Presenter(s)
Jack A. Armentrout, Panchakshari N. Hiremath
Files
Download Project (1.8 MB)
Description
We introduce a novel approach to implementing a browser-based tool for web users to protect their privacy. We propose to monitor the behaviors of JavaScript code within a webpage, especially operations that can read data within a browser or can send data from a browser to outside. Our monitoring mechanism is to ensure that all detected leakage is automatically prevented by our context-aware policies that can be modified and redefined by the user. Our method advances the conventional same-origin policy standard of the Web by enforcing different policies for either each source of the code, or groups of related API. Although we develop the tool as a browser extension, our approach is browser-agnostic as it is based on standard JavaScript. Also, our method stands from existing proposals in the industry and literature. In particular, it does not rely on network request interception and blocking mechanisms provided by browsers, which face various technical issues and lead to an “all or nothing” approach to privacy on the web. We implement a proof-of-concept prototype and perform practical evaluations to demonstrate the effectiveness of our approach. Our experimental results evidence that the proposed method can detect and prevent data leakage channels not captured by the leading tools such as Ghostery and uBlock Origin. We show that our prototype is compatible with major browsers and popular real-world websites with promising runtime performance.
Publication Date
4-22-2020
Project Designation
Independent Research
Primary Advisor
Phu Huu Phung
Primary Advisor's Department
Computer Science
Keywords
Stander Symposium project, College of Arts and Sciences
United Nations Sustainable Development Goals
Industry, Innovation, and Infrastructure
Recommended Citation
"MyWebGuard: Toward a User-Oriented Tool for Security and Privacy Protection on the Web." (2020). Stander Symposium Projects. 1793.
https://ecommons.udayton.edu/stander_posters/1793
Comments
This presentation was given live via Zoom at 11:00 a.m. (Eastern Time) on Wednesday, April 22.