SlideShare a Scribd company logo

Identifying Extension-based Ad Injection via Fine-grained Web Content Provenance

Sajjad "JJ" Arshad
Sajjad "JJ" Arshad

International Symposium on Research in Attacks, Intrusions and Defenses (RAID) Paris, France, September 2016

Science
1 of 41
Download to read offline
IDENTIFYING EXTENSION-BASED AD INJECTION VIA FINE-GRAINED WEB CONTENT PROVENANCE Sajjad Arshad, Amin Kharraz, and William Robertson Northeastern University RAID 2016
Web App Publisher Content Ad Network Analytics …
Web App Publisher Content Ad Network Analytics …
Web App Publisher Content Ad Network Analytics …
Web App Publisher Content Ad Network Analytics …
Web App Publisher Content Ad Network Analytics …
OriginTracer: Web Content ProvenanceArshad et al. DETECTING AD INJECTION – Centralized dynamic analysis at extension distribution points – Dynamic analysis can be effective, but is also prone to the usual caveats – Third-party content injection or modification by extensions is quite common – Can be difficult for browser vendors to delineate between wanted and unwanted behavior Users are best positioned to make this judgment 16
ORIGINTRACER
OriginTracer: Web Content ProvenanceArshad et al. ORIGINTRACER OriginTracer adds fine-grained content provenance tracking to the web browser – Provenance tracked at level of individual DOM elements – Indicates origins contributing to content injection and modification – Trustworthy communication of this information to the user 18
OriginTracer: Web Content ProvenanceArshad et al. PROVENANCE LABELS – Labels are generalizations of web origins 19 L = hS, I, P, Xi S = {scheme} [ {”extension”} I = {host} [ {extension-id} P = {port} [ {null} X = {0, 1, 2, . . .}
OriginTracer: Web Content ProvenanceArshad et al. LABEL PROPAGATION – Static content is assigned the publisher’s label {l0} – Dynamic content due to external scripts – New external scripts are assigned a label {li} – Injected or modified content is labeled {l0, li} – Extension content – Initialized with unique label as for external scripts – But, injected or modified content labels omit the publisher’s label ({l0, lj}) 20
OriginTracer: Web Content ProvenanceArshad et al. LABEL PROPAGATION – Static content is assigned the publisher’s label {l0} – Dynamic content due to external scripts – New external scripts are assigned a label {li} – Injected or modified content is labeled {l0, li} – Extension content – Initialized with unique label as for external scripts – But, injected or modified content labels omit the publisher’s label ({l0, lj}) 21
l0
l0 l1 {l0, l1}
l0 l1 {l0, l1} l2 {l0, l2}
l0 l1 {l0, l1} l2 {l0, l2} {l3} l3
OriginTracer: Web Content ProvenanceArshad et al. PROVENANCE INDICATORS – Provenance must be communicated to the user in a trustworthy way – What is the best way to communicate provenance? – Full provenance label sets likely to be difficult to comprehend – For extensions, we chose to use the extension title – For arbitrary content, origins are easy but not ideal 27
OriginTracer: Web Content ProvenanceArshad et al. IMPLEMENTATION – Modifications to Chromium browser – ~900 SLoC (C++), several lines of JavaScript – Mediates DOM APIs for node creation and modification – Mediates node insertion through document writes – Callbacks registered for events and timers 28
EVALUATION
OriginTracer: Web Content ProvenanceArshad et al. EVALUATION QUESTIONS (1) How susceptible are users to injected content? (2) Do provenance indicators reduce clicks on extension- injected content? (3) Would users adopt a provenance tracking system? (4) Does provenance tracking degrade browser performance and user experience? 31
OriginTracer: Web Content ProvenanceArshad et al. USER STUDY SETUP – Study population: 80 students of varying technical sophistication – Participants exposed to six Chromium instances (unmodified and modified), each with an ad-injecting extension installed – Auto Zoom, Alpha Finder, X-Notifier, Candy Zapper, uTorrent, Gethoneybadger – Participants were asked to visit three retail websites – Amazon, Walmart, Alibaba 32
(a) Group 1. (b) Group 2. Fig. 4: Percentage of injected ads that are reported correctly by all the participants. sites. For each website, we asked the participants to examine the page and tell us if they noticed any content in the page that did not belong to the website – in other words, whether any content did not seem to originate from the publisher. For each group, we Are users able to correctly recognize injected advertisements?
Are users generally willing to click on the advertisements presented to them? (a) Susceptibility to ad injection. (b) Ab
Do content provenance indicators assist users in recognizing injected advertisements? ection. (b) Ability to identify injected ads. (c) Usab sults. For each boxplot, the box represents th
Would users be willing to adopt a provenance tracking system to identify injected advertisements? ed ads. (c) Usability of content provenance.
OriginTracer: Web Content ProvenanceArshad et al. RELIABILITY – Separate user study on 13 students of varying technical background – Asked participants to browse the web for several hours using the OriginTracer prototype – Asked users to report errors – Type I: browser crash, page doesn’t load, etc. – Type II: abnormal load time, page appearance not as expected – Out of almost 2K URLs, two Type I and 27 Type II errors were reported 37
OriginTracer: Web Content ProvenanceArshad et al. PERFORMANCE OVERHEAD – Configured an unmodified Chromium and OriginTracer instance to visit the Alexa Top 1K – Broad spectrum of static and dynamic content on most-used websites – Browsers configured with five benign extensions – Average 10.5% browsing latency overhead – No impact on browser start-up time 38
OriginTracer: Web Content ProvenanceArshad et al. FUTURE WORK – Usability of provenance indicators should be considered an initial attempt – Many points in the design space we did not explore – Extending provenance for other applications – Surfacing fine-grained provenance is potentially highly useful – e.g., inferring remote data flows between origins – e.g., fine-grained policy enforcement 39
OriginTracer: Web Content ProvenanceArshad et al. CONCLUSIONS – Some forms of questionable behavior on the web are best judged by the user – OriginTracer tracks web content provenance in a fine- grained way, allowing users to make similarly fine- grained trust decisions – Evaluation shows that provenance tracking can be performed in an efficient and effective way for modern browsers and web content 40
THANKS! QUESTIONS? Sajjad Arshad <arshad@ccs.neu.edu>

Recommended

Colloquim Report on Crawler - 1 Dec 2014
Colloquim Report on Crawler - 1 Dec 2014Colloquim Report on Crawler - 1 Dec 2014
Colloquim Report on Crawler - 1 Dec 2014Sunny Gupta
 
Understanding and Mitigating the Security Risks of Content Inclusion in Web B...
Understanding and Mitigating the Security Risks of Content Inclusion in Web B...Understanding and Mitigating the Security Risks of Content Inclusion in Web B...
Understanding and Mitigating the Security Risks of Content Inclusion in Web B...Sajjad "JJ" Arshad
 
A Novel Interface to a Web Crawler using VB.NET Technology
A Novel Interface to a Web Crawler using VB.NET TechnologyA Novel Interface to a Web Crawler using VB.NET Technology
A Novel Interface to a Web Crawler using VB.NET TechnologyIOSR Journals
 
Web2.0.2012 - lesson 8 - Google world
Web2.0.2012 - lesson 8 - Google worldWeb2.0.2012 - lesson 8 - Google world
Web2.0.2012 - lesson 8 - Google worldCarlo Vaccari
 
E017624043
E017624043E017624043
E017624043IOSR Journals
 
Smart Crawler: A Two Stage Crawler for Concept Based Semantic Search Engine.
Smart Crawler: A Two Stage Crawler for Concept Based Semantic Search Engine.Smart Crawler: A Two Stage Crawler for Concept Based Semantic Search Engine.
Smart Crawler: A Two Stage Crawler for Concept Based Semantic Search Engine.iosrjce
 
Smart Crawler Automation with RMI
Smart Crawler Automation with RMISmart Crawler Automation with RMI
Smart Crawler Automation with RMIIRJET Journal
 
Detecting Phishing using Machine Learning
Detecting Phishing using Machine LearningDetecting Phishing using Machine Learning
Detecting Phishing using Machine Learningijtsrd
 

Recommended

Colloquim Report on Crawler - 1 Dec 2014
Colloquim Report on Crawler - 1 Dec 2014Colloquim Report on Crawler - 1 Dec 2014
Colloquim Report on Crawler - 1 Dec 2014Sunny Gupta
 
Understanding and Mitigating the Security Risks of Content Inclusion in Web B...
Understanding and Mitigating the Security Risks of Content Inclusion in Web B...Understanding and Mitigating the Security Risks of Content Inclusion in Web B...
Understanding and Mitigating the Security Risks of Content Inclusion in Web B...Sajjad "JJ" Arshad
 
A Novel Interface to a Web Crawler using VB.NET Technology
A Novel Interface to a Web Crawler using VB.NET TechnologyA Novel Interface to a Web Crawler using VB.NET Technology
A Novel Interface to a Web Crawler using VB.NET TechnologyIOSR Journals
 
Web2.0.2012 - lesson 8 - Google world
Web2.0.2012 - lesson 8 - Google worldWeb2.0.2012 - lesson 8 - Google world
Web2.0.2012 - lesson 8 - Google worldCarlo Vaccari
 
E017624043
E017624043E017624043
E017624043IOSR Journals
 
Smart Crawler: A Two Stage Crawler for Concept Based Semantic Search Engine.
Smart Crawler: A Two Stage Crawler for Concept Based Semantic Search Engine.Smart Crawler: A Two Stage Crawler for Concept Based Semantic Search Engine.
Smart Crawler: A Two Stage Crawler for Concept Based Semantic Search Engine.iosrjce
 
Smart Crawler Automation with RMI
Smart Crawler Automation with RMISmart Crawler Automation with RMI
Smart Crawler Automation with RMIIRJET Journal
 
Detecting Phishing using Machine Learning
Detecting Phishing using Machine LearningDetecting Phishing using Machine Learning
Detecting Phishing using Machine Learningijtsrd
 
Lecture08
Lecture08Lecture08
Lecture08Rishi Gupta
 
Detection of Phishing Websites
Detection of Phishing Websites Detection of Phishing Websites
Detection of Phishing Websites Nikhil Soni
 
MindYourPrivacy: Design and Implementation of a Visualization System for Thir...
MindYourPrivacy: Design and Implementation of a Visualization System for Thir...MindYourPrivacy: Design and Implementation of a Visualization System for Thir...
MindYourPrivacy: Design and Implementation of a Visualization System for Thir...Yuuki Takano
 
Colloquim Report - Rotto Link Web Crawler
Colloquim Report - Rotto Link Web CrawlerColloquim Report - Rotto Link Web Crawler
Colloquim Report - Rotto Link Web CrawlerAkshay Pratap Singh
 
Report - Final_New_phishila
Report - Final_New_phishilaReport - Final_New_phishila
Report - Final_New_phishilaAshwin Palani
 
Detection of Phishing Websites
Detection of Phishing WebsitesDetection of Phishing Websites
Detection of Phishing WebsitesIRJET Journal
 
E3602042044
E3602042044E3602042044
E3602042044ijceronline
 
Seo
SeoSeo
Seodebasish
 
How Tracking Companies Circumvented Ad Blockers Using WebSockets
How Tracking Companies Circumvented Ad Blockers Using WebSocketsHow Tracking Companies Circumvented Ad Blockers Using WebSockets
How Tracking Companies Circumvented Ad Blockers Using WebSocketsSajjad "JJ" Arshad
 
Data Collection from Social Media Platforms
Data Collection from Social Media PlatformsData Collection from Social Media Platforms
Data Collection from Social Media PlatformsMahmoud Yasser
 
A Two Stage Crawler on Web Search using Site Ranker for Adaptive Learning
A Two Stage Crawler on Web Search using Site Ranker for Adaptive LearningA Two Stage Crawler on Web Search using Site Ranker for Adaptive Learning
A Two Stage Crawler on Web Search using Site Ranker for Adaptive LearningIJMTST Journal
 
How to disrupt established markets with SEO in 2015 - LOGIN 2015
How to disrupt established markets with SEO in 2015 - LOGIN 2015How to disrupt established markets with SEO in 2015 - LOGIN 2015
How to disrupt established markets with SEO in 2015 - LOGIN 2015Yannis Karagiannidis
 
Algorithmic Web Spam detection - Matt Peters MozCon
Algorithmic Web Spam detection - Matt Peters MozConAlgorithmic Web Spam detection - Matt Peters MozCon
Algorithmic Web Spam detection - Matt Peters MozConmattthemathman
 
Search Engine Optimization (SEO)
Search Engine Optimization (SEO)Search Engine Optimization (SEO)
Search Engine Optimization (SEO)Nandu B Rajan
 
Crawler-Friendly Web Servers
Crawler-Friendly Web ServersCrawler-Friendly Web Servers
Crawler-Friendly Web Serverswebhostingguy
 
Duplicate content presentation March 2012
Duplicate content presentation March 2012Duplicate content presentation March 2012
Duplicate content presentation March 2012Shake Interactive
 
Sekhon final 1_ppt
Sekhon final 1_pptSekhon final 1_ppt
Sekhon final 1_pptManant Sweet
 
User Experiences of Enterprise Semantic Content Management
User Experiences of Enterprise Semantic Content ManagementUser Experiences of Enterprise Semantic Content Management
User Experiences of Enterprise Semantic Content ManagementAmit Sheth
 
User Experiences of Enterprise Semantic Content Management
User Experiences of Enterprise Semantic Content ManagementUser Experiences of Enterprise Semantic Content Management
User Experiences of Enterprise Semantic Content ManagementArtificial Intelligence Institute at UofSC
 
SEO Animals
SEO AnimalsSEO Animals
SEO AnimalsLevelwing
 
Cached and Confused: Web Cache Deception in the Wild
Cached and Confused: Web Cache Deception in the WildCached and Confused: Web Cache Deception in the Wild
Cached and Confused: Web Cache Deception in the WildSajjad "JJ" Arshad
 
Cached and Confused: Web Cache Deception in the Wild
Cached and Confused: Web Cache Deception in the WildCached and Confused: Web Cache Deception in the Wild
Cached and Confused: Web Cache Deception in the WildSajjad "JJ" Arshad
 

More Related Content

Similar to Identifying Extension-based Ad Injection via Fine-grained Web Content Provenance

Detection of Phishing Websites
Detection of Phishing Websites Detection of Phishing Websites
Detection of Phishing Websites Nikhil Soni
 
MindYourPrivacy: Design and Implementation of a Visualization System for Thir...
MindYourPrivacy: Design and Implementation of a Visualization System for Thir...MindYourPrivacy: Design and Implementation of a Visualization System for Thir...
MindYourPrivacy: Design and Implementation of a Visualization System for Thir...Yuuki Takano
 
Colloquim Report - Rotto Link Web Crawler
Colloquim Report - Rotto Link Web CrawlerColloquim Report - Rotto Link Web Crawler
Colloquim Report - Rotto Link Web CrawlerAkshay Pratap Singh
 
Report - Final_New_phishila
Report - Final_New_phishilaReport - Final_New_phishila
Report - Final_New_phishilaAshwin Palani
 
Detection of Phishing Websites
Detection of Phishing WebsitesDetection of Phishing Websites
Detection of Phishing WebsitesIRJET Journal
 
How Tracking Companies Circumvented Ad Blockers Using WebSockets
How Tracking Companies Circumvented Ad Blockers Using WebSocketsHow Tracking Companies Circumvented Ad Blockers Using WebSockets
How Tracking Companies Circumvented Ad Blockers Using WebSocketsSajjad "JJ" Arshad
 
Data Collection from Social Media Platforms
Data Collection from Social Media PlatformsData Collection from Social Media Platforms
Data Collection from Social Media PlatformsMahmoud Yasser
 
A Two Stage Crawler on Web Search using Site Ranker for Adaptive Learning
A Two Stage Crawler on Web Search using Site Ranker for Adaptive LearningA Two Stage Crawler on Web Search using Site Ranker for Adaptive Learning
A Two Stage Crawler on Web Search using Site Ranker for Adaptive LearningIJMTST Journal
 
How to disrupt established markets with SEO in 2015 - LOGIN 2015
How to disrupt established markets with SEO in 2015 - LOGIN 2015How to disrupt established markets with SEO in 2015 - LOGIN 2015
How to disrupt established markets with SEO in 2015 - LOGIN 2015Yannis Karagiannidis
 
Algorithmic Web Spam detection - Matt Peters MozCon
Algorithmic Web Spam detection - Matt Peters MozConAlgorithmic Web Spam detection - Matt Peters MozCon
Algorithmic Web Spam detection - Matt Peters MozConmattthemathman
 
Search Engine Optimization (SEO)
Search Engine Optimization (SEO)Search Engine Optimization (SEO)
Search Engine Optimization (SEO)Nandu B Rajan
 
Crawler-Friendly Web Servers
Crawler-Friendly Web ServersCrawler-Friendly Web Servers
Crawler-Friendly Web Serverswebhostingguy
 
Duplicate content presentation March 2012
Duplicate content presentation March 2012Duplicate content presentation March 2012
Duplicate content presentation March 2012Shake Interactive
 
Sekhon final 1_ppt
Sekhon final 1_pptSekhon final 1_ppt
Sekhon final 1_pptManant Sweet
 
User Experiences of Enterprise Semantic Content Management
User Experiences of Enterprise Semantic Content ManagementUser Experiences of Enterprise Semantic Content Management
User Experiences of Enterprise Semantic Content ManagementAmit Sheth
 

Similar to Identifying Extension-based Ad Injection via Fine-grained Web Content Provenance (20)

Lecture08
Lecture08Lecture08
Lecture08
 
Detection of Phishing Websites
Detection of Phishing Websites Detection of Phishing Websites
Detection of Phishing Websites
 
MindYourPrivacy: Design and Implementation of a Visualization System for Thir...
MindYourPrivacy: Design and Implementation of a Visualization System for Thir...MindYourPrivacy: Design and Implementation of a Visualization System for Thir...
MindYourPrivacy: Design and Implementation of a Visualization System for Thir...
 
Colloquim Report - Rotto Link Web Crawler
Colloquim Report - Rotto Link Web CrawlerColloquim Report - Rotto Link Web Crawler
Colloquim Report - Rotto Link Web Crawler
 
Report - Final_New_phishila
Report - Final_New_phishilaReport - Final_New_phishila
Report - Final_New_phishila
 
Detection of Phishing Websites
Detection of Phishing WebsitesDetection of Phishing Websites
Detection of Phishing Websites
 
E3602042044
E3602042044E3602042044
E3602042044
 
Seo
SeoSeo
Seo
 
How Tracking Companies Circumvented Ad Blockers Using WebSockets
How Tracking Companies Circumvented Ad Blockers Using WebSocketsHow Tracking Companies Circumvented Ad Blockers Using WebSockets
How Tracking Companies Circumvented Ad Blockers Using WebSockets
 
Data Collection from Social Media Platforms
Data Collection from Social Media PlatformsData Collection from Social Media Platforms
Data Collection from Social Media Platforms
 
A Two Stage Crawler on Web Search using Site Ranker for Adaptive Learning
A Two Stage Crawler on Web Search using Site Ranker for Adaptive LearningA Two Stage Crawler on Web Search using Site Ranker for Adaptive Learning
A Two Stage Crawler on Web Search using Site Ranker for Adaptive Learning
 
How to disrupt established markets with SEO in 2015 - LOGIN 2015
How to disrupt established markets with SEO in 2015 - LOGIN 2015How to disrupt established markets with SEO in 2015 - LOGIN 2015
How to disrupt established markets with SEO in 2015 - LOGIN 2015
 
Algorithmic Web Spam detection - Matt Peters MozCon
Algorithmic Web Spam detection - Matt Peters MozConAlgorithmic Web Spam detection - Matt Peters MozCon
Algorithmic Web Spam detection - Matt Peters MozCon
 
Search Engine Optimization (SEO)
Search Engine Optimization (SEO)Search Engine Optimization (SEO)
Search Engine Optimization (SEO)
 
Crawler-Friendly Web Servers
Crawler-Friendly Web ServersCrawler-Friendly Web Servers
Crawler-Friendly Web Servers
 
Duplicate content presentation March 2012
Duplicate content presentation March 2012Duplicate content presentation March 2012
Duplicate content presentation March 2012
 
Sekhon final 1_ppt
Sekhon final 1_pptSekhon final 1_ppt
Sekhon final 1_ppt
 
User Experiences of Enterprise Semantic Content Management
User Experiences of Enterprise Semantic Content ManagementUser Experiences of Enterprise Semantic Content Management
User Experiences of Enterprise Semantic Content Management
 
User Experiences of Enterprise Semantic Content Management
User Experiences of Enterprise Semantic Content ManagementUser Experiences of Enterprise Semantic Content Management
User Experiences of Enterprise Semantic Content Management
 
SEO Animals
SEO AnimalsSEO Animals
SEO Animals
 

More from Sajjad "JJ" Arshad

Cached and Confused: Web Cache Deception in the Wild
Cached and Confused: Web Cache Deception in the WildCached and Confused: Web Cache Deception in the Wild
Cached and Confused: Web Cache Deception in the WildSajjad "JJ" Arshad
 
Cached and Confused: Web Cache Deception in the Wild
Cached and Confused: Web Cache Deception in the WildCached and Confused: Web Cache Deception in the Wild
Cached and Confused: Web Cache Deception in the WildSajjad "JJ" Arshad
 
Cached and Confused: Web Cache Deception in the Wild
Cached and Confused: Web Cache Deception in the WildCached and Confused: Web Cache Deception in the Wild
Cached and Confused: Web Cache Deception in the WildSajjad "JJ" Arshad
 
HotFuzz: Discovering Algorithmic Denial-of-Service Vulnerabilities Through Gu...
HotFuzz: Discovering Algorithmic Denial-of-Service Vulnerabilities Through Gu...HotFuzz: Discovering Algorithmic Denial-of-Service Vulnerabilities Through Gu...
HotFuzz: Discovering Algorithmic Denial-of-Service Vulnerabilities Through Gu...Sajjad "JJ" Arshad
 
Large-Scale Analysis of Style Injection by Relative Path Overwrite
Large-Scale Analysis of Style Injection by Relative Path OverwriteLarge-Scale Analysis of Style Injection by Relative Path Overwrite
Large-Scale Analysis of Style Injection by Relative Path OverwriteSajjad "JJ" Arshad
 
UNVEIL: A Large-Scale, Automated Approach to Detecting Ransomware
UNVEIL: A Large-Scale, Automated Approach to Detecting RansomwareUNVEIL: A Large-Scale, Automated Approach to Detecting Ransomware
UNVEIL: A Large-Scale, Automated Approach to Detecting RansomwareSajjad "JJ" Arshad
 
Tracing Information Flows Between Ad Exchanges Using Retargeted Ads
Tracing Information Flows Between Ad Exchanges Using Retargeted AdsTracing Information Flows Between Ad Exchanges Using Retargeted Ads
Tracing Information Flows Between Ad Exchanges Using Retargeted AdsSajjad "JJ" Arshad
 
How Tracking Companies Circumvent Ad Blockers Using WebSockets
How Tracking Companies Circumvent Ad Blockers Using WebSocketsHow Tracking Companies Circumvent Ad Blockers Using WebSockets
How Tracking Companies Circumvent Ad Blockers Using WebSocketsSajjad "JJ" Arshad
 
Practical Challenges of Type Checking in Control Flow Integrity
Practical Challenges of Type Checking in Control Flow IntegrityPractical Challenges of Type Checking in Control Flow Integrity
Practical Challenges of Type Checking in Control Flow IntegritySajjad "JJ" Arshad
 
Thou Shalt Not Depend on Me: Analysing the Use of Outdated JavaScript Librari...
Thou Shalt Not Depend on Me: Analysing the Use of Outdated JavaScript Librari...Thou Shalt Not Depend on Me: Analysing the Use of Outdated JavaScript Librari...
Thou Shalt Not Depend on Me: Analysing the Use of Outdated JavaScript Librari...Sajjad "JJ" Arshad
 
A Longitudinal Analysis of the ads.txt Standard
A Longitudinal Analysis of the ads.txt StandardA Longitudinal Analysis of the ads.txt Standard
A Longitudinal Analysis of the ads.txt StandardSajjad "JJ" Arshad
 
"Recommended For You": A First Look at Content Recommendation Networks
"Recommended For You": A First Look at Content Recommendation Networks"Recommended For You": A First Look at Content Recommendation Networks
"Recommended For You": A First Look at Content Recommendation NetworksSajjad "JJ" Arshad
 
Include Me Out: In-Browser Detection of Malicious Third-Party Content Inclusions
Include Me Out: In-Browser Detection of Malicious Third-Party Content InclusionsInclude Me Out: In-Browser Detection of Malicious Third-Party Content Inclusions
Include Me Out: In-Browser Detection of Malicious Third-Party Content InclusionsSajjad "JJ" Arshad
 
On the Effectiveness of Type-based Control Flow Integrity
On the Effectiveness of Type-based Control Flow IntegrityOn the Effectiveness of Type-based Control Flow Integrity
On the Effectiveness of Type-based Control Flow IntegritySajjad "JJ" Arshad
 

More from Sajjad "JJ" Arshad (14)

Cached and Confused: Web Cache Deception in the Wild
Cached and Confused: Web Cache Deception in the WildCached and Confused: Web Cache Deception in the Wild
Cached and Confused: Web Cache Deception in the Wild
 
Cached and Confused: Web Cache Deception in the Wild
Cached and Confused: Web Cache Deception in the WildCached and Confused: Web Cache Deception in the Wild
Cached and Confused: Web Cache Deception in the Wild
 
Cached and Confused: Web Cache Deception in the Wild
Cached and Confused: Web Cache Deception in the WildCached and Confused: Web Cache Deception in the Wild
Cached and Confused: Web Cache Deception in the Wild
 
HotFuzz: Discovering Algorithmic Denial-of-Service Vulnerabilities Through Gu...
HotFuzz: Discovering Algorithmic Denial-of-Service Vulnerabilities Through Gu...HotFuzz: Discovering Algorithmic Denial-of-Service Vulnerabilities Through Gu...
HotFuzz: Discovering Algorithmic Denial-of-Service Vulnerabilities Through Gu...
 
Large-Scale Analysis of Style Injection by Relative Path Overwrite
Large-Scale Analysis of Style Injection by Relative Path OverwriteLarge-Scale Analysis of Style Injection by Relative Path Overwrite
Large-Scale Analysis of Style Injection by Relative Path Overwrite
 
UNVEIL: A Large-Scale, Automated Approach to Detecting Ransomware
UNVEIL: A Large-Scale, Automated Approach to Detecting RansomwareUNVEIL: A Large-Scale, Automated Approach to Detecting Ransomware
UNVEIL: A Large-Scale, Automated Approach to Detecting Ransomware
 
Tracing Information Flows Between Ad Exchanges Using Retargeted Ads
Tracing Information Flows Between Ad Exchanges Using Retargeted AdsTracing Information Flows Between Ad Exchanges Using Retargeted Ads
Tracing Information Flows Between Ad Exchanges Using Retargeted Ads
 
How Tracking Companies Circumvent Ad Blockers Using WebSockets
How Tracking Companies Circumvent Ad Blockers Using WebSocketsHow Tracking Companies Circumvent Ad Blockers Using WebSockets
How Tracking Companies Circumvent Ad Blockers Using WebSockets
 
Practical Challenges of Type Checking in Control Flow Integrity
Practical Challenges of Type Checking in Control Flow IntegrityPractical Challenges of Type Checking in Control Flow Integrity
Practical Challenges of Type Checking in Control Flow Integrity
 
Thou Shalt Not Depend on Me: Analysing the Use of Outdated JavaScript Librari...
Thou Shalt Not Depend on Me: Analysing the Use of Outdated JavaScript Librari...Thou Shalt Not Depend on Me: Analysing the Use of Outdated JavaScript Librari...
Thou Shalt Not Depend on Me: Analysing the Use of Outdated JavaScript Librari...
 
A Longitudinal Analysis of the ads.txt Standard
A Longitudinal Analysis of the ads.txt StandardA Longitudinal Analysis of the ads.txt Standard
A Longitudinal Analysis of the ads.txt Standard
 
"Recommended For You": A First Look at Content Recommendation Networks
"Recommended For You": A First Look at Content Recommendation Networks"Recommended For You": A First Look at Content Recommendation Networks
"Recommended For You": A First Look at Content Recommendation Networks
 
Include Me Out: In-Browser Detection of Malicious Third-Party Content Inclusions
Include Me Out: In-Browser Detection of Malicious Third-Party Content InclusionsInclude Me Out: In-Browser Detection of Malicious Third-Party Content Inclusions
Include Me Out: In-Browser Detection of Malicious Third-Party Content Inclusions
 
On the Effectiveness of Type-based Control Flow Integrity
On the Effectiveness of Type-based Control Flow IntegrityOn the Effectiveness of Type-based Control Flow Integrity
On the Effectiveness of Type-based Control Flow Integrity
 

Recently uploaded

GBSN - Microbiology (Unit 1)
GBSN - Microbiology (Unit 1)GBSN - Microbiology (Unit 1)
GBSN - Microbiology (Unit 1)Areesha Ahmad
 
300003-World Science Day For Peace And Development.pptx
300003-World Science Day For Peace And Development.pptx300003-World Science Day For Peace And Development.pptx
300003-World Science Day For Peace And Development.pptxryanrooker
 
FAIRSpectra - Enabling the FAIRification of Spectroscopy and Spectrometry
FAIRSpectra - Enabling the FAIRification of Spectroscopy and SpectrometryFAIRSpectra - Enabling the FAIRification of Spectroscopy and Spectrometry
FAIRSpectra - Enabling the FAIRification of Spectroscopy and SpectrometryAlex Henderson
 
❤Jammu Kashmir Call Girls 8617697112 Personal Whatsapp Number 💦✅.
❤Jammu Kashmir Call Girls 8617697112 Personal Whatsapp Number 💦✅.❤Jammu Kashmir Call Girls 8617697112 Personal Whatsapp Number 💦✅.
❤Jammu Kashmir Call Girls 8617697112 Personal Whatsapp Number 💦✅.Nitya salvi
 
Vip profile Call Girls In Lonavala 9748763073 For Genuine Sex Service At Just...
Vip profile Call Girls In Lonavala 9748763073 For Genuine Sex Service At Just...Vip profile Call Girls In Lonavala 9748763073 For Genuine Sex Service At Just...
Vip profile Call Girls In Lonavala 9748763073 For Genuine Sex Service At Just...Monika Rani
 
SAMASTIPUR CALL GIRL 7857803690 LOW PRICE ESCORT SERVICE
SAMASTIPUR CALL GIRL 7857803690 LOW PRICE ESCORT SERVICESAMASTIPUR CALL GIRL 7857803690 LOW PRICE ESCORT SERVICE
SAMASTIPUR CALL GIRL 7857803690 LOW PRICE ESCORT SERVICEayushi9330
 
Conjugation, transduction and transformation
Conjugation, transduction and transformationConjugation, transduction and transformation
Conjugation, transduction and transformationAreesha Ahmad
 
GBSN - Biochemistry (Unit 1)
GBSN - Biochemistry (Unit 1)GBSN - Biochemistry (Unit 1)
GBSN - Biochemistry (Unit 1)Areesha Ahmad
 
GBSN - Microbiology (Unit 2)
GBSN - Microbiology (Unit 2)GBSN - Microbiology (Unit 2)
GBSN - Microbiology (Unit 2)Areesha Ahmad
 
Pulmonary drug delivery system M.pharm -2nd sem P'ceutics
Pulmonary drug delivery system M.pharm -2nd sem P'ceuticsPulmonary drug delivery system M.pharm -2nd sem P'ceutics
Pulmonary drug delivery system M.pharm -2nd sem P'ceuticssakshisoni2385
 
chemical bonding Essentials of Physical Chemistry2.pdf
chemical bonding Essentials of Physical Chemistry2.pdfchemical bonding Essentials of Physical Chemistry2.pdf
chemical bonding Essentials of Physical Chemistry2.pdfTukamushabaBismark
 
Pests of cotton_Sucking_Pests_Dr.UPR.pdf
Pests of cotton_Sucking_Pests_Dr.UPR.pdfPests of cotton_Sucking_Pests_Dr.UPR.pdf
Pests of cotton_Sucking_Pests_Dr.UPR.pdfPirithiRaju
 
High Profile 🔝 8250077686 📞 Call Girls Service in GTB Nagar🍑
High Profile 🔝 8250077686 📞 Call Girls Service in GTB Nagar🍑High Profile 🔝 8250077686 📞 Call Girls Service in GTB Nagar🍑
High Profile 🔝 8250077686 📞 Call Girls Service in GTB Nagar🍑Damini Dixit
 
Module for Grade 9 for Asynchronous/Distance learning
Module for Grade 9 for Asynchronous/Distance learningModule for Grade 9 for Asynchronous/Distance learning
Module for Grade 9 for Asynchronous/Distance learninglevieagacer
 
FAIRSpectra - Enabling the FAIRification of Analytical Science
FAIRSpectra - Enabling the FAIRification of Analytical ScienceFAIRSpectra - Enabling the FAIRification of Analytical Science
FAIRSpectra - Enabling the FAIRification of Analytical ScienceAlex Henderson
 
Justdial Call Girls In Indirapuram, Ghaziabad, 8800357707 Escorts Service
Justdial Call Girls In Indirapuram, Ghaziabad, 8800357707 Escorts ServiceJustdial Call Girls In Indirapuram, Ghaziabad, 8800357707 Escorts Service
Justdial Call Girls In Indirapuram, Ghaziabad, 8800357707 Escorts Servicemonikaservice1
 
Forensic Biology & Its biological significance.pdf
Forensic Biology & Its biological significance.pdfForensic Biology & Its biological significance.pdf
Forensic Biology & Its biological significance.pdfrohankumarsinghrore1
 
9999266834 Call Girls In Noida Sector 22 (Delhi) Call Girl Service
9999266834 Call Girls In Noida Sector 22 (Delhi) Call Girl Service9999266834 Call Girls In Noida Sector 22 (Delhi) Call Girl Service
9999266834 Call Girls In Noida Sector 22 (Delhi) Call Girl Servicenishacall1
 
Biogenic Sulfur Gases as Biosignatures on Temperate Sub-Neptune Waterworlds
Biogenic Sulfur Gases as Biosignatures on Temperate Sub-Neptune WaterworldsBiogenic Sulfur Gases as Biosignatures on Temperate Sub-Neptune Waterworlds
Biogenic Sulfur Gases as Biosignatures on Temperate Sub-Neptune WaterworldsSérgio Sacani
 
Asymmetry in the atmosphere of the ultra-hot Jupiter WASP-76 b
Asymmetry in the atmosphere of the ultra-hot Jupiter WASP-76 bAsymmetry in the atmosphere of the ultra-hot Jupiter WASP-76 b
Asymmetry in the atmosphere of the ultra-hot Jupiter WASP-76 bSérgio Sacani
 

Recently uploaded (20)

GBSN - Microbiology (Unit 1)
GBSN - Microbiology (Unit 1)GBSN - Microbiology (Unit 1)
GBSN - Microbiology (Unit 1)
 
300003-World Science Day For Peace And Development.pptx
300003-World Science Day For Peace And Development.pptx300003-World Science Day For Peace And Development.pptx
300003-World Science Day For Peace And Development.pptx
 
FAIRSpectra - Enabling the FAIRification of Spectroscopy and Spectrometry
FAIRSpectra - Enabling the FAIRification of Spectroscopy and SpectrometryFAIRSpectra - Enabling the FAIRification of Spectroscopy and Spectrometry
FAIRSpectra - Enabling the FAIRification of Spectroscopy and Spectrometry
 
❤Jammu Kashmir Call Girls 8617697112 Personal Whatsapp Number 💦✅.
❤Jammu Kashmir Call Girls 8617697112 Personal Whatsapp Number 💦✅.❤Jammu Kashmir Call Girls 8617697112 Personal Whatsapp Number 💦✅.
❤Jammu Kashmir Call Girls 8617697112 Personal Whatsapp Number 💦✅.
 
Vip profile Call Girls In Lonavala 9748763073 For Genuine Sex Service At Just...
Vip profile Call Girls In Lonavala 9748763073 For Genuine Sex Service At Just...Vip profile Call Girls In Lonavala 9748763073 For Genuine Sex Service At Just...
Vip profile Call Girls In Lonavala 9748763073 For Genuine Sex Service At Just...
 
SAMASTIPUR CALL GIRL 7857803690 LOW PRICE ESCORT SERVICE
SAMASTIPUR CALL GIRL 7857803690 LOW PRICE ESCORT SERVICESAMASTIPUR CALL GIRL 7857803690 LOW PRICE ESCORT SERVICE
SAMASTIPUR CALL GIRL 7857803690 LOW PRICE ESCORT SERVICE
 
Conjugation, transduction and transformation
Conjugation, transduction and transformationConjugation, transduction and transformation
Conjugation, transduction and transformation
 
GBSN - Biochemistry (Unit 1)
GBSN - Biochemistry (Unit 1)GBSN - Biochemistry (Unit 1)
GBSN - Biochemistry (Unit 1)
 
GBSN - Microbiology (Unit 2)
GBSN - Microbiology (Unit 2)GBSN - Microbiology (Unit 2)
GBSN - Microbiology (Unit 2)
 
Pulmonary drug delivery system M.pharm -2nd sem P'ceutics
Pulmonary drug delivery system M.pharm -2nd sem P'ceuticsPulmonary drug delivery system M.pharm -2nd sem P'ceutics
Pulmonary drug delivery system M.pharm -2nd sem P'ceutics
 
chemical bonding Essentials of Physical Chemistry2.pdf
chemical bonding Essentials of Physical Chemistry2.pdfchemical bonding Essentials of Physical Chemistry2.pdf
chemical bonding Essentials of Physical Chemistry2.pdf
 
Pests of cotton_Sucking_Pests_Dr.UPR.pdf
Pests of cotton_Sucking_Pests_Dr.UPR.pdfPests of cotton_Sucking_Pests_Dr.UPR.pdf
Pests of cotton_Sucking_Pests_Dr.UPR.pdf
 
High Profile 🔝 8250077686 📞 Call Girls Service in GTB Nagar🍑
High Profile 🔝 8250077686 📞 Call Girls Service in GTB Nagar🍑High Profile 🔝 8250077686 📞 Call Girls Service in GTB Nagar🍑
High Profile 🔝 8250077686 📞 Call Girls Service in GTB Nagar🍑
 
Module for Grade 9 for Asynchronous/Distance learning
Module for Grade 9 for Asynchronous/Distance learningModule for Grade 9 for Asynchronous/Distance learning
Module for Grade 9 for Asynchronous/Distance learning
 
FAIRSpectra - Enabling the FAIRification of Analytical Science
FAIRSpectra - Enabling the FAIRification of Analytical ScienceFAIRSpectra - Enabling the FAIRification of Analytical Science
FAIRSpectra - Enabling the FAIRification of Analytical Science
 
Justdial Call Girls In Indirapuram, Ghaziabad, 8800357707 Escorts Service
Justdial Call Girls In Indirapuram, Ghaziabad, 8800357707 Escorts ServiceJustdial Call Girls In Indirapuram, Ghaziabad, 8800357707 Escorts Service
Justdial Call Girls In Indirapuram, Ghaziabad, 8800357707 Escorts Service
 
Forensic Biology & Its biological significance.pdf
Forensic Biology & Its biological significance.pdfForensic Biology & Its biological significance.pdf
Forensic Biology & Its biological significance.pdf
 
9999266834 Call Girls In Noida Sector 22 (Delhi) Call Girl Service
9999266834 Call Girls In Noida Sector 22 (Delhi) Call Girl Service9999266834 Call Girls In Noida Sector 22 (Delhi) Call Girl Service
9999266834 Call Girls In Noida Sector 22 (Delhi) Call Girl Service
 
Biogenic Sulfur Gases as Biosignatures on Temperate Sub-Neptune Waterworlds
Biogenic Sulfur Gases as Biosignatures on Temperate Sub-Neptune WaterworldsBiogenic Sulfur Gases as Biosignatures on Temperate Sub-Neptune Waterworlds
Biogenic Sulfur Gases as Biosignatures on Temperate Sub-Neptune Waterworlds
 
Asymmetry in the atmosphere of the ultra-hot Jupiter WASP-76 b
Asymmetry in the atmosphere of the ultra-hot Jupiter WASP-76 bAsymmetry in the atmosphere of the ultra-hot Jupiter WASP-76 b
Asymmetry in the atmosphere of the ultra-hot Jupiter WASP-76 b
 

Identifying Extension-based Ad Injection via Fine-grained Web Content Provenance

  • 1. IDENTIFYING EXTENSION-BASED AD INJECTION VIA FINE-GRAINED WEB CONTENT PROVENANCE Sajjad Arshad, Amin Kharraz, and William Robertson Northeastern University RAID 2016
  • 7.
  • 8.
  • 9.
  • 10.
  • 11.
  • 12.
  • 13.
  • 14.
  • 15.
  • 16. OriginTracer: Web Content ProvenanceArshad et al. DETECTING AD INJECTION – Centralized dynamic analysis at extension distribution points – Dynamic analysis can be effective, but is also prone to the usual caveats – Third-party content injection or modification by extensions is quite common – Can be difficult for browser vendors to delineate between wanted and unwanted behavior Users are best positioned to make this judgment 16
  • 18. OriginTracer: Web Content ProvenanceArshad et al. ORIGINTRACER OriginTracer adds fine-grained content provenance tracking to the web browser – Provenance tracked at level of individual DOM elements – Indicates origins contributing to content injection and modification – Trustworthy communication of this information to the user 18
  • 19. OriginTracer: Web Content ProvenanceArshad et al. PROVENANCE LABELS – Labels are generalizations of web origins 19 L = hS, I, P, Xi S = {scheme} [ {”extension”} I = {host} [ {extension-id} P = {port} [ {null} X = {0, 1, 2, . . .}
  • 20. OriginTracer: Web Content ProvenanceArshad et al. LABEL PROPAGATION – Static content is assigned the publisher’s label {l0} – Dynamic content due to external scripts – New external scripts are assigned a label {li} – Injected or modified content is labeled {l0, li} – Extension content – Initialized with unique label as for external scripts – But, injected or modified content labels omit the publisher’s label ({l0, lj}) 20
  • 21. OriginTracer: Web Content ProvenanceArshad et al. LABEL PROPAGATION – Static content is assigned the publisher’s label {l0} – Dynamic content due to external scripts – New external scripts are assigned a label {li} – Injected or modified content is labeled {l0, li} – Extension content – Initialized with unique label as for external scripts – But, injected or modified content labels omit the publisher’s label ({l0, lj}) 21
  • 22.
  • 23. l0
  • 27. OriginTracer: Web Content ProvenanceArshad et al. PROVENANCE INDICATORS – Provenance must be communicated to the user in a trustworthy way – What is the best way to communicate provenance? – Full provenance label sets likely to be difficult to comprehend – For extensions, we chose to use the extension title – For arbitrary content, origins are easy but not ideal 27
  • 28. OriginTracer: Web Content ProvenanceArshad et al. IMPLEMENTATION – Modifications to Chromium browser – ~900 SLoC (C++), several lines of JavaScript – Mediates DOM APIs for node creation and modification – Mediates node insertion through document writes – Callbacks registered for events and timers 28
  • 29.
  • 31. OriginTracer: Web Content ProvenanceArshad et al. EVALUATION QUESTIONS (1) How susceptible are users to injected content? (2) Do provenance indicators reduce clicks on extension- injected content? (3) Would users adopt a provenance tracking system? (4) Does provenance tracking degrade browser performance and user experience? 31
  • 32. OriginTracer: Web Content ProvenanceArshad et al. USER STUDY SETUP – Study population: 80 students of varying technical sophistication – Participants exposed to six Chromium instances (unmodified and modified), each with an ad-injecting extension installed – Auto Zoom, Alpha Finder, X-Notifier, Candy Zapper, uTorrent, Gethoneybadger – Participants were asked to visit three retail websites – Amazon, Walmart, Alibaba 32
  • 33. (a) Group 1. (b) Group 2. Fig. 4: Percentage of injected ads that are reported correctly by all the participants. sites. For each website, we asked the participants to examine the page and tell us if they noticed any content in the page that did not belong to the website – in other words, whether any content did not seem to originate from the publisher. For each group, we Are users able to correctly recognize injected advertisements?
  • 34. Are users generally willing to click on the advertisements presented to them? (a) Susceptibility to ad injection. (b) Ab
  • 35. Do content provenance indicators assist users in recognizing injected advertisements? ection. (b) Ability to identify injected ads. (c) Usab sults. For each boxplot, the box represents th
  • 36. Would users be willing to adopt a provenance tracking system to identify injected advertisements? ed ads. (c) Usability of content provenance.
  • 37. OriginTracer: Web Content ProvenanceArshad et al. RELIABILITY – Separate user study on 13 students of varying technical background – Asked participants to browse the web for several hours using the OriginTracer prototype – Asked users to report errors – Type I: browser crash, page doesn’t load, etc. – Type II: abnormal load time, page appearance not as expected – Out of almost 2K URLs, two Type I and 27 Type II errors were reported 37
  • 38. OriginTracer: Web Content ProvenanceArshad et al. PERFORMANCE OVERHEAD – Configured an unmodified Chromium and OriginTracer instance to visit the Alexa Top 1K – Broad spectrum of static and dynamic content on most-used websites – Browsers configured with five benign extensions – Average 10.5% browsing latency overhead – No impact on browser start-up time 38
  • 39. OriginTracer: Web Content ProvenanceArshad et al. FUTURE WORK – Usability of provenance indicators should be considered an initial attempt – Many points in the design space we did not explore – Extending provenance for other applications – Surfacing fine-grained provenance is potentially highly useful – e.g., inferring remote data flows between origins – e.g., fine-grained policy enforcement 39
  • 40. OriginTracer: Web Content ProvenanceArshad et al. CONCLUSIONS – Some forms of questionable behavior on the web are best judged by the user – OriginTracer tracks web content provenance in a fine- grained way, allowing users to make similarly fine- grained trust decisions – Evaluation shows that provenance tracking can be performed in an efficient and effective way for modern browsers and web content 40