Identifying Extension-Based Ad Injection via Fine-Grained Web Content Provenance

Arshad, Sajjad; Kharraz, Amin; Robertson, William

doi:10.1007/978-3-319-45719-2_19

Cited by 17 publications

(13 citation statements)

References 29 publications

(22 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The potential danger of extensions has been highlighted in [195] where extensions were identified to be "the most dangerous code to user privacy" in today's browsers. Some recent works have focused on tracking the provenance of web content at the level of DOM (Document Object Model) elements [23].…”

Section: Browser Extensionsmentioning

confidence: 99%

A survey of challenges for runtime verification from advanced application domains (beyond software)

Sánchez

Schneider

Ahrendt

et al. 2019

Form Methods Syst Des

View full text Add to dashboard Cite

Runtime verification is an area of formal methods that studies the dynamic analysis of execution traces against formal specifications. Typically, the two main activities in runtime verification efforts are the process of creating monitors from specifications, and the algorithms for the evaluation of traces against the generated monitors. Other activities involve the instrumentation of the system to generate the trace and the communication between the system under analysis and the monitor.Most of the applications in runtime verification have been focused on the dynamic analysis of software, even though there are many more potential applications to other computational devices and target systems. In this paper we present a collection of challenges for runtime verification extracted from concrete application domains, focusing on the difficulties that must be overcome to tackle these specific challenges. The computational models that characterize these domains require to devise new techniques beyond the current state of the art in runtime verification.

show abstract

Section: Browser Extensionsmentioning

confidence: 99%

A survey of challenges for runtime verification from advanced application domains (beyond software)

Sánchez

Schneider

Ahrendt

et al. 2019

Form Methods Syst Des

View full text Add to dashboard Cite

show abstract

“…Reis et al [26] proposed "web tripwires," a method that allows publishers to include a verification check in their page that compares the DOM a user received with the DOM the publisher sent. Arshad et al [4] developed OriginTracer, a tool that notifies the user about which party is responsible for any modifications in a loaded page's content by tracking DOM element alterations (e.g., due to browser extensions). The same authors have developed Excision [5], an in-browser mechanism that relies on an enhanced version of the DOM tree to keep track of the relationships between the resources of a page in order to block malicious third-party content.…”

Section: B Detecting Content Alteration and Fraudulent Ad Trafficmentioning

confidence: 99%

A Large-scale Analysis of Content Modification by Open HTTP Proxies

Tsirantonakis¹,

Ilia²,

Ioannidis³

et al. 2018

Proceedings 2018 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

Open HTTP proxies offer a quick and convenient solution for routing web traffic towards a destination. In contrast to more elaborate relaying systems, such as anonymity networks or VPN services, users can freely connect to an open HTTP proxy without the need to install any special software. Therefore, open HTTP proxies are an attractive option for bypassing IPbased filters and geo-location restrictions, circumventing content blocking and censorship, and in general, hiding the client's IP address when accessing a web server. Nevertheless, the consequences of routing traffic through an untrusted third party can be severe, while the operating incentives of the thousands of publicly available HTTP proxies are questionable.

show abstract

“…Extensions can be considered as the "most dangerous code in the browser" [9]. Previous research found extensions to inject or replace ads [1,10,29], causing monetary damage to content creators and, in turn, consumers. To detect privacy-invasive extensions, previous work used dynamic taint analysis to find spyware in Internet Explorer Browser Helper Objects (BHOs) [5].…”

Section: Introductionmentioning

confidence: 99%

Ex-Ray

Weissbacher

Mariconti

Suárez-Tangil

et al. 2017

Proceedings of the 33rd Annual Computer Security Applications Conference

Self Cite

View full text Add to dashboard Cite

Web browsers have become the predominant means for developing and deploying applications, and thus they often handle sensitive data such as social interactions or financial credentials and information. As a consequence, defensive measures such as TLS, the Same-Origin Policy (SOP), and Content Security Policy (CSP) are critical for ensuring that sensitive data remains in trusted hands.Browser extensions, while a useful mechanism for allowing thirdparty extensions to core browser functionality, pose a security risk in this regard since they have access to privileged browser APIs that are not necessarily restricted by the SOP or CSP. Because of this, they have become a major vector for introducing malicious code into the browser. Prior work has led to improved security models for isolating and sandboxing extensions, as well as techniques for identifying potentially malicious extensions. The area of privacy-violating browser extensions has so far been covered by manual analysis and systems performing search on specific text on network traffic. However, comprehensive content-agnostic systems for identifying tracking behavior at the network level are an area that has not yet received significant attention.In this paper, we present a dynamic technique for identifying privacy-violating extensions in Web browsers that relies solely on observations of the network traffic patterns generated by browser extensions. We then present Ex-Ray, a prototype implementation of this technique for the Chrome Web browser, and use it to evaluate all extensions from the Chrome store with more than 1,000 installations (10,691 in total). Our evaluation finds new types of tracking behavior not covered by state of the art systems. Finally, we discuss potential browser improvements to prevent abuse by future user-tracking extensions.

show abstract

Identifying Extension-Based Ad Injection via Fine-Grained Web Content Provenance

Cited by 17 publications

References 29 publications

A survey of challenges for runtime verification from advanced application domains (beyond software)

A survey of challenges for runtime verification from advanced application domains (beyond software)

A Large-scale Analysis of Content Modification by Open HTTP Proxies

Ex-Ray

Contact Info

Product

Resources

About