• KSII Transactions on Internet and Information Systems
    Monthly Online Journal (eISSN: 1976-7277)

Analysis of Web Browser Security Configuration Options


Abstract

For ease of use and access, web browsers are now being used to access and modify sensitive data and systems including critical control systems. Due to their computational capabilities and network connectivity, browsers are vulnerable to several types of attacks, even when fully updated. Browsers are also the main target of phishing attacks. Many browser attacks, including phishing, could be prevented or mitigated by using site-, user-, and device-specific security configurations. However, we discovered that all major browsers expose disparate security configuration procedures, option names, values, and semantics. This results in an extremely hard to secure web browsing ecosystem. We analyzed more than a 1000 browser security configuration options in three major browsers and found that only 13 configuration options had syntactic and semantic similarity, while 4 configuration options had semantic similarity, but not syntactic similarity. We: a) describe the results of our in-depth analysis of browser security configuration options; b) demonstrate the complexity of policy-based configuration of web browsers; c) describe a knowledge-based solution that would enable organizations to implement highly-granular and policy-level secure configurations for their information and operational technology browsing infrastructures at the enterprise scale; and d) argue for necessity of developing a common language and semantics for web browser configurations.


Statistics

Show / Hide Statistics

Statistics (Cumulative Counts from December 1st, 2015)
Multiple requests among the same browser session are counted as one view.
If you mouse over a chart, the values of data points will be shown.


Cite this article

[IEEE Style]
A. A. Jillepalli, D. C. d. Leon, S. Steiner, J. Alves-Foss, "Analysis of Web Browser Security Configuration Options," KSII Transactions on Internet and Information Systems, vol. 12, no. 12, pp. 6139-6160, 2018. DOI: 10.3837/tiis.2018.12.028.

[ACM Style]
Ananth A. Jillepalli, Daniel Conte de Leon, Stuart Steiner, and Jim Alves-Foss. 2018. Analysis of Web Browser Security Configuration Options. KSII Transactions on Internet and Information Systems, 12, 12, (2018), 6139-6160. DOI: 10.3837/tiis.2018.12.028.

[BibTeX Style]
@article{tiis:21963, title="Analysis of Web Browser Security Configuration Options", author="Ananth A. Jillepalli and Daniel Conte de Leon and Stuart Steiner and Jim Alves-Foss and ", journal="KSII Transactions on Internet and Information Systems", DOI={10.3837/tiis.2018.12.028}, volume={12}, number={12}, year="2018", month={December}, pages={6139-6160}}