Publication Type : Journal Article
Thematic Areas : TIFAC-CORE in Cyber Security
Publisher : Advances in Intelligent Systems and Computing
Source : Advances in Intelligent Systems and Computing, Springer Verlag, Volume 516, p.169-178 (2017)
ISBN : 9789811031557
Campus : Coimbatore
School : School of Engineering
Center : TIFAC CORE in Cyber Security
Department : Computer Science, cyber Security
Verified : No
Year : 2017
Abstract : Chrome browser extensions have become very popular among the users of Google Chrome and hence they are used by attackers to perform malicious activities which lead to loss of user’s sensitive data or damage to the user’s system. In this study, we have done an analysis on the security of the Chrome extension development APIs. We have used the STRIDE approach to identify the possible threats of the Chrome specific APIs which are used for extension development. The analysis results show that 23 out of the 63 Chrome specific APIs are having various threats as per the STRIDE approach. Information disclosure is the threat faced by many APIs followed by tampering. This threat analysis result can be used as reference for a tool which can detect whether the extension is malicious or not by deeply analysing the ways in which the APIs having threats are used in the extension code. © Springer Nature Singapore Pte Ltd. 2017.
Cite this Research Publication : P. K. Akshay Dev and Jevitha, K. P., “Stride based analysis of the chrome browser extensions API”, Advances in Intelligent Systems and Computing, vol. 516, pp. 169-178, 2017.