In this paper, we address an unsolved problem in the real world: how to ensure the integrity of the web content in a browser in the presence of malicious browser extensions? The problem of exposing confidential user credentials to malicious extensions has been widely understood, which has prompted major banks to deploy two-factor authentication. However, the importance of the “integrity” of the web content has received little attention. We implement two attacks on real-world online banking websites and show that ignoring the “integrity” of the web content can fundamentally defeat two-factor solutions. To address this problem, we propose a cryptographic protocol called DOMtegrity to ensure the end-to-end integrity of the DOM structure of a web page from delivering at a web server to the rendering of the page in the user’s browser. DOMtegrity is the first solution that protects DOM integrity without modifying the browser architecture or requiring extra hardware. It works by exploiting subtle yet important differences between browser extensions and in-line JavaScript code. We show how DOMtegrity prevents the earlier attacks and a whole range of man-in-the-browser attacks. We conduct extensive experiments on more than 14,000 real-world extensions to evaluate the effectiveness of DOMtegrity.

中文翻译：

---

DOMtegrity：确保针对恶意浏览器扩展的网页完整性。

在本文中，我们解决了现实世界中尚未解决的问题：在存在恶意浏览器扩展的情况下，如何确保浏览器中Web内容的完整性？将机密用户凭据暴露给恶意扩展的问题已广为人知，这促使大型银行部署了两因素身份验证。但是，Web内容“完整性”的重要性很少受到关注。我们在现实世界中的在线银行网站上实施了两次攻击，表明忽略网络内容的“完整性”可以从根本上击败两因素解决方案。为了解决这个问题，我们提出了一种称为DOMtegrity的加密协议，以确保网页DOM结构的端到端完整性（从Web服务器传递到用户浏览器中页面的呈现）。DOMtegrity是第一个在不修改浏览器体系结构或不需要额外硬件的情况下保护DOM完整性的解决方案。它通过利用浏览器扩展和嵌入式JavaScript代码之间的细微但重要的区别来工作。我们展示了DOMtegrity如何阻止较早的攻击以及整个浏览器中的攻击。我们对14,000多个真实世界的扩展进行了广泛的实验，以评估DOMtegrity的有效性。