{"674217":{"#nid":"674217","#data":{"type":"event","title":"PhD Proposal by Qinge Xie","body":[{"value":"\u003Cp\u003E\u003Cstrong\u003ETitle\u003C\/strong\u003E: Building Empirically-Driven Solutions for Enhancing Security and Privacy of Popular Internet Services\u003C\/p\u003E\r\n\r\n\u003Cp\u003E\u0026nbsp;\u003C\/p\u003E\r\n\r\n\u003Cp\u003E\u003Cstrong\u003EQinge Xie\u003C\/strong\u003E\u003C\/p\u003E\r\n\r\n\u003Cp\u003EPh.D. student\u003C\/p\u003E\r\n\r\n\u003Cp\u003ESchool of Cybersecurity and Privacy\u003C\/p\u003E\r\n\r\n\u003Cp\u003EGeorgia Institute of Technology\u003C\/p\u003E\r\n\r\n\u003Cp\u003E\u0026nbsp;\u003C\/p\u003E\r\n\r\n\u003Cp\u003E\u003Cstrong\u003EDate\u003C\/strong\u003E: Wednesday, May 1st, 2024\u0026nbsp;\u003C\/p\u003E\r\n\r\n\u003Cp\u003E\u003Cstrong\u003ETime\u003C\/strong\u003E: 1:00 pm - 2:00 pm EST\u0026nbsp;\u003C\/p\u003E\r\n\r\n\u003Cp\u003E\u003Cstrong\u003ELocation\u003C\/strong\u003E:\u0026nbsp;Coda C0903 Ansley\u003C\/p\u003E\r\n\r\n\u003Cp\u003E\u003Cstrong\u003EZoom:\u0026nbsp; \u003C\/strong\u003E\u003Ca href=\u0022https:\/\/gatech.zoom.us\/j\/97700528530\u0022 title=\u0022https:\/\/gatech.zoom.us\/j\/97700528530\u0022\u003Ehttps:\/\/gatech.zoom.us\/j\/97700528530\u003C\/a\u003E\u003C\/p\u003E\r\n\r\n\u003Cp\u003E\u0026nbsp;\u003C\/p\u003E\r\n\r\n\u003Cp\u003E\u003Cstrong\u003ECommittee\u003C\/strong\u003E:\u0026nbsp;\u003C\/p\u003E\r\n\r\n\u003Cp\u003EDr. Frank Li (advisor), School of Cybersecurity and Privacy, Georgia Institute of Technology\u0026nbsp;\u003C\/p\u003E\r\n\r\n\u003Cp\u003EDr. Cecilia Testart, School of Cybersecurity and Privacy, Georgia Institute of Technology\u0026nbsp;\u003C\/p\u003E\r\n\r\n\u003Cp\u003EDr. Alberto Dainotti, School of Computer Science, Georgia Institute of Technology\u0026nbsp;\u003C\/p\u003E\r\n\r\n\u003Cp\u003E\u0026nbsp;\u003C\/p\u003E\r\n\r\n\u003Cp\u003E\u003Cstrong\u003EAbstract:\u003C\/strong\u003E\u003C\/p\u003E\r\n\r\n\u003Cp\u003EVarious popular Internet services, ranging from websites to browser extensions to even research-based resources such as domain top lists, offer useful functionalities to a diverse set of Internet users. While these services have become crucial components of the Internet ecosystem, they still exhibit undesirable properties in practice, which may result in users exposing themselves to security and privacy risks, and inhibit their appropriate usage in security and privacy research. This avenue of problems has not gone unnoticed and prior work has proposed solutions for better securing these Internet services. However, in my work, we have identified critical limitations in prior solutions. My work aims to use real-world measurements to empirically inform the design of practical and effective solutions for enhancing security and privacy of such popular Internet services.\u0026nbsp;\u003C\/p\u003E\r\n\r\n\u003Cp\u003E\u0026nbsp;\u003C\/p\u003E\r\n\r\n\u003Cp\u003EI will first discuss domain top lists, which are critical services widely used by the Internet security and privacy research communities and industries. However, existing top lists exhibit numerous undesirable properties, including a lack of transparency, high volatility, and easy manipulation. Despite these security concerns, they continue to be widely used as there remain no viable alternatives. To build a robust top list solution, we empirically investigated different list design considerations using a real-world passive DNS dataset. We produced a voting-based top list that demonstrates better stability and manipulation resistance than existing ones. As a follow-up work, we also conducted an empirical evaluation of real-world top list use by monitoring the incoming traffic of top domains. Our findings inform the design and deployment of top lists to enhance security and privacy in their use.\u0026nbsp;\u003C\/p\u003E\r\n\r\n\u003Cp\u003E\u0026nbsp;\u003C\/p\u003E\r\n\r\n\u003Cp\u003ENext, I will discuss browser extensions, widely used to enhance user browser experiences but which exhibit undesirable privacy controls. Prior solutions for detecting privacy risks from extensions have explored certain privacy-invasive behavior but overlooked the user contents of web pages, which often contains the richest user data. Furthermore, some solutions are no longer functional due to significant changes with both the Chromium and extension platform design. Thus, informed by our empirical investigation of modern-day extensions, Chromium, and web standards, we developed a new dynamic browser taint tracking system to monitor sensitive user content across web pages and extensions. We empirically evaluated all functional Chrome extensions and observed privacy risks in over 3K extensions. Our system serves as a tool for the extension vetting process, detecting extensions that pose significant privacy risks before they are deployed to users.\u0026nbsp;\u003C\/p\u003E\r\n\r\n\u003Cp\u003E\u0026nbsp;\u003C\/p\u003E\r\n\r\n\u003Cp\u003EFinally, I will discuss my ongoing work in building a solution to automatically analyze website privacy policies and effectively detect inconsistencies between the user data collection and third-party data sharing described in policies and the actual behavior of websites. I will briefly discuss my progress in collecting privacy policy data and exploring automated methods for analyzing privacy policies.\u0026nbsp;\u003C\/p\u003E\r\n","summary":"","format":"limited_html"}],"field_subtitle":"","field_summary":[{"value":"\u003Cp\u003EBuilding Empirically-Driven Solutions for Enhancing Security and Privacy of Popular Internet Services\u003C\/p\u003E\r\n","format":"limited_html"}],"field_summary_sentence":[{"value":"Building Empirically-Driven Solutions for Enhancing Security and Privacy of Popular Internet Services"}],"uid":"27707","created_gmt":"2024-04-16 18:51:40","changed_gmt":"2024-04-16 18:52:10","author":"Tatianna Richardson","boilerplate_text":"","field_publication":"","field_article_url":"","field_event_time":{"event_time_start":"2024-05-01T13:00:00-04:00","event_time_end":"2024-05-01T14:00:00-04:00","event_time_end_last":"2024-05-01T14:00:00-04:00","gmt_time_start":"2024-05-01 17:00:00","gmt_time_end":"2024-05-01 18:00:00","gmt_time_end_last":"2024-05-01 18:00:00","rrule":null,"timezone":"America\/New_York"},"location":"Coda C0903 Ansley","extras":[],"groups":[{"id":"221981","name":"Graduate Studies"}],"categories":[],"keywords":[{"id":"102851","name":"Phd proposal"}],"core_research_areas":[],"news_room_topics":[],"event_categories":[{"id":"1788","name":"Other\/Miscellaneous"}],"invited_audience":[{"id":"78771","name":"Public"}],"affiliations":[],"classification":[],"areas_of_expertise":[],"news_and_recent_appearances":[],"phone":[],"contact":[],"email":[],"slides":[],"orientation":[],"userdata":""}}}