Abstract

Today web browsers have become the de facto platform for Internet
users. This makes browsers the target of a lot of attacks. With the
security considerations from the very beginning, Chrome offers more
protection against exploits via benign-but-buggy extensions.  However,
more and more attacks have been launched via malicious extensions
while there is no effective solution to defeat such malicious
extensions. As user's sensitive information is often the target of
such attacks, in this talk, I will discuss how to proactively defeat
information leakage with our iObfus framework. A proto-type has been
implemented and iObfus works seamlessly with the Chromium
25. Evaluation against malicious extensions shows the effectiveness of
iObfus, while it only introduces trivial overhead to benign
extensions.

Speaker's Bio

Wentao Chang is currently a PhD candidate in Computer Science at
George Mason University. He received his B.S. degree (Hons.) in
Computer Science and Technology from Nanjing University, China in
2006, M.S. degree in Computer Science from George Mason University in
2010. His research interests include web browsing security, malware
analysis and mobile security.