自電腦進入網際網路時代,瀏覽器便已成為作業系統必備的應用程式之一。經過多年來的發展,瀏覽器不再只是一個提供使用者搜尋資料、收發電子郵件、休閒娛樂的工具,它甚至已經可比擬成一個小型的可攜式作業系統。透過瀏覽器,我們可以把資料儲存至網路空間,或從網頁下載檔案,因此,瀏覽器的安全性顯得日益重要。 為了防止惡意攻擊者蒐集瀏覽器儲存在電腦中的檔案,使用於不當用途,例如:藉由分析瀏覽器所儲存的快取資料、Cookie,分析使用者的瀏覽歷程及私密資訊,目前瀏覽器幾乎都有支援隱私瀏覽的功能。然而,在我們實際使用隱私瀏覽模式功能後,發現瀏覽器仍然會在電腦中留下瀏覽歷程產生的檔案,而當瀏覽器關閉時,這些檔案並沒有被移除。另外,使用者下載的檔案也儲存於硬碟中,這對於使用者的隱私安全無疑是莫大隱憂。 本論文即是針對瀏覽器在私密瀏覽的前提之下,從作業系統核心監控瀏覽器建立、讀寫、刪除檔案的行為,記錄使用者有意或無意經由瀏覽器下載的檔案,在瀏覽器關閉的同時,刪除因為使用瀏覽器而創建的檔案。另外,我們也比較了三個目前熱門的瀏覽器之私密瀏覽模式,提供關於隱私瀏覽安全性的研究資料,最後,期望藉由安裝我們設計的機制,提供使用者一個更安全的隱私瀏覽環境。Recently, due to the advanced technology developed on the Internet, the Web browser has become one of the essential applications. A Web browser is not only used to surf on the internet, but also plays an important role as a portable operating system. For example, many users edit documents via an on-line editor and store the documents in an on-line storage. All those tasks are done with the help of a Web browser. This results in a large number of attacks on Web browsers. Therefore, the security of Web browsers has become a more and more important issue in recent years. Through attacking Web browsers, the attackers may get our private information such as surfing habits and passwords. This is because that Web browsers always leave cookies, browsing history, and caches on the computer. To avoid malicious attacks, many Web browsers have developed the mechanism of private browsing mode. In the private browsing mode, a user’s behavior is not traced and his private information is not left either. However, the mechanism still creates files such as bookmarks. Most important of all, the files downloaded through a Web browser are saved on the disk unless the user deletes them himself. This is really a serious threat to the private security of Web users. We design a mechanism on Windows XP to observe the behavior of creating and deleting files of Firefox in private browsing mode. Then we focus on the files which are not removed, and clear them by our mechanism. We hope that via our mechanism, the Web browsers can provide a comprehensively secure environment.