A quantitative evaluation of privilege separation in web browser designs

Xinshu Dong, Hong Hu, Prateek Saxena, Zhenkai Liang

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    4 Scopus citations

    Abstract

    Privilege separation is a fundamental security concept that has been used in designing many secure systems. A number of recent works propose re-designing web browsers with greater privilege separation for better security. In practice, however, privilege-separated designs require a fine balance between security benefits and other competing concerns, such as performance. In fact, performance overhead has been a main cause that prevents many privilege separation proposals from being adopted in real systems. In this paper, we develop a new measurement-driven methodology that quantifies security benefits and performance costs for a given privilege-separated browser design. Our measurements on a large corpus of web sites provide key insights on the security and performance implications of partitioning dimensions proposed in 9 recent browser designs. Our results also provide empirical guidelines to resolve several design decisions being debated in recent browser re-design efforts.

    Original languageEnglish (US)
    Title of host publicationComputer Security, ESORICS 2013 - 18th European Symposium on Research in Computer Security, Proceedings
    Pages75-93
    Number of pages19
    DOIs
    StatePublished - 2013
    Event18th European Symposium on Research in Computer Security, ESORICS 2013 - Egham, United Kingdom
    Duration: Sep 9 2013Sep 13 2013

    Publication series

    NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
    Volume8134 LNCS
    ISSN (Print)0302-9743
    ISSN (Electronic)1611-3349

    Other

    Other18th European Symposium on Research in Computer Security, ESORICS 2013
    CountryUnited Kingdom
    CityEgham
    Period9/9/139/13/13

    All Science Journal Classification (ASJC) codes

    • Theoretical Computer Science
    • Computer Science(all)

    Fingerprint Dive into the research topics of 'A quantitative evaluation of privilege separation in web browser designs'. Together they form a unique fingerprint.

    Cite this