A quantitative evaluation of privilege separation in web browser designs

Xinshu Dong, Hong Hu, Prateek Saxena, Zhenkai Liang

Research output: Chapter in Book/Report/Conference proceedingConference contribution

5 Scopus citations

Abstract

Privilege separation is a fundamental security concept that has been used in designing many secure systems. A number of recent works propose re-designing web browsers with greater privilege separation for better security. In practice, however, privilege-separated designs require a fine balance between security benefits and other competing concerns, such as performance. In fact, performance overhead has been a main cause that prevents many privilege separation proposals from being adopted in real systems. In this paper, we develop a new measurement-driven methodology that quantifies security benefits and performance costs for a given privilege-separated browser design. Our measurements on a large corpus of web sites provide key insights on the security and performance implications of partitioning dimensions proposed in 9 recent browser designs. Our results also provide empirical guidelines to resolve several design decisions being debated in recent browser re-design efforts.

Original languageEnglish (US)
Title of host publicationComputer Security, ESORICS 2013 - 18th European Symposium on Research in Computer Security, Proceedings
Pages75-93
Number of pages19
DOIs
StatePublished - 2013
Event18th European Symposium on Research in Computer Security, ESORICS 2013 - Egham, United Kingdom
Duration: Sep 9 2013Sep 13 2013

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume8134 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Other

Other18th European Symposium on Research in Computer Security, ESORICS 2013
Country/TerritoryUnited Kingdom
CityEgham
Period9/9/139/13/13

All Science Journal Classification (ASJC) codes

  • Theoretical Computer Science
  • Computer Science(all)

Fingerprint

Dive into the research topics of 'A quantitative evaluation of privilege separation in web browser designs'. Together they form a unique fingerprint.

Cite this