Design Fine-grained Capability Monitoring System For Browser Security

Various applications based on browser are increasingly popular in the age of Web2.0. To host computer, it is undoubtedly that browser is a very important security access point. Existing problems in the computer and network security field mainly come from the browser program directly or indirectly. Though browser vendors and security software as a third party all do a lot of work, but attack targeted on browser is still widespread. So it is necessary to doing research on the browser security.This parper researchs the current situation of browser security, analyse the behavior of browser program.With the technique mechanism of windows operating system, such as process and thread, memory management, system service, kernel driver, this paper puts forward a fine-grained capability monitoring system for the browser security. This system can improve the host’s security performance by stopping the web browser attacking.The main ideas and achievements of this paper include:1. Research the security problems in current browser field, from the design of browser structure to browser running. Pointing out that the script languages and plugins are the two main sources of security problems. Analyzing various browser bugs and the corresponding attack means. Analyzing the shortcomings of current third party security software in the browser monitoring.2. Based on the concept of capability, paying attention to the fact that different kind of process in a multi-processes browser’s task demands a different capability. With the technique mechanism of windows operating system, putting forward a browser monitoring system, making use of hooking critical system call through the kernel monitoring module, learning and analyzing the process behavior, thus, realizing the monitoring of abnormal behavior in various browser processes.3. Paying attention to the fact that is is far from guarantee security, only by security monitoring at the process level, against the the attack or spyware behavior from browser’s plugins and other internal components. This paper make use of a black and white list mechanism, process address space analysis, thread function call stack analysis, the kernel monitoring module, to achieve a fine-grained capability monitoring system based on browser component. This monitoring system can effective positioning and control the malicious behaviour of browser’s internal components, such as DLL, plugins.This paper describes the structure and implementation details of the fine-grained capability monitoring system for browser security, finally proves the effectiveness of this system through experiments.