Presenter(s)

Jack A. Armentrout, Panchakshari N. Hiremath

Comments

This presentation was given live via Zoom at 11:00 a.m. (Eastern Time) on Wednesday, April 22.

Download

Download Project (1.8 MB)

Description

We introduce a novel approach to implementing a browser-based tool for web users to protect their privacy. We propose to monitor the behaviors of JavaScript code within a webpage, especially operations that can read data within a browser or can send data from a browser to outside. Our monitoring mechanism is to ensure that all detected leakage is automatically prevented by our context-aware policies that can be modified and redefined by the user. Our method advances the conventional same-origin policy standard of the Web by enforcing different policies for either each source of the code, or groups of related API. Although we develop the tool as a browser extension, our approach is browser-agnostic as it is based on standard JavaScript. Also, our method stands from existing proposals in the industry and literature. In particular, it does not rely on network request interception and blocking mechanisms provided by browsers, which face various technical issues and lead to an “all or nothing” approach to privacy on the web. We implement a proof-of-concept prototype and perform practical evaluations to demonstrate the effectiveness of our approach. Our experimental results evidence that the proposed method can detect and prevent data leakage channels not captured by the leading tools such as Ghostery and uBlock Origin. We show that our prototype is compatible with major browsers and popular real-world websites with promising runtime performance.

Publication Date

4-22-2020

Project Designation

Independent Research

Primary Advisor

Phu Huu Phung

Primary Advisor's Department

Computer Science

Keywords

Stander Symposium project, College of Arts and Sciences

United Nations Sustainable Development Goals

Industry, Innovation, and Infrastructure

MyWebGuard: Toward a User-Oriented Tool for Security and Privacy Protection on the Web.

Share

COinS