agent Technology (WI-IAT), 2011 IEEE/WIC/ACM International Conference on, 22-27 Aug. 2011,2011.
[16] Pereira, and Murilo Tito, "Forensic analysis of the Firefox 3 Internet history and recovery of deleted SQLite records," Digital Investigation, vol. 5,issue 3-4, pp. 93-103, 2009.
[17] Suman Jana, and Vitaly Shmatikov, "Memento: Learning Secrets from Process Footprints," in Security and Privacy (SP), 2012 IEEE Symposium on, 20-23 May,2012.
[18] Gaurav Aggarwal, Elie Bursztein, Collin Jackson, and Dan Boneh, "An analysis of private browsing modes in modern browsers," in Proceedings of the 19th USENIX conference on Security, Washington, DC, 2010.
[19] Understanding the Import Address Table. http://sandsprite.com/CodeStuff/Understanding_imports.html
[20] Microsoft. Download and Install Debugging Tools for Windows. http://msdn.microsoft.com/en-us/windows/hardware/gg463009.aspx
[21] Microsoft. NtCreateFile routine http://msdn.microsoft.com/en-us/library/windows/hardware/ff566424(v=vs.85).aspx
[22] Microsoft. NtCreateFile function. http://msdn.microsoft.com/en-us/library/bb432380(v=vs.85).aspx
[23] 11.6.1 Zone.Identifier Stream Name. http://msdn.microsoft.com/en-us/library/ff469212%28PROT.10%29.aspx
[24] 強制刪除文件. http://blog.csdn.net/beijixing2003/article/details/2535069
[25] Microsoft. Detours. http://research.microsoft.com/en-us/projects/detours/
[26] The top 500 sites on the web. http://www.alexa.com/topsites
[27] w3shools.com. HTML5 Web Storage. http://www.w3schools.com/html5/html5_webstorage.asp
[28] Alexa. Top Sites. http://www.alexa.com/topsites[1] IBM. (2011). 2011 Mid-year Trend and Risk Report. http://www-935.ibm.com/services/us/iss/xforce/trendreports/
|
[Endnote RIS 格式]
[相關文章]
[文章引用]
[完整記錄]
[館藏目錄]
至系統瀏覽論文 ( 永不開放)
plurk
funp
live
udn
HD
myshare
netvibes
friend
youpush
delicious
baidu
Google bookmarks
del.icio.us
hemidemi
facebook
twitter
google
reddit