PhD Proposal by Wei Meng

Event Details
  • Date/Time:
    • Thursday December 15, 2016
      1:00 pm - 3:00 pm
  • Location: Klaus 3126
  • Phone:
  • URL:
  • Email:
  • Fee(s):
    N/A
  • Extras:
Contact
No contact information submitted.
Summaries

Summary Sentence: Identifying and Mitigating Threats from Embedding Third-Party Content

Full Summary: No summary paragraph submitted.

Title: Identifying and Mitigating Threats from Embedding Third-Party Content

 

Wei Meng

Ph.D. student

School of Computer Science

College of Computing

Georgia Institute of Technology

 

Date: Thursday, December 15th, 2016

Time: 1 PM - 3 PM (EST)

Location: Klaus 3126

 

Committee:

------------------------

Dr. Wenke Lee (Advisor, School of Computer Science, Georgia Institute of Technology) Dr. Giovanni Vigna (Department of Computer Science, University of California, Santa Barbara) Dr. Mustaque Ahamad (School of Computer Science, Georgia Institute of Technology)

 

Abstract

------------------------

Embedding content from third parties to enrich features is a common practice in the development of modern web applications and mobile applications. Such practices can pose very serious security and privacy threats, because third-party content usually operates with the same privilege as first-party content and is not well isolated. Some threats are not previously known because of the uses of emerging technologies such as tracking, profiling and personalization.

 

This thesis has identified two new classes of threats caused by malicious first-party applications that embed third-party content, and proposed defense techniques to mitigate these threats. In particular, we show that the personalization systems of popular websites can be abused by a malicious publisher to pollute a user’s profile. In addition, we demonstrate that a malicious Android application can infer a user’s profile that is already learned by third-party ad networks.

 

This thesis also aims to design mechanisms that enable end-users and developers to limit the privileges of third-party content to prevent unintended behaviors. First, this thesis presents TrackMeOrNot, a client-side anti-tracking mechanism that allows end-users to selectively opt out of third-party web tracking based on their demand and cloak their privacy sensitive browsing activities. Second, we plan to design and implement a new permission mechanism for web applications to address the limitations of existing web permission mechanisms, which offer only all-or-nothing restriction.

 

Additional Information

In Campus Calendar
No
Groups

Graduate Studies

Invited Audience
Public
Categories
Other/Miscellaneous
Keywords
Phd proposal
Status
  • Created By: Tatianna Richardson
  • Workflow Status: Published
  • Created On: Dec 7, 2016 - 4:30pm
  • Last Updated: Dec 7, 2016 - 4:30pm