| The rapid development of the Internet has brought great convenience to people’s life. However, the frequent occurrence of network security problems brings great distress to service providers, businesses and individuals. Browser as the connection of users to the Internet is playing an important role, and it has become the most vulnerable target to be attacked in the Internet. Therefore, it is important to research on the security of WEB browser. In this thesis a feasible solution for the security of WEB browser is provided to reduce user information theft, phishing, viruses, Trojan and other network threats, which provides users a reliable browsing environment. The main work done in this thesis is as follows:Firstly, an analysis of the basic security mechanisms and the existing threats of the browser is given, with the emphasis on the WEB security vulnerabilities and CSRF, XSS and other common attacks to the browser. Then a security framework of the browser is designed, which mainly includes the following modules: The security encryption module, the safe browsing module, the XSS filter module, the CSRF resisting module and the click hijack defense module. The security encryption module uses SM4 encryption algorithm to achieve the encryption and decryption of the browser privacy data and the local file to prevent the leakage of sensitive information. Security browsing module uses matching algorithm and the black and white list mechanism to effectively filter the malicious link and unsafe download requests, etc. XSS filter module uses the existing interface function to intercept static and dynamic malicious cross-site scripting, this method has high efficiency, low false positives. CSRF defense module works between the browser and server through adding authentication to the interaction process, which can ensure the legitimacy of the use of cookie data. The click jacking module uses X-Frame-Options to prevent the iframe page embedded in different domains.Finally, under the Windows environment, a secure browser is developed for verifying the proposed security framework. the experimental results show that some malice effect to users caused by malice connection, malice tamper, unsecure scripting, click jacking etc. is reduced effectively, the security of the browser is improved obviously. |
PDF Full Text Request