AdJail: Practical Enforcement of Confidentiality and Integrity Policies on Web Advertisements
نویسندگان
چکیده
Web publishers frequently integrate third-party advertisements into web pages that also contain sensitive publisher data and end-user personal data. This practice exposes sensitive page content to confidentiality and integrity attacks launched by advertisements. In this paper, we propose a novel framework for addressing security threats posed by third-party advertisements. The heart of our framework is an innovative isolation mechanism that enables publishers to transparently interpose between advertisements and end users. The mechanism supports finegrained policy specification and enforcement, and does not affect the user experience of interactive ads. Evaluation of our framework suggests compatibility with several mainstream ad networks, security from many threats from advertisements and acceptable performance overheads.
منابع مشابه
SIF: Enforcing Confidentiality and Integrity in Web Applications
SIF (Servlet Information Flow) is a novel software framework for building high-assurance web applications, using language-based information-flow control to enforce security. Explicit, end-to-end confidentiality and integrity policies can be given either as compile-time program annotations, or as run-time user requirements. Compile-time and run-time checking efficiently enforce these policies. I...
متن کاملEnforcing RBAC Policies over Data Stored on Untrusted Server (Extended Version)
One of the security issues in data outsourcing is the enforcement of the data owner’s access control policies. This includes some challenges. The first challenge is preserving confidentiality of data and policies. One of the existing solutions is encrypting data before outsourcing which brings new challenges; namely, the number of keys required to access authorized resources, efficient policy u...
متن کاملReactive non-interference for the browser: extended version
Given a partially ordered set (poset) of security levels, and a labelling of inputs and outputs with such levels, non-interference (or secure information flow) is a security property expressing that outputs of level l only depend on inputs that are labelled with a level smaller than l. In other words, there is no information flow from high (confidential) levels, to low (public) levels. For web ...
متن کاملAutomatic policy enforcement on semantic social data
Web-based data collection of non-reactive data is becoming increasingly important for many social science fields. Being able to introduce and automatically enforce policies that regulate the collection and the use of those data is crucial for taking into account the privacy and confidentiality wishes of data providers. Those policies are currently expressed in natural language or in a language ...
متن کاملPolicy Enforcement Framework for Cloud Data Management
Cloud computing is a major emerging technology that is significantly changing industrial computing paradigms and business practices. However, security and privacy concerns have arisen as obstacles to widespread adoption of clouds by users. While much cloud security research focuses on enforcing standard access control policies typical of centralized systems, such policies often prove inadequate...
متن کامل