Presentation is loading. Please wait.

Presentation is loading. Please wait.

Empowering Browser Security for Mobile Devices Using Smart CDNs Ben Livshits and David Molnar Microsoft Research 1.

Published byRegan Symonds Modified over 9 years ago

Similar presentations

Presentation on theme: "Empowering Browser Security for Mobile Devices Using Smart CDNs Ben Livshits and David Molnar Microsoft Research 1."— Presentation transcript:

1 Empowering Browser Security for Mobile Devices Using Smart CDNs Ben Livshits and David Molnar Microsoft Research 1

2 Mobile Web Growth 2

3 US Mobile Web Growth 3

4 Opera Mobile Study 4 http://www.opera.com/media/smw/2009/pdf/smw032009.pdf

5 Research in Desktop Browser Security 5 Nozzle [UsenixSec’09] NativeClient/XAX [Oakland’09/OSDI’08] XSS filters/ worm filters StackGuard/HeapGuard [UsenixSec’01/] ConScript [Oakland’10]

6 Mobile: Difficulties of Adoption 6 http://developer.android.com/resources/dashboard/platform-versions.html

7 CDNs are Growing 7

8 Consequence: Fat Middle Tier 8 Rise of “smart CDN” (sCDN) What does this mean for security?

9 Two Research Directions What if the middle tier is not trustworthy? What new security services can we provide? 9

10 Two Research Directions What if the middle tier is not trustworthy? What new security services can we provide? 10 Let’s do the easiest one first…

11 Example Service: Nozzle in Mobile Nozzle is a heap spraying prevention system that protects desktop browsers [UsenixSec’09] How to deploy Nozzle on mobile browsers? Software updates on all handsets..? Same problem for any browser based mitigation – StackGuard, RandomHeap, your paper at W2SP20XX… 11

12 Example Service: Nozzle in Mobile 12 Run Nozzle in sCDN! Catch heap sprays, pre-render benign pages, ship renders to mobile.

13 More sCDN Security Services Real Time phish tracking – “Why is everyone suddenly going to whuffo.com?” URL reputation – “15 other people were owned by this URL” XSS filters Fuzz testing seeded with real traces 13

14 Untrustworthy Infrastructure? Multiple vendors – Linksys, Cisco, Akamai, Limelight, … Multiple operators – Comcast, Sprint, AT&T, T-Mobile, Joe Sixpack, … Multiple web applications How do these parties work together? What about privacy? 14

15 Two Research Directions What if the middle tier is not trustworthy? What new security services can we provide? 15

Download ppt "Empowering Browser Security for Mobile Devices Using Smart CDNs Ben Livshits and David Molnar Microsoft Research 1."

Similar presentations

Process Improvement Analysis and Reporting APPLICATIONS TOOLS COMPONENTS CONSULTING.

Process Improvement Analysis and Reporting APPLICATIONS TOOLS COMPONENTS CONSULTING.
RePri v Ben Livshits RISE Microsoft Research. users want a highly personaliz ed web experience.

RePri v Ben Livshits RISE Microsoft Research. users want a highly personaliz ed web experience.
Web browsers It’s a software application for retrieving and presenting information on WWW. An information resource is identified by a Uniform Resource.

Web browsers It’s a software application for retrieving and presenting information on WWW. An information resource is identified by a Uniform Resource.
Finding Malware on a Web Scale Ben Livshits Microsoft Research Redmond, WA.

Finding Malware on a Web Scale Ben Livshits Microsoft Research Redmond, WA.
Nozzle: A Defense Against Heap-spraying Code Injection Attacks Paruj Ratanaworabhan, Cornell University Ben Livshits and Ben Zorn, Microsoft Research (Redmond,

Nozzle: A Defense Against Heap-spraying Code Injection Attacks Paruj Ratanaworabhan, Cornell University Ben Livshits and Ben Zorn, Microsoft Research (Redmond,
You can run that from a USB Drive ? Portable Applications: the good, the bad and the ugly Jeff Gimbel © 2007.

You can run that from a USB Drive ? Portable Applications: the good, the bad and the ugly Jeff Gimbel © 2007.
Multiple Tiers in Action

Multiple Tiers in Action
Computer Software Applications By YOUR NAME in YOUR TUTOR GROUP.

Computer Software Applications By YOUR NAME in YOUR TUTOR GROUP.
Introducing Quick Heal Endpoint Security 5.3. “Quick Heal Endpoint Security 5.3 is designed to provide simple, intuitive centralized management and control.

Introducing Quick Heal Endpoint Security 5.3. “Quick Heal Endpoint Security 5.3 is designed to provide simple, intuitive centralized management and control.
Lab 3 Cookie Stealing using XSS Kara James, Chelsea Collins, Trevor Norwood, David Johnson.

Lab 3 Cookie Stealing using XSS Kara James, Chelsea Collins, Trevor Norwood, David Johnson.
Trend Micro Deployment Kelvin Hwang IT Services University of Windsor.

Trend Micro Deployment Kelvin Hwang IT Services University of Windsor.
Security Difficulties of E-Learning in Cloud Computing

Security Difficulties of E-Learning in Cloud Computing
Telenet for Business Mobile & Security? Brice Mees Security Services Operations Manager.

Telenet for Business Mobile & Security? Brice Mees Security Services Operations Manager.
DLT (Quote Engine) Home Home CRM Quote Engine WebSite.

DLT (Quote Engine) Home Home CRM Quote Engine WebSite.
Partnering For Profitability Growing your business with Microsoft Forefront Security Solutions Mark Hassall Director Security & Access BG Microsoft Corporation.

Partnering For Profitability Growing your business with Microsoft Forefront Security Solutions Mark Hassall Director Security & Access BG Microsoft Corporation.
Internet Safety By Megan Wilkinson. Viruses If your computer haves a viruses on it, it will show one of them or a different one. All commuters have different.

Internet Safety By Megan Wilkinson. Viruses If your computer haves a viruses on it, it will show one of them or a different one. All commuters have different.
{ Parental Controls What the different services do to give you control.

{ Parental Controls What the different services do to give you control.
©2012 Check Point Software Technologies Ltd. | [Confidential] For Check Point users and approved third parties Building Your Security Strategy with 3D.

©2012 Check Point Software Technologies Ltd. | [Confidential] For Check Point users and approved third parties Building Your Security Strategy with 3D.
Gulfstream Salvatore Guarnieri University of Washington Ben Livshits Microsoft Research Staged Static Analysis for Streaming JavaScript Applications.

Gulfstream Salvatore Guarnieri University of Washington Ben Livshits Microsoft Research Staged Static Analysis for Streaming JavaScript Applications.
GONE PHISHING ECE 4112 Final Lab Project Group #19 Enid Brown & Linda Larmore.

GONE PHISHING ECE 4112 Final Lab Project Group #19 Enid Brown & Linda Larmore.

Similar presentations

Ads by Google