Existing approaches to facilitate the interaction between password managers and web applications fall short of providing adequate functionality and mitigation strategies against prominent attacks. HTML Autofill is not sufficiently expressive, Credential Management API does not support browser extension password managers, and other proposed solutions do not conform to established user mental models. In this paper, we propose Berytus, a browser-based governance framework that mediates the interaction between password managers and web applications. Two APIs are designed to support Berytus acting as an orchestrator between password managers and web applications. An implementation of the framework in Firefox is developed that fully supports registration and authentication processes. As an orchestrator, Berytus is able to authenticate web applications and facilitate authenticated key exchange between web applications and password managers, which as we show, can provide effective mitigation strategies against phishing, cross-site scripting, inline code injection (e.g., by a malicious browser extension), and TLS proxy in the middle attacks, whereas existing mitigation strategies such as Content Security Policy and credential tokenisation are only partially effective. The framework design also provides desirable functional properties such as support for multi-step, multi-factor, and custom authentication schemes. We provide a comprehensive security and functionality evaluation and discuss possible future directions.

翻译：现有促进密码管理器与Web应用交互的方法在提供足够功能及抵御主流攻击的缓解策略方面存在不足。HTML自动填充表达能力有限，凭证管理API不支持浏览器扩展密码管理器，其他已提出的解决方案亦不符合既定的用户心智模型。本文提出Berytus——一种基于浏览器的治理框架，用于协调密码管理器与Web应用间的交互。我们设计了两个API以支持Berytus作为密码管理器与Web应用间的协调器。我们在Firefox中开发了该框架的实现，完整支持注册与认证流程。作为协调器，Berytus能够认证Web应用并促进Web应用与密码管理器间的认证密钥交换。研究表明，该框架能有效防御网络钓鱼、跨站脚本攻击、内联代码注入（例如通过恶意浏览器扩展）及TLS中间人代理攻击，而现有缓解策略如内容安全策略和凭证令牌化仅能提供部分防护。该框架设计还提供了理想的功能特性，例如支持多步骤、多因素及自定义认证方案。我们提供了全面的安全性与功能性评估，并探讨了未来可能的发展方向。