Analysis Of Security Mechanism In Browser

The browser security mechanism is an important barrier for browsers to respond to complex network environments,resist malicious attacks,and protect user privacy.With the continuous development of security protection technologies,browser security mechanisms are becoming more and more complicated,and they may have security defects in their own right,resulting in failure of their security protection.The browser security mechanism analysis is to analyze whether the browser security mechanism achieves the required security functions and whether there are new security problems.This article focuses on the theoretical and technical aspects of the analysis of browser security mechanisms.The main contributions are as follows:1.A method of defect detection for browser sandbox is proposed.Based on the traditional RBAC model,this method introduces the subject attribute and proposes an A-RBAC policy model to describe the policy definition and the policy defect form.Based on this method,a directed graph policy defect detection algorithm is designed to analyze the browsing.The sandbox single strategy and the multi-strategy implementation are inconsistent.The test results show that this method can effectively detect the strategic defects in the sandbox strategy.A web sandbox data security analysis method is proposed.For the three kinds of data leakage types,namely the access restriction inconsistency,return restriction inconsistency,and communication restriction inconsistency in the Web sandbox,combining the characteristics of the Web sandbox and the JavaScript language,the test methods are proposed.Based on this,a web sandbox data security testing system platform is designed and implemented,which can effectively detect data leakage in the web sandbox.3.An automated testing method for browser security mechanisms is proposed.Based on the specification standard of browser security mechanism in W3 C,an automated test platform for analyzing the implementation of browser security mechanism is designed and implemented.The platform can be used for the HTML5 sandbox mechanism,the same-origin policy,the Cookie mechanism,and the content security strategy.Automatic detection by the mechanism can discover inconsistencies in the implementation of security mechanisms.