Stickler: Defending Against Malicious CDNs in an Unmodified Browser
نویسندگان
چکیده
Website publishers can derive enormous performance benefits and cost savings by directing traffic to their sites through content distribution networks (CDNs). However, publishers who use CDNs today must trust their CDN not to modify the site’s JavaScript, CSS, images or other media en route to end users. A CDN that violates this trust could inject ads into websites, downsample media to save bandwidth or, worse, inject malicious JavaScript code to steal user secrets it could not otherwise access. We present Stickler, a system for website publishers that guarantees the end-to-end authenticity of content served to end users while simultaneously allowing publishers to reap the benefits of CDNs. Crucially, Stickler achieves these guarantees without requiring modifications to the browser.
منابع مشابه
Design and Implementation of Linux Based Hybrid Client Honeypot Incorporating Multi Layer Detection
In current global internet cyber space, the number of targeted client side attacks are increasing that lead users to adversaries' web sites and exploit web browser vulnerabilities is increasing, therefore there is requirement of strong mechanisms to fight against these kinds of attacks. In this paper, we present the design and implementation of a client honeypot which incorporate the functional...
متن کاملUnderstanding and Defending Against Malicious Identities in Online Social Networks
Understanding and Defending Against Malicious Identities in Online Social Networks
متن کاملDefending Browsers against Drive-by Downloads: Mitigating Heap-Spraying Code Injection Attacks
Drive-by download attacks are among the most common methods for spreading malware today. These attacks typically exploit memory corruption vulnerabilities in web browsers and browser plug-ins to execute shellcode, and in consequence, gain control of a victim’s computer. Compromised machines are then used to carry out various malicious activities, such as joining botnets, sending spam emails, or...
متن کاملEmpowering Browser Security for Mobile Devices Using Smart CDNs
There has been a great deal of attention on browser security in recent years. However, the majority of projects in this space have focused on security of desktop browsers, while it is likely that it is the mobile browsers that will be targets of security attacks in the coming years. In this paper we propose the use of “smart CDNs” to quickly drive security innovations into the mobile browser sp...
متن کاملSpyProxy: Execution-based Detection of Malicious Web Content
This paper explores the use of execution-based Web content analysis to protect users from Internet-borne malware. Many anti-malware tools use signatures to identify malware infections on a user’s PC. In contrast, our approach is to render and observe active Web content in a disposable virtual machine before it reaches the user’s browser, identifying and blocking pages whose behavior is suspicio...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- CoRR
دوره abs/1506.04110 شماره
صفحات -
تاریخ انتشار 2015