PhD Defense by Wei Meng

Event Details
  • Date/Time:
    • Thursday July 20, 2017
      10:00 am - 12:00 pm
  • Location: Atlanta, GA
  • Phone:
  • URL:
  • Email:
  • Fee(s):
    N/A
  • Extras:
Contact
No contact information submitted.
Summaries

Summary Sentence: : Identifying and Mitigating Threats from Embedding Third-Party Content

Full Summary: No summary paragraph submitted.

Title: Identifying and Mitigating Threats from Embedding Third-Party Content

 

Wei Meng

Ph.D. Candidate

School of Computer Science

College of Computing

Georgia Institute of Technology

 

Date: Thursday, July 20th, 2017

Time: 10 AM - 12 PM (EDT)

Location: Klaus 3126

 

Committee:

------------------------

Dr. Wenke Lee (Advisor, School of Computer Science, Georgia Institute of Technology) Dr. Mustaque Ahamad (School of Computer Science, Georgia Institute of Technology) Dr. Taesoo Kim (School of Computer Science, Georgia Institute of Technology) Dr. Giovanni Vigna (Department of Computer Science, University of California, Santa Barbara) Dr. Nick Feamster (Department of Computer Science, Princeton University)

 

Abstract

------------------------

Embedding content from third parties to enrich features is a common practice in the development of modern web applications and mobile applications. Such practices can pose serious security and privacy threats to an end user, because sensitive data about a user in an application can be directly accessed by third-party content that usually operates with the same privilege as first-party content. The confidentiality and integrity of a user’s indirect data, such as a user profile, may also be compromised by such practices.

 

This dissertation aims to identify new threats posed to end users by the practices of embedding third-party content and develop techniques to mitigate these threats. We first demonstrate how a malicious first-party application can either pollute or infer a user’s indirect data in a third-party service or application by embedding it, and propose defense techniques to mitigate these two new classes of threats. We then study how over-privileged third-party JavaScript code accesses a user’s direct data in a web application in general through a large-scale measurement.

 

This dissertation also aims to design mechanisms that enable end users and developers to limit the privilege of third-party content to prevent unintended behaviors. First, we present TrackMeOrNot, a client-side tracking control mechanism that allows end users to selectively opt out of third-party web tracking based on their demand. Second, we propose a fine-grained permission mechanism for web applications to restrict the privilege of third-party JavaScript code.

 

Additional Information

In Campus Calendar
No
Groups

Graduate Studies

Invited Audience
Public
Categories
Other/Miscellaneous
Keywords
Phd Defense
Status
  • Created By: Tatianna Richardson
  • Workflow Status: Published
  • Created On: Jul 17, 2017 - 2:12pm
  • Last Updated: Jul 17, 2017 - 2:12pm