Privilege separation in browser architectures

DSpace/Manakin Repository

Show simple item record

dc.contributor.advisor Bugliesi, Michele it_IT
dc.contributor.author Steffinlongo, Enrico <1987> it_IT
dc.date.accessioned 2014-06-08 it_IT
dc.date.accessioned 2014-09-20T08:47:18Z
dc.date.available 2014-09-20T08:47:18Z
dc.date.issued 2014-06-26 it_IT
dc.identifier.uri http://hdl.handle.net/10579/4783
dc.description.abstract In many software systems as modern web browsers the user and his sensitive data often interact with the untrusted outer world. This scenario can pose a serious threat to the user's private data and gives new relevance to an old story in computer science: providing controlled access to untrusted components, while preserving usability and ease of interaction. To address the threats of untrusted components, modern web browsers propose privilege-separated architectures, which isolate components that manage critical tasks and data from components which handle untrusted inputs. The former components are given strong permissions, possibly coinciding with the full set of permissions granted to the user, while the untrusted components are granted only limited privileges, to limit possible malicious behaviours: all the interactions between trusted and untrusted components is handled via message passing. In this thesis we introduce a formal semantics for privilege-separated architectures and we provide a general definition of privilege separation: we discuss how different privilege-separated architectures can be evaluated in our framework, identifying how different security threats can be avoided, mitigated or disregarded. Specifically, we evaluate in detail the existing Google Chrome Extension Architecture in our formal model and we discuss how its design can mitigate serious security risks, with only limited impact on the user experience. it_IT
dc.language.iso en it_IT
dc.publisher Università Ca' Foscari Venezia it_IT
dc.rights © Enrico Steffinlongo, 2014 it_IT
dc.title Privilege separation in browser architectures it_IT
dc.title.alternative it_IT
dc.type Master's Degree Thesis it_IT
dc.degree.name Informatica - computer science it_IT
dc.degree.level Laurea magistrale it_IT
dc.degree.grantor Dipartimento di Scienze Ambientali, Informatica e Statistica it_IT
dc.description.academicyear 2013/2014, sessione estiva it_IT
dc.rights.accessrights openAccess it_IT
dc.thesis.matricno 826043 it_IT
dc.subject.miur INF/01 INFORMATICA it_IT
dc.description.note it_IT
dc.degree.discipline it_IT
dc.contributor.co-advisor it_IT
dc.date.embargoend it_IT
dc.provenance.upload Enrico Steffinlongo (826043@stud.unive.it), 2014-06-08 it_IT
dc.provenance.plagiarycheck Michele Bugliesi (bugliesi@unive.it), 2014-06-24 it_IT


Files in this item

This item appears in the following Collection(s)

Show simple item record