OFFENSE PRESENTATION FOR ADJAIL Stephen Duraski and Allen Zeng.

Slides:

Advertisements

Similar presentations

Web Performance Meetup 1 Web Performance 101 Jeremy

Advertisements

Presented by Vaibhav Rastogi. Current browsers try to separate host system from Web Websites evolved into web applications Lot of private data on the.

 The Citrix Application Firewall prevents security breaches, data loss, and possible unauthorized modifications to Web sites that access sensitive business.

Social Networks Systems Reading Group Jay Chen 10/25/06.

Slides prepared by Cyndi Chie and Sarah Frye1 A Gift of Fire Third edition Sara Baase Chapter 4: Intellectual Property.

1 CS 502: Computing Methods for Digital Libraries Lecture 22 Web browsers.

Workshop on Cyber Infrastructure in Combustion Science April 19-20, 2006 Subrata Bhattacharjee and Christopher Paolini Mechanical.

“IT Solutions for Tourism Industry” CAPS Workshop Yerevan April 14, 2009.

Course 201 – Administration, Content Inspection and SSL VPN

Phu H. Phung Chalmers University of Technology JSTools’ 12 June 13, 2012, Beijing, China Joint work with Lieven Desmet (KU Leuven)

Security and JavaScript. Learning Objectives By the end of this lecture, you should be able to: – Describe what is meant by JavaScript’s same-origin security.

1 Subspace: Secure Cross Domain Communication for Web Mashups Collin Jackson and Helen J. Wang Mamadou H. Diallo.

Performance, SEO, Accessibility Ivan Zhekov Telerik Corporation

SOCIAL MEDIA OPTIMIZATION – GOOGLE ADSENSE, ANALYTICS, ADWORDS & MUCH MORE Ritesh Ambastha, iWillStudy.com.

AdJail: Practical Enforcement of Confidentiality and Integrity Policies on Web Advertisements Mike Ter Louw, Karthik Thotta Ganesh, V.N. Venkatakrishnan.

CCT356: Online Advertising and Marketing Class 4: Affiliate Marketing.

Guilherme Bersani A quick look at WEB ADVERTISING.

1 Responsive Design Gilbane Boston 28 November Peter Marsh SVP, Sales & Marketing Atex Group Ltd.

 Zhichun Li  The Robust and Secure Systems group at NEC Research Labs  Northwestern University  Tsinghua University 2.

Web Design, 4 th Edition 7 Promoting and Maintaining a Web Site.

Unit 1 Living in the Digital WorldChapter 4 – Smart Working This presentation will cover the following topic: Running a business online Name:

My job for you: Help you work out what you need Help you find out how to target yourself customers online Help you build your online presence.

Notes Over 2.5 Rules for Multiplying Negative Numbers. If there is an even number of negative numbers, then the answer is Positive. If there is an odd.

Design and Implement an Efficient Web Application Server Presented by Tai-Lin Han Date: 11/28/2000.

Securing Web Applications. IE 7 significantly reduced attack surface against the browser and local machine…

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

©2008 Gotham Digital Science Secure Parameter Filter (SPF) (AKA Protecting Vulnerable Applications with IIS7) Justin Clarke, Andrew Carey Nairn.

I Do Not Know What You Visited Last Summer: Protecting users from stateful third-party web tracking with TrackingFree browser Xiang Pan §, Yinzhi Cao †,

Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.

The Internet TCIP/IP  TCP/IP stands for Transmission Control Protocol/Internet Protocol, which is a set of networking protocols that allows two or more.

Internet Advertising David HinojosaKelly Hodges. Internet Advertising Online advertising is a form of promotion that uses the internet to deliver marketing.

DoubleClick is the leading provider of comprehensive Internet advertising solutions for Web advertisers and publishers worldwide.

CH1. Hardware: CPU: Ex: compute server (executes processor-intensive applications for clients), Other servers, such as file servers, do some computation.

Web Performance and key business metrics Part II: More Findings from the Front Line of Web Acceleration.

A Collaborative Cloud-Based Multimedia Sharing Platform for Social Networking Environments Speaker : Chang,Kun-Hsiang /11/$26.00 ©2011.

What’s new in Kentico CMS 5.0 Michal Neuwirth Product Manager Kentico Software.

Don't Let Third Parties Slow You Down Arvind Jain, Michael Kleber Google.

AfterCollege Self-Service Scrape Configuration & Posting Utility Kai Hu Haiyan Wu May 14, Harney 235.

` Maimoona Ali BS(IT)5 th

IT and IM: Promises and Pitfalls Greta Lowe August 15, 2011.

EVALUATE YOUR SITE’S PERFORMANCE. Web site statistics Affiliate Sales Figures.

K. Sharing &Dissemination.  The best way to disseminate knowledge and best practice is through systematic transfer.  It is defined as “ the process.

Internet Architecture and Governance

Delivering Fixed Content to Oracle Portal Doug Daniels & Ken Barrette Quest Software.

Quality Statement Example We are commited to assuring customer satisfaction by providing quality products. We will perform all activities in a manner,

Lecture 16 Page 1 CS 236 Online Web Security CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.

Symptoms Automation Framework (SAF) for Cloud Business Alignment OASIS SAF TC Working Draft 01 8 April 2010.

M. Alexander Helen J. Wang Yunxin Liu Microsoft Research 1 Presented by Zhaoliang Duan.

Why Navigation is So Important in Your Website Design.

University of Central Florida The Postman Always Rings Twice: Attacking & Defending postMessage in HTML5 Websites Ankur Verma University of Central Florida,

Understanding and Monitoring Embedded Web Scripts Yuchen Zhou, David Evans, University of Virginia PRESENT BY ZEYI TAO.

Measuring and Mitigating Web Performance Bottlenecks in Broadband Access Networks Srikanth Sundaresan, Nick Feamster (Georgia Tech) Renata Teixeira (Inria)

Chapter Twelve Digital Interactive Media Arens|Schaefer|Weigold Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution.

Protecting Browsers from Extension Vulnerabilities Paper by: Adam Barth, Adrienne Porter Felt, Prateek Saxena at University of California, Berkeley and.

Safe browsing - is an ad-blocker extension enough? AIMILIOS TSOUVELEKAKIS IT-DI-CSO IT LIGHTNING TALK – 12/

1 Isolating Web Programs in Modern Browser Architectures CS6204: Cloud Environment Spring 2011.

Bloom Cookies: Web Search Personalization without User Tracking Authors: Nitesh Mor, Oriana Riva, Suman Nath, and John Kubiatowicz Presented by Ben Summers.

Web Browsing *TAKE NOTES*. Millions of people browse the Web every day for research, shopping, job duties and entertainment. Installing a web browser.

Dealing with Affiliates Search Engine Strategies Conference, December 2006 Chris Henger Vice President Affiliate Marketing.

WebCage.Net Search Engine Optimization (SEO) Overview.

The success of a website depends on a number of factors like the designs, implementations, functionality and the maintenance of the webpage. Hence, it.

5 WAYS TO MAKE MONEY ONLINE USING FREE PLR ARTICLES.

Website Development and Maintenance Is your Website losing your prospects to your competition?

Web Analytics Fundamentals Presented by Tejaswi, Chandrika, Sunil.

Page Redirection When you click a URL to reach to a page X but internally you are directed to another page Y that simply happens because of page redirection.

Why is HTML5 a buzz word? Is HTML5 really a technology worth talking?

Google POV Google 0.1 Understand the structure of links on the web.

What does Turnitin actually do?

Internship Internship In Indore 5 company that are providing summer Internship in Indore.

Security and JavaScript

Presentation transcript:

OFFENSE PRESENTATION FOR ADJAIL Stephen Duraski and Allen Zeng

Motivation for Implementation? A class of rogue ads, those that involve social engineering, depend on the content of the ads. Content such as fake anti-virus scanners etc, are not actually prevented by this system, which has no controls on the content of the ad. The New York Times example

Difficulty for each publisher to implement This system requires a significant rewrite for the ad portion of a publisher's page. Is the time spent on the implementation worth it since any mistakes would threaten the publishers ability to make money from their site.

Rendering a shadow page for each ad? Every ad will need a separate shadow page with a unique URI, this increases complexity and difficulty of maintaining a site. Sites often use multiple ad networks simultaneously, AdJail would require potentially managing a large number of extra domains for proper use of the Same-Origin Policy

Overhead Time Paper states that rendering time is increased by 1.69% NOT an insignificant amount of time ~400ms to ~700ms for Google Ads Advertisers will not appreciate their ads being rendered slowly, and may react negatively Amazon loses 1% of sales for every 100ms delay: Google: “Experiments demonstrate that increasing web search latency 100 to 400 ms reduces the daily number of searches per user by 0.2% to 0.6%.” Google revenue dropped 20% in an experiment that slowed the page down by 0.5 seconds

Usability and Scalability Issues Currently uses Regular Expressions for textual transformation Cannot possibly do this for the hundreds of existing Ad Networks o Will ultimately work for some but fail for most

Real - Shadow Page Communication "To facilitate voluntary communication between the two pages, we leverage the window.postMessage() browser API. postMessage() is an inter-origin frame communication mechanism that enables two collaborating frames to share data in a controlled way, even when SOP is in effect" What prevents the ads from using the same API call to send its own data?

What happens with bad ads? Ad contains code with "unallowed" javascript code o Gets rendered on Shadow Page - is anything communicated to the Ad Network / User that content was blocked? Does ad network get charged? o Unclear in paper

Evaluation Issues What test pages were used? o No examples given Parameters of tests were modified for each Ad Network such that it would work