Abstract
Privilege separation is a fundamental security concept that has been used in designing many secure systems. A number of recent works propose re-designing web browsers with greater privilege separation for better security. In practice, however, privilege-separated designs require a fine balance between security benefits and other competing concerns, such as performance. In fact, performance overhead has been a main cause that prevents many privilege separation proposals from being adopted in real systems. In this paper, we develop a new measurement-driven methodology that quantifies security benefits and performance costs for a given privilege-separated browser design. Our measurements on a large corpus of web sites provide key insights on the security and performance implications of partitioning dimensions proposed in 9 recent browser designs. Our results also provide empirical guidelines to resolve several design decisions being debated in recent browser re-design efforts. © 2013 Springer-Verlag.
Author supplied keywords
Cite
CITATION STYLE
Dong, X., Hu, H., Saxena, P., & Liang, Z. (2013). A quantitative evaluation of privilege separation in web browser designs. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 8134 LNCS, pp. 75–93). https://doi.org/10.1007/978-3-642-40203-6_5
Register to see more suggestions
Mendeley helps you to discover research relevant for your work.
