• Login
    View Item 
    •   SMARTech Home
    • Institute for Information Security & Privacy (IISP)
    • Institute for Information Security & Privacy Cybersecurity Lecture Series
    • View Item
    •   SMARTech Home
    • Institute for Information Security & Privacy (IISP)
    • Institute for Information Security & Privacy Cybersecurity Lecture Series
    • View Item
    JavaScript is disabled for your browser. Some features of this site may not work without it.

    Security and Privacy Issues of Modern Web Browsers

    Thumbnail
    View/Open
    nikiforakis.mp4 (474.6Mb)
    nikiforakis_videostream.html (985bytes)
    transcription.txt (62.87Kb)
    Date
    2017-09-22
    Author
    Nikiforakis, Nick
    Metadata
    Show full item record
    Abstract
    The modern web, as users experience it, bears little resemblance to the original world wide web invented by Tim Berners-Lee. Static, stateless, HTML pages with text and the occasional pixelated images gave way to dynamic, stateful, TLS-protected Web 2.0 pages where the expressiveness of JavaScript and the ever expansion of HTML5 APIs enable users to spend the vast majority of their time within a browser, with little need for traditional installed applications. As we keep on adding new features to modern browsers we are also invariably increasing their attack surface. In this talk, we are going to present three recent results of our group on the security and privacy of modern web browsers. On the security front, we will discuss the idiosyncrasies of mobile web browsers and show that they are vulnerable to attacks that were never an issue on traditional desktop platforms. We will present the results of analyzing over 2,000 versions of mobile browsers, spanning five years and 128 browser families, and show that mobile browsers are becoming more vulnerable to certain classes of attacks with each passing year. On the privacy front, we focus on the extension systems of modern browsers and show that browser extensions can be abused to fingerprint users against their will and identify their socioeconomic status and political inclinations. Finally, we will present our analysis of PII-leaking extensions, where we find that popular browser extensions, whether on purpose or by accident, leak a user's browsing-history to multiple third-party servers.
    URI
    http://hdl.handle.net/1853/58812
    Collections
    • Institute for Information Security & Privacy Cybersecurity Lecture Series [118]

    Browse

    All of SMARTechCommunities & CollectionsDatesAuthorsTitlesSubjectsTypesThis CollectionDatesAuthorsTitlesSubjectsTypes

    My SMARTech

    Login

    Statistics

    View Usage StatisticsView Google Analytics Statistics
    • About
    • Terms of Use
    • Contact Us
    • Emergency Information
    • Legal & Privacy Information
    • Accessibility
    • Accountability
    • Accreditation
    • Employment
    • Login
    Georgia Tech

    © Georgia Institute of Technology

    • About
    • Terms of Use
    • Contact Us
    • Emergency Information
    • Legal & Privacy Information
    • Accessibility
    • Accountability
    • Accreditation
    • Employment
    • Login
    Georgia Tech

    © Georgia Institute of Technology