WEKO3
アイテム
Understanding the Inconsistencies in the Permissions Mechanism of Web Browsers
https://ipsj.ixsq.nii.ac.jp/records/227717
https://ipsj.ixsq.nii.ac.jp/records/227717ee0e9565-779f-483e-b9c3-07a1fbc4782a
| 名前 / ファイル | ライセンス | アクション |
|---|---|---|
IPSJ-JNL6409022.pdf (1.7 MB)
2025年9月15日からダウンロード可能です。
|
Copyright (c) 2023 by the Information Processing Society of Japan
|
|
| 非会員:¥0, IPSJ:学会員:¥0, 論文誌:会員:¥0, DLIB:会員:¥0 | ||
| Item type | Journal(1) | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 公開日 | 2023-09-15 | |||||||||||||||
| タイトル | ||||||||||||||||
| タイトル | Understanding the Inconsistencies in the Permissions Mechanism of Web Browsers | |||||||||||||||
| タイトル | ||||||||||||||||
| 言語 | en | |||||||||||||||
| タイトル | Understanding the Inconsistencies in the Permissions Mechanism of Web Browsers | |||||||||||||||
| 言語 | ||||||||||||||||
| 言語 | eng | |||||||||||||||
| キーワード | ||||||||||||||||
| 主題Scheme | Other | |||||||||||||||
| 主題 | [特集:サイバー空間を安全にするコンピュータセキュリティ技術] Web, Browser, Permission, Privacy | |||||||||||||||
| 資源タイプ | ||||||||||||||||
| 資源タイプ識別子 | http://purl.org/coar/resource_type/c_6501 | |||||||||||||||
| 資源タイプ | journal article | |||||||||||||||
| 著者所属 | ||||||||||||||||
| Waseda University | ||||||||||||||||
| 著者所属 | ||||||||||||||||
| NTT Social Informatics Laboratories | ||||||||||||||||
| 著者所属 | ||||||||||||||||
| NTT Social Informatics Laboratories | ||||||||||||||||
| 著者所属 | ||||||||||||||||
| NTT Social Informatics Laboratories | ||||||||||||||||
| 著者所属 | ||||||||||||||||
| Waseda University/National Institute of Information and Communications Technology/RIKEN Center for Advanced Intelligence Project | ||||||||||||||||
| 著者所属(英) | ||||||||||||||||
| en | ||||||||||||||||
| Waseda University | ||||||||||||||||
| 著者所属(英) | ||||||||||||||||
| en | ||||||||||||||||
| NTT Social Informatics Laboratories | ||||||||||||||||
| 著者所属(英) | ||||||||||||||||
| en | ||||||||||||||||
| NTT Social Informatics Laboratories | ||||||||||||||||
| 著者所属(英) | ||||||||||||||||
| en | ||||||||||||||||
| NTT Social Informatics Laboratories | ||||||||||||||||
| 著者所属(英) | ||||||||||||||||
| en | ||||||||||||||||
| Waseda University / National Institute of Information and Communications Technology / RIKEN Center for Advanced Intelligence Project | ||||||||||||||||
| 著者名 |
Kazuki, Nomoto
× Kazuki, Nomoto
× Takuya, Watanabe
× Eitaro, Shioji
× Mitsuaki, Akiyama
× Tatsuya, Mori
|
|||||||||||||||
| 著者名(英) |
Kazuki, Nomoto
× Kazuki, Nomoto
× Takuya, Watanabe
× Eitaro, Shioji
× Mitsuaki, Akiyama
× Tatsuya, Mori
|
|||||||||||||||
| 論文抄録 | ||||||||||||||||
| 内容記述タイプ | Other | |||||||||||||||
| 内容記述 | Modern Web services provide advanced features by utilizing hardware resources on the user's device. Web browsers implement a user consent-based permission model to protect user privacy. In this study, we developed Permium, a web browser analysis framework that automatically analyzes the behavior of permission mechanisms implemented by various browsers. We systematically studied the behavior of permission mechanisms for 22 major browser implementations running on five different operating systems. We found fragmented implementations. Implementations between browsers running on different operating systems are not always identical. We determined that implementation inconsistencies could lead to privacy risks. We identified gaps between browser permission implementations and user perceptions from the user study corresponding to the analyses using Permium. Based on the implementation inconsistencies, we developed two proof-of-concept attacks and evaluated their feasibility. The first attack uses permission information to secretly track the user. The second attack aims to create a situation in which the user cannot correctly determine the origin of the permission request and the user mistakenly grants permission. Finally, we clarify the technical issues that must be standardized in privacy mechanisms and provide recommendations to OS/browser vendors to mitigate the threats identified in this study. ------------------------------ This is a preprint of an article intended for publication Journal of Information Processing(JIP). This preprint should not be cited. This article should be cited as: Journal of Information Processing Vol.31(2023) (online) DOI http://dx.doi.org/10.2197/ipsjjip.31.620 ------------------------------ |
|||||||||||||||
| 論文抄録(英) | ||||||||||||||||
| 内容記述タイプ | Other | |||||||||||||||
| 内容記述 | Modern Web services provide advanced features by utilizing hardware resources on the user's device. Web browsers implement a user consent-based permission model to protect user privacy. In this study, we developed Permium, a web browser analysis framework that automatically analyzes the behavior of permission mechanisms implemented by various browsers. We systematically studied the behavior of permission mechanisms for 22 major browser implementations running on five different operating systems. We found fragmented implementations. Implementations between browsers running on different operating systems are not always identical. We determined that implementation inconsistencies could lead to privacy risks. We identified gaps between browser permission implementations and user perceptions from the user study corresponding to the analyses using Permium. Based on the implementation inconsistencies, we developed two proof-of-concept attacks and evaluated their feasibility. The first attack uses permission information to secretly track the user. The second attack aims to create a situation in which the user cannot correctly determine the origin of the permission request and the user mistakenly grants permission. Finally, we clarify the technical issues that must be standardized in privacy mechanisms and provide recommendations to OS/browser vendors to mitigate the threats identified in this study. ------------------------------ This is a preprint of an article intended for publication Journal of Information Processing(JIP). This preprint should not be cited. This article should be cited as: Journal of Information Processing Vol.31(2023) (online) DOI http://dx.doi.org/10.2197/ipsjjip.31.620 ------------------------------ |
|||||||||||||||
| 書誌レコードID | ||||||||||||||||
| 収録物識別子タイプ | NCID | |||||||||||||||
| 収録物識別子 | AN00116647 | |||||||||||||||
| 書誌情報 |
情報処理学会論文誌 巻 64, 号 9, 発行日 2023-09-15 |
|||||||||||||||
| ISSN | ||||||||||||||||
| 収録物識別子タイプ | ISSN | |||||||||||||||
| 収録物識別子 | 1882-7764 | |||||||||||||||
| 公開者 | ||||||||||||||||
| 言語 | ja | |||||||||||||||
| 出版者 | 情報処理学会 | |||||||||||||||
