{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,8,22]],"date-time":"2025-08-22T04:52:14Z","timestamp":1755838334443},"publisher-location":"Berlin, Heidelberg","reference-count":28,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783642392344"},{"type":"electronic","value":"9783642392351"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2013]]},"DOI":"10.1007\/978-3-642-39235-1_7","type":"book-chapter","created":{"date-parts":[[2013,7,13]],"date-time":"2013-07-13T04:07:36Z","timestamp":1373688456000},"page":"122-138","source":"Crossref","is-referenced-by-count":10,"title":["Securing Legacy Firefox Extensions with SENTINEL"],"prefix":"10.1007","author":[{"given":"Kaan","family":"Onarlioglu","sequence":"first","affiliation":[]},{"given":"Mustafa","family":"Battal","sequence":"additional","affiliation":[]},{"given":"William","family":"Robertson","sequence":"additional","affiliation":[]},{"given":"Engin","family":"Kirda","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"7_CR1","unstructured":"Add-ons for Firefox: About Startup, \n                    \n                      https:\/\/addons.mozilla.org\/en-us\/firefox\/addon\/about-startup\/"},{"key":"7_CR2","volume-title":"Proceedings of the USENIX Security Symposium","author":"S. Bandhakavi","year":"2010","unstructured":"Bandhakavi, S., King, S.T., Madhusudan, P., Winslett, M.: VEX: Vetting Browser Extensions for Security Vulnerabilities. In: Proceedings of the USENIX Security Symposium. USENIX Association, Berkeley (2010)"},{"key":"7_CR3","doi-asserted-by":"publisher","first-page":"91","DOI":"10.1145\/1995376.1995398","volume":"54","author":"S. Bandhakavi","year":"2011","unstructured":"Bandhakavi, S., Tiku, N., Pittman, W., King, S.T., Madhusudan, P., Winslett, M.: Vetting Browser Extensions for Security Vulnerabilities with VEX. Communications of the ACM\u00a054, 91\u201399 (2011)","journal-title":"Communications of the ACM"},{"key":"7_CR4","unstructured":"Barth, A., Felt, A.P., Saxena, P., Boodman, A.: Protecting Browsers from Extension Vulnerabilities. In: Proceedings of the Network and Distributed Systems Security Symposium (2010)"},{"key":"7_CR5","volume-title":"Proceedings of the USENIX Security Symposium","author":"N. Carlini","year":"2012","unstructured":"Carlini, N., Felt, A.P., Wagner, D.: An Evaluation of the Google Chrome Extension Security Architecture. In: Proceedings of the USENIX Security Symposium. USENIX Association, Berkeley (2012)"},{"key":"7_CR6","doi-asserted-by":"crossref","unstructured":"Dhawan, M., Ganapathy, V.: Analyzing Information Flow in JavaScript-Based Browser Extensions. In: Proceedings of the Annual Computer Security Applications Conference, pp. 382\u2013391 (2009)","DOI":"10.1109\/ACSAC.2009.43"},{"key":"7_CR7","volume-title":"Proceedings of the USENIX Security Symposium","author":"V. Djeric","year":"2010","unstructured":"Djeric, V., Goel, A.: Securing Script-Based Extensibility in Web Browsers. In: Proceedings of the USENIX Security Symposium. USENIX Association, Berkeley (2010)"},{"key":"7_CR8","unstructured":"Freeman, N., Liverani, R.S.: Exploiting Cross Context Scripting Vulnerabilities in Firefox (2010), \n                    \n                      http:\/\/www.security-assessment.com\/files\/whitepapers\/Exploiting_Cross_Context_Scripting_vulnerabilities_in_Firefox.pdf"},{"key":"7_CR9","volume-title":"Proceedings of the USENIX Security Symposium","author":"I. Goldberg","year":"1996","unstructured":"Goldberg, I., Wagner, D., Thomas, R., Brewer, E.A.: A Secure Environment for Untrusted Helper Applications Confining the Wily Hacker. In: Proceedings of the USENIX Security Symposium. USENIX Association, Berkeley (1996)"},{"key":"7_CR10","doi-asserted-by":"crossref","unstructured":"Grier, C., Tang, S., King, S.T.: Secure Web Browsing with the OP Web Browser. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 402\u2013416. IEEE Computer Society (2008)","DOI":"10.1109\/SP.2008.19"},{"key":"7_CR11","doi-asserted-by":"crossref","unstructured":"Guha, A., Fredrikson, M., Livshits, B., Swamy, N.: Verified Security for Browser Extensions. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 115\u2013130. IEEE Computer Society (2011)","DOI":"10.1109\/SP.2011.36"},{"key":"7_CR12","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"333","DOI":"10.1007\/978-3-642-31057-7_16","volume-title":"ECOOP 2012 \u2013 Object-Oriented Programming","author":"R. Karim","year":"2012","unstructured":"Karim, R., Dhawan, M., Ganapathy, V., Shan, C.-C.: An Analysis of the Mozilla Jetpack Extension Framework. In: Noble, J. (ed.) ECOOP 2012. LNCS, vol.\u00a07313, pp. 333\u2013355. Springer, Heidelberg (2012)"},{"key":"7_CR13","volume-title":"Proceedings of the USENIX Security Symposium","author":"E. Kirda","year":"2006","unstructured":"Kirda, E., Kruegel, C., Banks, G., Vigna, G., Kemmerer, R.A.: Behavior-Based Spyware Detection. In: Proceedings of the USENIX Security Symposium. USENIX Association, Berkeley (2006)"},{"key":"7_CR14","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"296","DOI":"10.1007\/978-3-540-74320-0_16","volume-title":"Recent Advances in Intrusion Detection","author":"Z. Li","year":"2007","unstructured":"Li, Z., Wang, X., Choi, J.Y.: SpyShield: Preserving Privacy from Spy Add-Ons. In: Kruegel, C., Lippmann, R., Clark, A. (eds.) RAID 2007. LNCS, vol.\u00a04637, pp. 296\u2013316. Springer, Heidelberg (2007)"},{"key":"7_CR15","unstructured":"Liu, L., Zhang, X., Yan, G., Chen, S.: Chrome Extensions: Threat Analysis and Countermeasures. In: Proceedings of the Network and Distributed Systems Security Symposium (2012)"},{"key":"7_CR16","unstructured":"Liverani, R.S.: Cross Context Scripting with Firefox (2010), \n                    \n                      http:\/\/www.security-assessment.com\/files\/whitepapers\/Cross_Context_Scripting_with_Firefox.pdf"},{"key":"7_CR17","doi-asserted-by":"publisher","first-page":"45","DOI":"10.1145\/359205.359226","volume":"44","author":"D.M. Martin Jr.","year":"2001","unstructured":"Martin Jr., D.M., Smith, R.M., Brittain, M., Fetch, I., Wu, H.: The Privacy Practices of Web Browser Extensions. Communications of the ACM\u00a044, 45\u201350 (2001)","journal-title":"Communications of the ACM"},{"key":"7_CR18","unstructured":"Mozilla Developer Network: JavaScript code modules, \n                    \n                      https:\/\/developer.mozilla.org\/en-US\/docs\/Mozilla\/JavaScript_code_modules"},{"key":"7_CR19","unstructured":"Mozilla Developer Network: Proxy, \n                    \n                      https:\/\/developer.mozilla.org\/en-US\/docs\/JavaScript\/Reference\/Global_Objects\/Proxy"},{"key":"7_CR20","unstructured":"Mozilla Developer Network: XPCOM, \n                    \n                      https:\/\/developer.mozilla.org\/en-US\/docs\/XPCOM"},{"key":"7_CR21","unstructured":"Mozilla\u00a0Wiki: Jetpack, \n                    \n                      https:\/\/wiki.mozilla.org\/Jetpack"},{"key":"7_CR22","unstructured":"SeleniumHQ: Selenium \u2013 Web Browser Automation, \n                    \n                      http:\/\/seleniumhq.org\/"},{"key":"7_CR23","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/978-3-540-73614-1_1","volume-title":"Detection of Intrusions and Malware, and Vulnerability Assessment","author":"M. Ter Louw","year":"2007","unstructured":"Ter Louw, M., Lim, J.S., Venkatakrishnan, V.N.: Extensible Web Browser Security. In: H\u00e4mmerli, B.M., Sommer, R. (eds.) DIMVA 2007. LNCS, vol.\u00a04579, pp. 1\u201319. Springer, Heidelberg (2007)"},{"key":"7_CR24","doi-asserted-by":"publisher","first-page":"179","DOI":"10.1007\/s11416-007-0078-5","volume":"4","author":"M. Louw Ter","year":"2008","unstructured":"Ter Louw, M., Lim, J.S., Venkatakrishnan, V.N.: Enhancing Web Browser Security against Malware Extensions. Journal in Computer Virology\u00a04, 179\u2013195 (2008)","journal-title":"Journal in Computer Virology"},{"key":"7_CR25","first-page":"417","volume-title":"Proceedings of the USENIX Security Symposium","author":"H.J. Wang","year":"2009","unstructured":"Wang, H.J., Grier, C., Moshchuk, A., King, S.T., Choudhury, P., Venter, H.: The Multi-Principal OS Construction of the Gazelle Web Browser. In: Proceedings of the USENIX Security Symposium, pp. 417\u2013432. USENIX Association, Berkeley (2009)"},{"key":"7_CR26","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"188","DOI":"10.1007\/978-3-642-33383-5_12","volume-title":"Information Security","author":"J. Wang","year":"2012","unstructured":"Wang, J., Li, X., Liu, X., Dong, X., Wang, J., Liang, Z., Feng, Z.: An Empirical Study of Dangerous Behaviors in Firefox Extensions. In: Gollmann, D., Freiling, F.C. (eds.) ISC 2012. LNCS, vol.\u00a07483, pp. 188\u2013203. Springer, Heidelberg (2012)"},{"key":"7_CR27","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"158","DOI":"10.1007\/978-3-642-29101-2_11","volume-title":"Information Security Practice and Experience","author":"L. Wang","year":"2012","unstructured":"Wang, L., Xiang, J., Jing, J., Zhang, L.: Towards Fine-Grained Access Control on Browser Extensions. In: Ryan, M.D., Smyth, B., Wang, G. (eds.) ISPEC 2012. LNCS, vol.\u00a07232, pp. 158\u2013169. Springer, Heidelberg (2012)"},{"key":"7_CR28","doi-asserted-by":"crossref","unstructured":"Yee, B., Sehr, D., Dardyk, G., Chen, J., Muth, R., Ormandy, T., Okasaka, S., Narula, N., Fullagar, N.: Native Client: A Sandbox for Portable, Untrusted x86 Native Code. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 79\u201393. IEEE Computer Society (2009)","DOI":"10.1109\/SP.2009.25"}],"container-title":["Lecture Notes in Computer Science","Detection of Intrusions and Malware, and Vulnerability Assessment"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-39235-1_7","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,5,15]],"date-time":"2019-05-15T19:37:31Z","timestamp":1557949051000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-642-39235-1_7"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2013]]},"ISBN":["9783642392344","9783642392351"],"references-count":28,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-39235-1_7","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2013]]}}}