Settings Protection Add-on: A User-Interactive Browser Extension to Prevent the Exploitation of Preferences
Adam R. Bryant (Advisor), Michelle A. Cheatham (Committee Member), Mateen M. Rizki (Committee Member)
Master of Science (MS)
The abuse of browser preferences is a significant application security issue, despite numerous protections against automated software changing these preferences. Browser hijackers modify user’s desired preferences by injecting malicious software into the browser. Users are not aware of these modifications, and the unwanted changes can annoy the user and circumvent security preferences. Reverting these changes is not easy, and users often have to go through complicated sequences of steps to restore their preferences to the previous values. Tasks to resolve this issue include uninstalling and re-installing the browser, resetting browser preferences, and installing malware removal tools. This thesis describes a solution to this problem by developing a user-interactive browser add-on named “Settings Protection.” This thesis describes the various means of exploiting preferences in the Google Chrome and Mozilla Firefox browsers and discusses preferences that are frequently exploited by browser hijackers. The Settings Protection add-on observes and detects changes in preferences that users may be unaware of. After detecting these unknown changes, the add-on reverts the modified preferences to old values and saves the new changes upon the user’s confirmation. If the user is not expecting these changes in the browser, the add-on discards them. A proof of concept add-on for the Mozilla Firefox browser implements this research and is tested in a real-time environment. Lastly, this thesis evaluates the performance of the Settings Protection add-on using the Mozilla Firefox performance tools.
Department or Program
Department of Computer Science and Engineering
Year Degree Awarded
Copyright 2017, all rights reserved. My ETD will be available under the "Fair Use" terms of copyright law.