Annual Computer Security Applications Conference (ACSAC) 2013

Full Program »

Auto-FBI: A User-friendly Approach for Secure Access to Sensitive Content on the Web

We propose a novel and simple approach for securing access to sensitive content on the web. The approach automates the best manual compartmentalization practices for accessing different kinds of content with different browser instances. The automation is transparent to the user and does not require any modification of how non-sensitive content is accessed. For sensitive content, a Fresh Browser Instance (FBI) is automatically created to access the content. Our prototype system \texttt{Auto-FBI} can provide support for novice users with predefined sensitive content sites as well as to more experienced users who can define conflict of interest (COI) classes which allows content from sites in the same user-defined class to coexist in a browser instance. Our initial performance evaluation of our prototype shows that the overhead introduced by the approach is acceptable (less than 160 ms for sites that already have fast load time, but for slow sites the overhead can be as high as 750 ms).

Author(s):

Mohsen Zohrevandi    
Arizona State University
United States

Rida A. Bazzi    
Arizona State University
United States

 

Powered by OpenConf®
Copyright©2002-2014 Zakon Group LLC