中文摘要：

浏览器扩展是一种允许为浏览器添加个性化功能的机制。然而,这一机制在极大地增强了浏览器表现能力的同时,也使浏览器暴露在更多的攻击之下。为有效缓和浏览器扩展机制给用户带来的安全威胁,设计并实现了针对浏览器扩展的行为监控系统,通过一组安全策略来控制扩展对关键接口的访问;最后对该系统的有效性及性能进行了分析和测试。实验结果表明,系统可有效降低用户在使用浏览器扩展时所带来的安全风险。

英文摘要：

Browser extension is a kind of mechanism for adding new personalization features to browser.It can greatly enhance the performance capabilities of the browser.However,it also exposes the browser under more attacks.For effectively mitigating the security threats posed by browser extension,this paper designed and implemented a behavior monitoring system for browser extension,and controlled the extension＇s access to key interfaces by a set of security policies.Finally analyzed and tested the effectiveness and performance of this system.Experimental results show that it can reduce the user＇s security risk of using browser extension.