PerfWeb: How to Violate Web Privacy with Hardware Performance Events

The browser history reveals highly sensitive information about users, such as financial status, health conditions, or political views. Private browsing modes and anonymity networks are consequently important tools to preserve the privacy not only of regular users but in particular of whistleblowers and dissidents. Yet, in this work we show how a malicious application can infer opened websites from Google Chrome in Incognito mode and from Tor Browser by exploiting hardware performance events (HPEs). In particular, we analyze the browsers' microarchitectural footprint with the help of advanced Machine Learning techniques: k-th Nearest Neighbors, Decision Trees, Support Vector Machines, and in contrast to previous literature also Convolutional Neural Networks. We profile 40 different websites, 30 of the top Alexa sites and 10 whistleblowing portals, on two machines featuring an Intel and an ARM processor. By monitoring retired instructions, cache accesses, and bus cycles for at most 5 seconds, we manage to classify the selected websites with a success rate of up to 86.3%. The results show that hardware performance events can clearly undermine the privacy of web users. We therefore propose mitigation strategies that impede our attacks and still allow legitimate use of HPEs

ADsafety: Type-Based Verification of JavaScript Sandboxing

Web sites routinely incorporate JavaScript programs from several sources into a single page. These sources must be protected from one another, which requires robust sandboxing. The many entry-points of sandboxes and the subtleties of JavaScript demand robust verification of the actual sandbox source. We use a novel type system for JavaScript to encode and verify sandboxing properties. The resulting verifier is lightweight and efficient, and operates on actual source. We demonstrate the effectiveness of our technique by applying it to ADsafe, which revealed several bugs and other weaknesses.Comment: in Proceedings of the USENIX Security Symposium (2011

Issues and Challenge towards Enhancement of Web Application Development

This paper discusses issues and challenges toward enhancement of Web application development. Firstly, the paper examines the concept of Web application and its importance to the technological development. Secondly, it reveals the problem and challenges encountered during Web application development such as difficulties in Web design, accessibility, browser compatibility, poor navigation structure, content placement, availability of various browsers, cookies, multicultural and search engines. Thirdly, it provides possible ways to overcome the challenges that affect Web application development.  These solutions include; readability, user-friendliness, good response time, efficient interaction, less color application, well-structured text layout, page structure, well organised navigation structure and considering divers cultural background of stake holders. Finally, the paper gives recommendations that assist Web application developers as well as stake holders of the IT industries. Keywords: Website, Web application, Information Technology, Web development, Enhancement, issues and Challenges.