Journals Proceedings

Abstract

A Web browser is an important component of every computer system as it provides the interface to the Internet world. Browsers facilitate the web users through online services like e-mail, banking and shopping. The new unforeseen functionalities may be added to the web browsers in the form of extensions. The extensions have access to sensitive browser APIs and untrusted web page content, which may result in browser attack like Man-in-the-Browser attack. The major target of this attack is customers of Internet banking. This paper makes two major contributions. First, it presents the threat model for Man-in-the-Browser (MITB) attack. This model identifies various threats and point of attacks used by MITB attack. The major cause of MITB attack is malicious extensions and vulnerabilities found in benign-but-buggy browser extensions. In our study we find that the current browser security model is not secure enough to protect against MITB attack. Second, this paper presents the possible security attack scenarios for MITB threat model. The aim of adopting scenario based approach is to generate possible test cases for MITB attack and show how the system will react on these test cases.