Team for Research in
Ubiquitous Secure Technology

Citation
Eric Chen, Jason Bau, Charles Reis, Adam Barth. "App Isolation: Get the Security of Multiple Browsers with Just One". Proc. of the 18th ACM Conference on Computer and Communications Security (CCS 2011), ACM, 2011.

Abstract
Many browser-based attacks can be prevented by using separate browsers for separate web sites. However, most users access the web with only one browser. We explain the security benefits that using multiple browsers provides in terms of two concepts: entry-point restriction and state isolation. We combine these concepts into a general app isolation mechanism that can provide the same security benets in a single browser. While not appropriate for all types of web sites, many sites with high-value user data can opt in to app isolation to gain defenses against a wide variety of browser-based attacks. We implement app isolation in the Chromium browser and verify its security properties using nite-state model checking. We also measure the performance overhead of app isolation and conduct a large-scale study to evaluate its adoption complexity for various types of sites, demon- strating how the app isolation mechanisms are suitable for protecting a number of high-value Web applications, such as online banking. -

Electronic downloads

• http://dl.acm.org/citation.cfm?doid=2046707.2046734

• HTML

  Eric Chen, Jason Bau, Charles Reis, Adam Barth. <a
  href="http://www.truststc.org/pubs/839.html"
  >App Isolation: Get the Security of Multiple Browsers
  with Just One</a>, Proc. of the 18th ACM Conference on
  Computer and Communications Security (CCS 2011), ACM, 2011.

• Plain text

  Eric Chen, Jason Bau, Charles Reis, Adam Barth. "App
  Isolation: Get the Security of Multiple Browsers with Just
  One". Proc. of the 18th ACM Conference on Computer and
  Communications Security (CCS 2011), ACM, 2011.

• BibTeX

  @inproceedings{ChenBauReisBarth11_AppIsolationGetSecurityOfMultipleBrowsersWithJustOne,
      author = {Eric Chen and Jason Bau and Charles Reis and Adam
                Barth},
      title = {App Isolation: Get the Security of Multiple
                Browsers with Just One},
      booktitle = {Proc. of the 18th ACM Conference on Computer and
                Communications Security (CCS 2011)},
      organization = {ACM},
      year = {2011},
      abstract = {Many browser-based attacks can be prevented by
                using separate browsers for separate web sites.
                However, most users access the web with only one
                browser. We explain the security benefits that
                using multiple browsers provides in terms of two
                concepts: entry-point restriction and state
                isolation. We combine these concepts into a
                general app isolation mechanism that can provide
                the same security benets in a single browser.
                While not appropriate for all types of web sites,
                many sites with high-value user data can opt in to
                app isolation to gain defenses against a wide
                variety of browser-based attacks. We implement app
                isolation in the Chromium browser and verify its
                security properties using nite-state model
                checking. We also measure the performance overhead
                of app isolation and conduct a large-scale study
                to evaluate its adoption complexity for various
                types of sites, demon- strating how the app
                isolation mechanisms are suitable for protecting a
                number of high-value Web applications, such as
                online banking. -},
      URL = {http://www.truststc.org/pubs/839.html}
  }
  

Posted by Mary Stewart on 4 Apr 2012.
For additional information, see the Publications FAQ or contact webmaster at www truststc org.