Users regularly enter sensitive data, such as passwords, credit card numbers, or tax information, into the browser window. While modern browsers provide powerful clientside privacy measures to protect this data, none of these defenses prevent a browser compromised by malware from stealing it. In this work, we present Fidelius, a new architecture that uses trusted hardware enclaves integrated into the browser to enable protection of user secrets during web browsing sessions, even if the entire underlying browser and OS are fully controlled by a malicious attacker.Fidelius solves many challenges involved in providing protection for browsers in a fully malicious environment, offering support for integrity and privacy for form data, JavaScript execution, XMLHttpRequests, and protected web storage, while minimizing the TCB. Moreover, interactions between the enclave and the browser, the keyboard, and the display all require new protocols, each with their own security considerations. Finally, Fidelius takes into account UI considerations to ensure a consistent and simple interface for both developers and users.As part of this project, we develop the first open source system that provides a trusted path from input and output peripherals to a hardware enclave with no reliance on additional hypervisor security assumptions. These components may be of independent interest and useful to future projects.We implement and evaluate Fidelius to measure its performance overhead, finding that Fidelius imposes acceptable overhead on page load and user interaction for secured pages and has no impact on pages and page components that do not use its enhanced security features.
No abstract
Fingerspelling receptive skills remain among the most difficult aspects of sign language for hearing people to learn due to the lack of access to practice tools that reproduce the natural motion of human signing. This problem has been exacerbated in recent years by the move from desktop to mobile technologies which has rendered prior software platforms less accessible to general users. This paper explores a web-enabled 3D rendering architecture that enables real-time fingerspelling on a human avatar that can address these issues. In addition it is capable of producing more realistic motion than prior efforts that were video-based and provides greater interactivity and customization that will support further enhancements to self-practice tools for fingerspelling reception.
Many people donate money to fund organizations, but very rarely do those donors have information about where those donations go. Donation platforms are both non-transparent and also leave a large portion of potential donors unnoticed: gamers [1]. This paper explores the concept of utilizing blockchain technology and its existence as a web3 token-based platform in order to provide transparency for donation routes, showing donors and other companies exactly where donations are coming from and where that money is going. Our application utilizes HTTP requests in order to greatly increase compatibility, and also uses multiple private key encryptions in order to ensure that any user data or information and monetary transactions are kept secure and private [2].
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.