Include Me Out: In-Browser Detection of Malicious Third-Party Content Inclusions

Arshad, Sajjad; Kharraz, Amin; Robertson, William

doi:10.1007/978-3-662-54970-4_26

Cited by 24 publications

(31 citation statements)

References 21 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Although jQuery is an immensely popular library, the fact that searching for "security" or "vulnerability" in the official learning centre returns "Apologies, but nothing matched your search criteria" is an excellent summary of the state of JavaScript library security on the Internet, circa August 2016. 1 A similar lack of adequate information about security issues has also been reported for the Android library ecosystem [3].…”

Section: Discussionsupporting

confidence: 53%

“…We observed that libraries included by third-party components such as advertising, tracking 1 Ember, the 50 th most popular library in ALEXA (rank 52 in COM), is a notable exception with long-term support versions, a security mailing list, CVEs for vulnerabilities, and affected versions listed in security notices. or social media widget code have a higher rate of vulnerability than other inclusions.…”

Section: Third-party Componentsmentioning

confidence: 95%

“…Implementation of Causality Trees: Our definition of causality trees is related to the concepts previously used to analyse malicious JavaScript inclusions [1] and cookie matching between online ad exchanges [5], but it differs in the details. Our implementation is independent from the aforementioned works and uses a different technological approach by building on the Chrome Debugging Protocol [8] to minimise the necessity for brittle browser source code modifications.…”

Section: Data Collectionmentioning

confidence: 99%

See 2 more Smart Citations

Thou Shalt Not Depend on Me: Analysing the Use of Outdated JavaScript Libraries on the Web

Lauinger¹,

Chaabane²,

Arshad³

et al. 2017

Proceedings 2017 Network and Distributed System Security Symposium

Self Cite

View full text Add to dashboard Cite

Web developers routinely rely on third-party Java-Script libraries such as jQuery to enhance the functionality of their sites. However, if not properly maintained, such dependencies can create attack vectors allowing a site to be compromised.In this paper, we conduct the first comprehensive study of client-side JavaScript library usage and the resulting security implications across the Web. Using data from over 133 k websites, we show that 37 % of them include at least one library with a known vulnerability; the time lag behind the newest release of a library is measured in the order of years. In order to better understand why websites use so many vulnerable or outdated libraries, we track causal inclusion relationships and quantify different scenarios. We observe sites including libraries in ad hoc and often transitive ways, which can lead to different versions of the same library being loaded into the same document at the same time. Furthermore, we find that libraries included transitively, or via ad and tracking code, are more likely to be vulnerable. This demonstrates that not only website administrators, but also the dynamic architecture and developers of third-party services are to blame for the Web's poor state of library management.The results of our work underline the need for more thorough approaches to dependency management, code maintenance and third-party code inclusion on the Web.

show abstract

Section: Discussionsupporting

confidence: 53%

Section: Third-party Componentsmentioning

confidence: 95%

Section: Data Collectionmentioning

confidence: 99%

See 1 more Smart Citation

Thou Shalt Not Depend on Me: Analysing the Use of Outdated JavaScript Libraries on the Web

Lauinger¹,

Chaabane²,

Arshad³

et al. 2017

Proceedings 2017 Network and Distributed System Security Symposium

Self Cite

View full text Add to dashboard Cite

show abstract

“…The Inclusion graph corrects the technical problem of the Referer graph by using the actual inclusion relationships between domains to represent edges, rather than imprecise Referer relationships. We are able to construct Inclusion graphs, thanks to advances in browser instrumentation that allow researchers to conduct web crawls that record the exact provenance of all HTTP(S) requests [6,10,41].…”

Section: Introductionmentioning

confidence: 99%

Diffusion of User Tracking Data in the Online Advertising Ecosystem

Bashir

Wilson

2018

Proceedings on Privacy Enhancing Technologies

View full text Add to dashboard Cite

Advertising and Analytics (A&A) companies have started collaborating more closely with one another due to the shift in the online advertising industry towards Real Time Bidding (RTB). One natural way to understand how user tracking data moves through this interconnected advertising ecosystem is by modeling it as a graph. In this paper, we introduce a novel graph representation, called an Inclusion graph, to model the impact of RTB on the diffusion of user tracking data in the advertising ecosystem. Through simulations on the Inclusion graph, we provide upper and lower estimates on the tracking information observed by A&A companies. We find that 52 A&A companies observe at least 91% of an average user’s browsing history under reasonable assumptions about information sharing within RTB auctions. We also evaluate the effectiveness of blocking strategies (e.g., AdBlock Plus), and find that major A&A companies still observe 40–90% of user impressions, depending on the blocking strategy.

show abstract

“…The author was also involved in a set of research papers which are not directly related to this thesis [19,20,55], and would like to thank the collaborators for producing great work in this area.…”

mentioning

confidence: 99%

Techniques and solutions for addressing ransomware attacks

Kharraz¹

View full text Add to dashboard Cite

Ransomware is a form of extortion-based attack that locks the victim's digital resources and requests money to release them. Although the concept of ransomware is not new (i.e., such attacks date back at least as far as the 1980s), this type of malware has recently experienced a resurgence in popularity. In fact, over the last few years, a number of high-prole ransomware attacks were reported. Very recently, WannaCry ransomware infected thousands of vulnerable machines around the world, and substantially disrupted critical services such as British healthcare system. Given the size and variety of threats we are facing today, having solutions to eectively detect and analyze unknown ransomware attacks seems necessary.In this thesis, we argue that it is possible to develop novel defense mechanisms, and protect user data from a large number of ransomware attacks with zero data loss. We show that such an approach is both feasible and eective. To support this claim, we investigate how a successful ransomware attack interacts with the operating system resources. In the rst part of this thesis, we perform an evolutionary-based analysis to understand the destructive behavior of these attacks. We show that by monitoring lesystem activity, it is possible to design practical defense systems that could stop a large number of ransomware attacks, even those using sophisticated encryption capabilities. In the second part, we propose a novel dynamic analysis system, called Unveil, that is designed to analyze ransomware attacks, and model their interactions with the lesystem. In the third and the last part, we propose an end-point framework, called Redemption, to protect user data from ransomware attacks. We demonstrate that our proposed solution can be retrotted into existing operating systems, and achieve zero data loss against current ransomware families without introducing alarm fatigue.5

show abstract

Include Me Out: In-Browser Detection of Malicious Third-Party Content Inclusions

Cited by 24 publications

References 21 publications

Thou Shalt Not Depend on Me: Analysing the Use of Outdated JavaScript Libraries on the Web

Thou Shalt Not Depend on Me: Analysing the Use of Outdated JavaScript Libraries on the Web

Diffusion of User Tracking Data in the Online Advertising Ecosystem

Techniques and solutions for addressing ransomware attacks

Contact Info

Product

Resources

About