kth.se
EnglishSvenskaNorsk
Endre søk
RefereraExporteraLink to record
Permanent link

Direct link
Referera
Referensformat
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annet format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annet språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf
CodeX: Contextual Flow Tracking for Browser Extensions
KTH, Skolan för elektroteknik och datavetenskap (EECS), Datavetenskap, Teoretisk datalogi, TCS. Chalmers University of Technology, Gothenburg, Sweden; University of Gothenburg Gothenburg, Sweden.ORCID-id: 0000-0001-5365-0662
LMU Munich, Munich, Germany.ORCID-id: 0009-0003-8823-0029
Chalmers University of Technology, Gothenburg, Sweden; Gothenburg, Sweden, University of Gothenburg, Gothenburg, Sweden; Mälardalen University, Västerås, Sweden.ORCID-id: 0000-0002-6621-8390
LMU Munich, Munich, Germany.ORCID-id: 0000-0002-8594-7839
Vise andre og tillknytning
2025 (engelsk)Inngår i: Proceedings of the Fifteenth ACM Conference on Data and Application Security and Privacy, CODASPY 2025, Association for Computing Machinery (ACM) , 2025Konferansepaper, Publicerat paper (Fagfellevurdert)
Abstract [en]

Browser extensions put millions of users at risk when misusing their elevated privileges. Despite the current practices of semi-automated code vetting, privacy-violating extensions still thrive in the official stores. We propose an approach for tracking contextual flows from browser-specific sensitive sources like cookies, browsing history, bookmarks, and search terms to suspicious network sinks through network requests. We demonstrate the effectiveness of the approach by a prototype called CodeX that leverages the power of CodeQL while breaking away from the conservativeness of bug-finding flavors of the traditional CodeQL taint analysis. Applying CodeX to the extensions published on the Chrome Web Store between March 2021 and March 2024 identified 1,588 extensions with risky flows. Manual verification of 339 of those extensions resulted in flagging 212 as privacy-violating, impacting up to 3.6M users.
sted, utgiver, år, opplag, sider
Association for Computing Machinery (ACM) , 2025.
HSV kategori
Identifikatorer
URN: urn:nbn:se:kth:diva-364834DOI: 10.1145/3714393.3726495ISI: 001527521500003Scopus ID: 2-s2.0-105011342229OAI: oai:DiVA.org:kth-364834DiVA, id: diva2:1970337
Konferanse
Fifteenth ACM Conference on Data and Application Security and Privacy, CODASPY 2025, Pittsburgh, PA, USA, June 4-6, 2025
Merknad

QC 20250616

Tilgjengelig fra: 2025-06-16 Laget: 2025-06-16 Sist oppdatert: 2025-12-08bibliografisk kontrollert

Open Access i DiVA

codex-2025(635 kB)87 nedlastinger
Filinformasjon
Fil FULLTEXT01.pdfFilstørrelse 635 kBChecksum SHA-512
e22908adf546ae3357ef201fe235d03be79ccad62966f88fd49d14701dc3870560339fa375c136b1528c22bc0cbd99d256388dc3a43915748be5c1d4843453d3
Type fulltextMimetype application/pdf

Andre lenker

Forlagets fulltekstScopus

Person

Ahmadpanah, Mohammad M.

Søk i DiVA

Av forfatter/redaktør
Ahmadpanah, Mohammad M.Gobbi, Matías F.Hedin, DanielKinder, JohannesSabelfeld, Andrei
Av organisasjonen

Søk utenfor DiVA

GoogleGoogle Scholar
Totalt: 88 nedlastinger
Antall nedlastinger er summen av alle nedlastinger av alle fulltekster. Det kan for eksempel være tidligere versjoner som er ikke lenger tilgjengelige

doi
urn-nbn

Altmetric

doi
urn-nbn
Totalt: 291 treff
RefereraExporteraLink to record
Permanent link

Direct link
Referera
Referensformat
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annet format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annet språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf
v. 2.47.0
|
WCAG
|
KTH Bibliotek
|
DiVA support
|
Registrera i DiVA
|
SwePub