Team for Research in
Ubiquitous Secure Technology

App Isolation: Get the Security of Multiple Browsers with Just One
Eric Chen, Jason Bau, Charles Reis, Adam Barth

Citation
Eric Chen, Jason Bau, Charles Reis, Adam Barth. "App Isolation: Get the Security of Multiple Browsers with Just One". Proc. of the 18th ACM Conference on Computer and Communications Security (CCS 2011), ACM, 2011.

Abstract
Many browser-based attacks can be prevented by using separate browsers for separate web sites. However, most users access the web with only one browser. We explain the security benefi ts that using multiple browsers provides in terms of two concepts: entry-point restriction and state isolation. We combine these concepts into a general app isolation mechanism that can provide the same security bene ts in a single browser. While not appropriate for all types of web sites, many sites with high-value user data can opt in to app isolation to gain defenses against a wide variety of browser-based attacks. We implement app isolation in the Chromium browser and verify its security properties using nite-state model checking. We also measure the performance overhead of app isolation and conduct a large-scale study to evaluate its adoption complexity for various types of sites, demon- strating how the app isolation mechanisms are suitable for protecting a number of high-value Web applications, such as online banking. -

Electronic downloads

Citation formats  
  • HTML
    Eric Chen, Jason Bau, Charles Reis, Adam Barth. <a
    href="http://www.truststc.org/pubs/839.html"
    >App Isolation: Get the Security of Multiple Browsers
    with Just One</a>, Proc. of the 18th ACM Conference on
    Computer and Communications Security (CCS 2011), ACM, 2011.
  • Plain text
    Eric Chen, Jason Bau, Charles Reis, Adam Barth. "App
    Isolation: Get the Security of Multiple Browsers with Just
    One". Proc. of the 18th ACM Conference on Computer and
    Communications Security (CCS 2011), ACM, 2011.
  • BibTeX
    @inproceedings{ChenBauReisBarth11_AppIsolationGetSecurityOfMultipleBrowsersWithJustOne,
        author = {Eric Chen and Jason Bau and Charles Reis and Adam
                  Barth},
        title = {App Isolation: Get the Security of Multiple
                  Browsers with Just One},
        booktitle = {Proc. of the 18th ACM Conference on Computer and
                  Communications Security (CCS 2011)},
        organization = {ACM},
        year = {2011},
        abstract = {Many browser-based attacks can be prevented by
                  using separate browsers for separate web sites.
                  However, most users access the web with only one
                  browser. We explain the security benefits that
                  using multiple browsers provides in terms of two
                  concepts: entry-point restriction and state
                  isolation. We combine these concepts into a
                  general app isolation mechanism that can provide
                  the same security benets in a single browser.
                  While not appropriate for all types of web sites,
                  many sites with high-value user data can opt in to
                  app isolation to gain defenses against a wide
                  variety of browser-based attacks. We implement app
                  isolation in the Chromium browser and verify its
                  security properties using nite-state model
                  checking. We also measure the performance overhead
                  of app isolation and conduct a large-scale study
                  to evaluate its adoption complexity for various
                  types of sites, demon- strating how the app
                  isolation mechanisms are suitable for protecting a
                  number of high-value Web applications, such as
                  online banking. -},
        URL = {http://www.truststc.org/pubs/839.html}
    }
    

Posted by Mary Stewart on 4 Apr 2012.
For additional information, see the Publications FAQ or contact webmaster at www truststc org.

Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright.