Exploiting Split Browsers for Efficiently Protecting User Data

Offloading complex tasks to a resource-abundant environment like the cloud, can extend the capabilities of resource constrained mobile devices, extend battery life, and improve user experience. Split browsing is a new paradigm that adopts this strategy to improve web browsing on devices like smartphones and tablets. Split browsers offload computation to the cloud by design; they are composed by two parts, one running on the thin client and one in the cloud. Rendering takes place primarily in the latter, while a bitmap or a simplified web page is communicated to the client. Despite its difference with traditional web browsing, split browsing still suffers from the same types of threats, such as cross-site scripting. In this paper, we propose exploiting the design of split browsers to also utilize cloud resources for protecting against various threats efficiently. We begin by systematically studying split browsing architectures, and then proceed to propose two solutions, in parallel and inline cloning, that exploit the inherent features of this new browsing paradigm to accurately and efficiently protect user data against common web exploits. Our preliminary results suggest that our framework can be efficiently applied to Amazon’s Silk, the most widely deployed at the time of writing, split browser

PerfWeb: How to Violate Web Privacy with Hardware Performance Events

The browser history reveals highly sensitive information about users, such as financial status, health conditions, or political views. Private browsing modes and anonymity networks are consequently important tools to preserve the privacy not only of regular users but in particular of whistleblowers and dissidents. Yet, in this work we show how a malicious application can infer opened websites from Google Chrome in Incognito mode and from Tor Browser by exploiting hardware performance events (HPEs). In particular, we analyze the browsers' microarchitectural footprint with the help of advanced Machine Learning techniques: k-th Nearest Neighbors, Decision Trees, Support Vector Machines, and in contrast to previous literature also Convolutional Neural Networks. We profile 40 different websites, 30 of the top Alexa sites and 10 whistleblowing portals, on two machines featuring an Intel and an ARM processor. By monitoring retired instructions, cache accesses, and bus cycles for at most 5 seconds, we manage to classify the selected websites with a success rate of up to 86.3%. The results show that hardware performance events can clearly undermine the privacy of web users. We therefore propose mitigation strategies that impede our attacks and still allow legitimate use of HPEs

Keeping Authorities "Honest or Bust" with Decentralized Witness Cosigning

The secret keys of critical network authorities - such as time, name, certificate, and software update services - represent high-value targets for hackers, criminals, and spy agencies wishing to use these keys secretly to compromise other hosts. To protect authorities and their clients proactively from undetected exploits and misuse, we introduce CoSi, a scalable witness cosigning protocol ensuring that every authoritative statement is validated and publicly logged by a diverse group of witnesses before any client will accept it. A statement S collectively signed by W witnesses assures clients that S has been seen, and not immediately found erroneous, by those W observers. Even if S is compromised in a fashion not readily detectable by the witnesses, CoSi still guarantees S's exposure to public scrutiny, forcing secrecy-minded attackers to risk that the compromise will soon be detected by one of the W witnesses. Because clients can verify collective signatures efficiently without communication, CoSi protects clients' privacy, and offers the first transparency mechanism effective against persistent man-in-the-middle attackers who control a victim's Internet access, the authority's secret key, and several witnesses' secret keys. CoSi builds on existing cryptographic multisignature methods, scaling them to support thousands of witnesses via signature aggregation over efficient communication trees. A working prototype demonstrates CoSi in the context of timestamping and logging authorities, enabling groups of over 8,000 distributed witnesses to cosign authoritative statements in under two seconds.Comment: 20 pages, 7 figure

A Survey of Techniques for Improving Security of GPUs

Graphics processing unit (GPU), although a powerful performance-booster, also has many security vulnerabilities. Due to these, the GPU can act as a safe-haven for stealthy malware and the weakest `link' in the security `chain'. In this paper, we present a survey of techniques for analyzing and improving GPU security. We classify the works on key attributes to highlight their similarities and differences. More than informing users and researchers about GPU security techniques, this survey aims to increase their awareness about GPU security vulnerabilities and potential countermeasures

CYCLOSA: Decentralizing Private Web Search Through SGX-Based Browser Extensions

By regularly querying Web search engines, users (unconsciously) disclose large amounts of their personal data as part of their search queries, among which some might reveal sensitive information (e.g. health issues, sexual, political or religious preferences). Several solutions exist to allow users querying search engines while improving privacy protection. However, these solutions suffer from a number of limitations: some are subject to user re-identification attacks, while others lack scalability or are unable to provide accurate results. This paper presents CYCLOSA, a secure, scalable and accurate private Web search solution. CYCLOSA improves security by relying on trusted execution environments (TEEs) as provided by Intel SGX. Further, CYCLOSA proposes a novel adaptive privacy protection solution that reduces the risk of user re- identification. CYCLOSA sends fake queries to the search engine and dynamically adapts their count according to the sensitivity of the user query. In addition, CYCLOSA meets scalability as it is fully decentralized, spreading the load for distributing fake queries among other nodes. Finally, CYCLOSA achieves accuracy of Web search as it handles the real query and the fake queries separately, in contrast to other existing solutions that mix fake and real query results

AutoNav: Evaluation and Automatization of Web Navigation Policies

Undesired navigation in browsers powers a significant class of attacks on web applications. In a move to mitigate risks associated with undesired navigation, the security community has proposed a standard that gives control to web pages to restrict navigation. The standard draft introduces a new navigate-to directive of the Content Security Policy (CSP). The directive is currently being implemented by mainstream browsers. This paper is a first evaluation of navigate-to, focusing on security, performance, and automatization of navigation policies. We present new vulnerabilities introduced by the directive into the web ecosystem, opening up for attacks such as probing to detect if users are logged in to other websites or have active shopping carts, bypassing third-party cookie blocking, exfiltrating secrets, as well as leaking browsing history. Unfortunately, the directive triggers vulnerabilities even in websites that do not use the directive in their policies. We identify both specification- and implementation-level vulnerabilities and propose countermeasures to mitigate both. To aid developers in configuring navigation policies, we develop and implement AutoNav1, an automated black-box mechanism to infer navigation policies. AutoNav leverages the benefits of origin-wide policies in order to improve security without degrading performance. We evaluate the viability of navigate-to and AutoNav by an empirical study on Alexa\u27s top 10,000 websites

Eristämismekanismeja selainpohjaisille ohjelmistoarkkitehtuureille

Traditional backend-oriented web applications are increasingly being replaced by frontend applications, which execute directly in the user's browser. Web application performance has been shown to directly affect business performance, and frontend applications enable unique performance improvements. However, building complex applications within the browser is still a new and poorly understood field, and engineering efforts within the field are often plagued by quality issues. This thesis addresses the current research gap around frontend applications, by investigating the applicability of isolation mechanisms available in browsers to frontend application architecture. We review the important publications around the topic, forming an overview of current research, and current best practices in the field. We use this understanding, combined with relevant industry experience, to categorize the available isolation mechanisms to four classes: state and variable isolation, isolation from the DOM, isolation within the DOM, and execution isolation. For each class, we provide background and concrete examples on both the related quality issues, as well as tools for their mitigation. Finally, we use the ISO 25010 quality standard to evaluate the impact of these isolation mechanisms on frontend application quality. Our results suggest that the application of the previously introduced isolation mechanisms has the potential to significantly improve several key areas of frontend application quality, most importantly compatibility and maintainability, but also performance and security. Many of these mechanisms also imply tradeoffs between other quality attributes, most commonly performance. Future work could include developing frontend application architectures that leverage these isolation mechanisms to their full potential.Perinteisiä palvelinorientoituneita verkko-ohjelmistoja korvataan kiihtyvällä vauhdilla selainpohjaisilla ohjelmistoilla. Verkko-ohjelmistojen suorituskyvyn on osoitettu vaikuttavan suoraan yritysten tulokseen, ja selainpohjaiset ohjelmistot mahdollistavat huomattavia parannuksia suorituskykyyn. Monimutkaisten selainpohjaisten ohjelmistojen rakentaminen on kuitenkin uusi ja huonosti ymmärretty ala, ja sillä tapahtuva kehitystyö on ollut laatuongelmien piinaamaa. Tässä diplomityössä täydennetään puutteellista tutkimusta selainpohjaisista ohjelmistoista tutkimalla selaimista löytyvien eristysmekanismien soveltuvuutta näiden ohjelmistojen arkkitehtuurin parantamiseen. Käymme läpi tärkeimmät alan julkaisut muodostaen yleiskuvan tutkimuksen tilasta ja parhaiksi katsotuista käytännöistä alan harjoittajien keskuudessa. Yhdistämällä kirjallisuuskatsauksen tulokset omaan työkokemukseemme alalta, luokittelemme selainten käytettävissä olevat eristysmekanismit neljään kategoriaan: tilan ja muuttujien eristäminen, eristäminen DOM:ista, eristäminen DOM:in sisällä sekä suorituksen eristäminen. Käsittelemme tämän jälkeen löydetyt kategoriat sekä esitämme niihin liittyviä konkreettisia laatuongelmia sekä työkaluja näiden ongelmien ratkaisuun. Lopuksi arvioimme näiden eristysmekanismien vaikutusta selainpohjaisten ohjelmistojen laatuun ISO 25010 -laatustandardin avulla. Tuloksemme osoittavat että työssä esitettyjen eristysmekanismien käyttö saattaisi parantaa ohjelmistojen laatua usealla tärkeällä alueella. Näistä merkittävimpiä ovat yhteensopivuus ja ylläpidettävyys, mutta hyötyjä voitaisiin saada myös suorituskyvyn sekä tietoturvan parantumisella. Toisaalta monet esitellyistä mekanismeista myös vaativat kompromisseja muiden laatuvaatimusten osalta. Jatkotutkimusta tarvittaisiin selainpohjaisista arkkitehtuureista, jotka hyödyntäisivät paremmin työssä esitettyjä eristysmekanismeja

An Interactive WebGIS Framework for Coastal Erosion Risk Management

The Italian coastline stretches over about 8350 km, with 3600 km of beaches, representing a significant resource for the country. Natural processes and anthropic interventions keep threatening its morphology, moulding its shape and triggering soil erosion phenomena. Thus, many scholars have been focusing their work on investigating and monitoring shoreline instability. Outcomes of such activities can be largely widespread and shared with expert and non-expert users through Web mapping. This paper describes the performances of a WebGIS prototype designed to disseminate the results of the Italian project Innovative Strategies for the Monitoring and Analysis of Erosion Risk, known as the STIMARE project. While aiming to include the entire national coastline, three study areas along the regional coasts of Puglia and Emilia Romagna have already been implemented as pilot cases. This WebGIS was generated using Free and Open-Source Software for Geographic information systems (FOSS4G). The platform was designed by combining Apache http server, Geoserver, as open-source server and PostgreSQL (with PostGIS extension) as database. Pure javascript libraries OpenLayers and Cesium were implemented to obtain a hybrid 2D and 3D visualization. A user-friendly interactive interface was programmed to help users visualize and download geospatial data in several formats (pdf, kml and shp), in accordance with the European INSPIRE directives, satisfying both multi-temporal and multi-scale perspectives. © 2021 by the authors. Licensee MDPI, Basel, Switzerlan