Publication Date

2017

Document Type

Thesis

Committee Members

Adam R. Bryant (Advisor), Michelle A. Cheatham (Committee Member), Mateen M. Rizki (Committee Member)

Degree Name

Master of Science (MS)

Abstract

The abuse of browser preferences is a significant application security issue, despite numerous protections against automated software changing these preferences. Browser hijackers modify user’s desired preferences by injecting malicious software into the browser. Users are not aware of these modifications, and the unwanted changes can annoy the user and circumvent security preferences. Reverting these changes is not easy, and users often have to go through complicated sequences of steps to restore their preferences to the previous values. Tasks to resolve this issue include uninstalling and re-installing the browser, resetting browser preferences, and installing malware removal tools. This thesis describes a solution to this problem by developing a user-interactive browser add-on named “Settings Protection.” This thesis describes the various means of exploiting preferences in the Google Chrome and Mozilla Firefox browsers and discusses preferences that are frequently exploited by browser hijackers. The Settings Protection add-on observes and detects changes in preferences that users may be unaware of. After detecting these unknown changes, the add-on reverts the modified preferences to old values and saves the new changes upon the user’s confirmation. If the user is not expecting these changes in the browser, the add-on discards them. A proof of concept add-on for the Mozilla Firefox browser implements this research and is tested in a real-time environment. Lastly, this thesis evaluates the performance of the Settings Protection add-on using the Mozilla Firefox performance tools.

Page Count

85

Department or Program

Department of Computer Science and Engineering

Year Degree Awarded

2017

Download


Share

COinS