Presentation is loading. Please wait.

Presentation is loading. Please wait.

OFFENSE PRESENTATION FOR ADJAIL Stephen Duraski and Allen Zeng.

Published byJayson Bruce Modified over 9 years ago

Similar presentations

Presentation on theme: "OFFENSE PRESENTATION FOR ADJAIL Stephen Duraski and Allen Zeng."— Presentation transcript:

1 OFFENSE PRESENTATION FOR ADJAIL Stephen Duraski and Allen Zeng

2 Motivation for Implementation? A class of rogue ads, those that involve social engineering, depend on the content of the ads. Content such as fake anti-virus scanners etc, are not actually prevented by this system, which has no controls on the content of the ad. The New York Times example

3 Difficulty for each publisher to implement This system requires a significant rewrite for the ad portion of a publisher's page. Is the time spent on the implementation worth it since any mistakes would threaten the publishers ability to make money from their site.

4 Rendering a shadow page for each ad? Every ad will need a separate shadow page with a unique URI, this increases complexity and difficulty of maintaining a site. Sites often use multiple ad networks simultaneously, AdJail would require potentially managing a large number of extra domains for proper use of the Same-Origin Policy

5 Overhead Time Paper states that rendering time is increased by 1.69% NOT an insignificant amount of time ~400ms to ~700ms for Google Ads Advertisers will not appreciate their ads being rendered slowly, and may react negatively Amazon loses 1% of sales for every 100ms delay: http://www.exp-platform.com/Documents/IEEEComputer2007OnlineExperiments.pdf Google: “Experiments demonstrate that increasing web search latency 100 to 400 ms reduces the daily number of searches per user by 0.2% to 0.6%.” http://services.google.com/fh/files/blogs/google_delayexp.pdf Google revenue dropped 20% in an experiment that slowed the page down by 0.5 seconds http://glinden.blogspot.com/2006/11/marissa-mayer-at-web-20.html

6 Usability and Scalability Issues Currently uses Regular Expressions for textual transformation Cannot possibly do this for the hundreds of existing Ad Networks o Will ultimately work for some but fail for most

7 Real - Shadow Page Communication "To facilitate voluntary communication between the two pages, we leverage the window.postMessage() browser API. postMessage() is an inter-origin frame communication mechanism that enables two collaborating frames to share data in a controlled way, even when SOP is in effect" What prevents the ads from using the same API call to send its own data?

8 What happens with bad ads? Ad contains code with "unallowed" javascript code o Gets rendered on Shadow Page - is anything communicated to the Ad Network / User that content was blocked? Does ad network get charged? o Unclear in paper

9 Evaluation Issues What test pages were used? o No examples given Parameters of tests were modified for each Ad Network such that it would work

Download ppt "OFFENSE PRESENTATION FOR ADJAIL Stephen Duraski and Allen Zeng."

Similar presentations

Web Performance Meetup 1 Web Performance 101 Jeremy

Web Performance Meetup 1 Web Performance 101 Jeremy
Presented by Vaibhav Rastogi. Current browsers try to separate host system from Web Websites evolved into web applications Lot of private data on the.

Presented by Vaibhav Rastogi. Current browsers try to separate host system from Web Websites evolved into web applications Lot of private data on the.
 The Citrix Application Firewall prevents security breaches, data loss, and possible unauthorized modifications to Web sites that access sensitive business.

 The Citrix Application Firewall prevents security breaches, data loss, and possible unauthorized modifications to Web sites that access sensitive business.
Social Networks Systems Reading Group Jay Chen 10/25/06.

Social Networks Systems Reading Group Jay Chen 10/25/06.
Slides prepared by Cyndi Chie and Sarah Frye1 A Gift of Fire Third edition Sara Baase Chapter 4: Intellectual Property.

Slides prepared by Cyndi Chie and Sarah Frye1 A Gift of Fire Third edition Sara Baase Chapter 4: Intellectual Property.
1 CS 502: Computing Methods for Digital Libraries Lecture 22 Web browsers.

1 CS 502: Computing Methods for Digital Libraries Lecture 22 Web browsers.
Workshop on Cyber Infrastructure in Combustion Science April 19-20, 2006 Subrata Bhattacharjee and Christopher Paolini Mechanical.

Workshop on Cyber Infrastructure in Combustion Science April 19-20, 2006 Subrata Bhattacharjee and Christopher Paolini Mechanical.
“IT Solutions for Tourism Industry” CAPS Workshop Yerevan April 14, 2009.

“IT Solutions for Tourism Industry” CAPS Workshop Yerevan April 14, 2009.
Course 201 – Administration, Content Inspection and SSL VPN

Course 201 – Administration, Content Inspection and SSL VPN
Phu H. Phung Chalmers University of Technology JSTools’ 12 June 13, 2012, Beijing, China Joint work with Lieven Desmet (KU Leuven)

Phu H. Phung Chalmers University of Technology JSTools’ 12 June 13, 2012, Beijing, China Joint work with Lieven Desmet (KU Leuven)
Security and JavaScript. Learning Objectives By the end of this lecture, you should be able to: – Describe what is meant by JavaScript’s same-origin security.

Security and JavaScript. Learning Objectives By the end of this lecture, you should be able to: – Describe what is meant by JavaScript’s same-origin security.
1 Subspace: Secure Cross Domain Communication for Web Mashups Collin Jackson and Helen J. Wang Mamadou H. Diallo.

1 Subspace: Secure Cross Domain Communication for Web Mashups Collin Jackson and Helen J. Wang Mamadou H. Diallo.
Performance, SEO, Accessibility Ivan Zhekov Telerik Corporation www.telerik.com.

Performance, SEO, Accessibility Ivan Zhekov Telerik Corporation
SOCIAL MEDIA OPTIMIZATION – GOOGLE ADSENSE, ANALYTICS, ADWORDS & MUCH MORE Ritesh Ambastha, iWillStudy.com.

SOCIAL MEDIA OPTIMIZATION – GOOGLE ADSENSE, ANALYTICS, ADWORDS & MUCH MORE Ritesh Ambastha, iWillStudy.com.
AdJail: Practical Enforcement of Confidentiality and Integrity Policies on Web Advertisements Mike Ter Louw, Karthik Thotta Ganesh, V.N. Venkatakrishnan.

AdJail: Practical Enforcement of Confidentiality and Integrity Policies on Web Advertisements Mike Ter Louw, Karthik Thotta Ganesh, V.N. Venkatakrishnan.
CCT356: Online Advertising and Marketing Class 4: Affiliate Marketing.

CCT356: Online Advertising and Marketing Class 4: Affiliate Marketing.
Guilherme Bersani A quick look at WEB ADVERTISING.

Guilherme Bersani A quick look at WEB ADVERTISING.
1 Responsive Design Gilbane Boston 28 November 2012 --------------------------------- Peter Marsh SVP, Sales & Marketing Atex Group Ltd.

1 Responsive Design Gilbane Boston 28 November Peter Marsh SVP, Sales & Marketing Atex Group Ltd.
 Zhichun Li  The Robust and Secure Systems group at NEC Research Labs  Northwestern University  Tsinghua University 2.

 Zhichun Li  The Robust and Secure Systems group at NEC Research Labs  Northwestern University  Tsinghua University 2.
Web Design, 4 th Edition 7 Promoting and Maintaining a Web Site.

Web Design, 4 th Edition 7 Promoting and Maintaining a Web Site.

Similar presentations

Ads by Google