AdJail: practical enforcement of confidentiality and integrity policies on web advertisements
作者: Mike Ter Louw , V. N. Venkatakrishnan , Karthik Thotta Ganesh
DOI:
关键词:
摘要: Web publishers frequently integrate third-party advertisements into web pages that also contain sensitive publisher data and end-user personal data. This practice exposes page content to confidentiality integrity attacks launched by advertisements. In this paper, we propose a novel framework for addressing security threats posed The heart of our is an innovative isolation mechanism enables transparently interpose between end users. supports finegrained policy specification enforcement, does not affect the user experience interactive ads. Evaluation suggests compatibility with several mainstream ad networks, from many acceptable performance overheads.
uic.edu参考文章(31)
Úlfar Erlingsson, Yinglian Xie, Benjamin Livshits, End-to-end web application security HOTOS'07 Proceedings of the 11th USENIX workshop on Hot topics in operating systems. pp. 18- ,(2007)
V. N. Venkatakrishnan, Zhenkai Liang, Weiqing Sun, R. Sekar, One-Way Isolation: An Effective Approach for Realizing Safe Execution Environments. network and distributed system security symposium. ,(2005)
Haruka Kikuchi, Dachuan Yu, Ajay Chander, Hiroshi Inamura, Igor Serikov, JavaScript Instrumentation in Practice Programming Languages and Systems. pp. 326- 341 ,(2008) , 10.1007/978-3-540-89330-1_23
Yacin Nadji, Prateek Saxena, Dawn Song, Document Structure Integrity: A Robust Basis for Cross-site Scripting Defense. network and distributed system security symposium. ,(2009)
Douglas Crockford, The application/json Media Type for JavaScript Object Notation (JSON) RFC. ,vol. 4627, pp. 1- 10 ,(2006)
Marco Cova, Christopher Kruegel, Giovanni Vigna, Detection and analysis of drive-by-download attacks and malicious JavaScript code the web conference. pp. 281- 290 ,(2010) , 10.1145/1772690.1772720
Sid Stamm, Brandon Sterne, Gervase Markham, Reining in the web with content security policy the web conference. pp. 921- 930 ,(2010) , 10.1145/1772690.1772784
Opher Dubrovsky, Saher Esmeir, John Dunagan, Helen J. Wang, Charles Reis, BrowserShield: vulnerability-driven filtering of dynamic HTML operating systems design and implementation. pp. 61- 74 ,(2006) , 10.5555/1298455.1298462
Sean Ford, Marco Cova, Christopher Kruegel, Giovanni Vigna, Analyzing and Detecting Malicious Flash Advertisements annual computer security applications conference. pp. 363- 372 ,(2009) , 10.1109/ACSAC.2009.41
Edward W. Felten, Michael A. Schneider, Timing attacks on Web privacy computer and communications security. pp. 25- 32 ,(2000) , 10.1145/352600.352606