A Novel Approach for User-Centric Privacy Protection on the Web

Date of Award

2023

Degree Name

M.C.S. (Master of Computer Science)

Department

Department of Computer Science

Advisor/Chair

Phu Phung

Abstract

Web-based applications run within web browsers and interact with a wide range of user-provided data. Web applications gain their dynamic nature from web scripts, particularly JavaScript, which accesses this data through browser APIs. Unfortunately, a significant number of web-based attacks compromising user security and privacy have been discovered over the past decade. Attackers can exploit scripting languages and other web attack techniques, such as cross-site scripting, to steal personal information. In addition, many websites utilize third-party JavaScript without thoroughly checking the code or scanning for vulnerabilities. The third-party code can exploit security weaknesses, resulting in unauthorized user information acquisition, such as user cookies and session data. In this thesis, we have developed a framework incorporating various policy categories to address the above mentioned issues. We have implemented a policy engine to enforce these regulations and provided users with a graphical interface to customize these policies according to their needs. Our experiments have demonstrated that this framework empowers end-users to modify rules and regulate the utilization of device resources. Through our policy enforcement engine, we effectively prevent simulated attack scenarios, thus safeguarding device resources and protecting user privacy.

Keywords

User-centric privacy, protection on the web, Policy engine, Modify policies, Browser Extension

Rights Statement

Copyright © 2023, Author

Link to Full Text

Share

COinS