Identifying and mitigating threats from embedding third-party content

Abstract

Embedding content from third parties to enrich features is a common practice in the development of modern web applications and mobile applications. Such practices can pose serious security and privacy threats to an end user, because sensitive data about a user in an application can be directly accessed by third-party content that usually operates with the same privilege as first-party content. The confidentiality and integrity of a user’s indirect data, such as a user profile, may also be compromised by such practices. This dissertation aims to identify new threats posed to end users by the practices of embedding third-party content and develop techniques to mitigate these threats. We first demonstrate how a malicious first-party application can either pollute or infer a user’s in- direct data in a third-party service or application by embedding it, and propose defense techniques to mitigate these two new classes of threats. We then study how over-privileged third-party JavaScript code accesses a user’s direct data in a web application in general through a large-scale measurement. This dissertation also aims to design mechanisms that enable end users and developers to limit the privilege of third-party content to prevent unintended behaviors. First, we present TrackMeOrNot, a client-side tracking control mechanism that allows end users to selectively opt out of third-party web tracking based on their demand. Second, we propose a fine- grained permission mechanism for web applications to restrict the privilege of third-party JavaScript code.