Upload File

understanding and monitoring embedded web scripts yuchen zhou, david evans, university of virginia...

  • Home
  • Documents
  • Understanding and Monitoring Embedded Web Scripts Yuchen Zhou, David Evans, University of Virginia PRESENT BY ZEYI TAO
21
Understanding and Monitoring Embedded Web Scripts Yuchen Zhou, David Evans, University of Virginia PRESENT BY ZEYI TAO

Upload: damian-west

Post on 17-Jan-2016

217 views

Category:

Documents


1 download

Report

Tags:

TRANSCRIPT

Page 1: Understanding and Monitoring Embedded Web Scripts Yuchen Zhou, David Evans, University of Virginia PRESENT BY ZEYI TAO

Understanding and Monitoring Embedded Web

ScriptsYuchen Zhou, David Evans, University of Virginia

PRESENT BY ZEYI TAO

Page 2: Understanding and Monitoring Embedded Web Scripts Yuchen Zhou, David Evans, University of Virginia PRESENT BY ZEYI TAO

Introduction

Page 3: Understanding and Monitoring Embedded Web Scripts Yuchen Zhou, David Evans, University of Virginia PRESENT BY ZEYI TAO

Example: New York Times Website 

Page 4: Understanding and Monitoring Embedded Web Scripts Yuchen Zhou, David Evans, University of Virginia PRESENT BY ZEYI TAO

Related Work

Client-side script protections.

Script transformations.

Policy generation.

Page 5: Understanding and Monitoring Embedded Web Scripts Yuchen Zhou, David Evans, University of Virginia PRESENT BY ZEYI TAO

Motivation

Introduces tools to assist site administrators in understanding, monitoring, and restricting the behavior of third-party scripts embedded

in their site.

Page 6: Understanding and Monitoring Embedded Web Scripts Yuchen Zhou, David Evans, University of Virginia PRESENT BY ZEYI TAO

OVERVIEW Introduction & Pervious Works

Motivation

Design

Policing

Inspecting Script Behavior

Visualizing

More Design Details

Developing Base Polices

Developing Site-Specific Polices

Police Evaluations

Conclusions & Quizzes

Page 7: Understanding and Monitoring Embedded Web Scripts Yuchen Zhou, David Evans, University of Virginia PRESENT BY ZEYI TAO

BASIC DESIGN

Page 8: Understanding and Monitoring Embedded Web Scripts Yuchen Zhou, David Evans, University of Virginia PRESENT BY ZEYI TAO

BASIC DESIGN

Page 9: Understanding and Monitoring Embedded Web Scripts Yuchen Zhou, David Evans, University of Virginia PRESENT BY ZEYI TAO

Document Object Model(DOM)

Page 10: Understanding and Monitoring Embedded Web Scripts Yuchen Zhou, David Evans, University of Virginia PRESENT BY ZEYI TAO

POLICIES

Page 11: Understanding and Monitoring Embedded Web Scripts Yuchen Zhou, David Evans, University of Virginia PRESENT BY ZEYI TAO

Node Descriptor

AbsoluteXPath: /HTML[1]/BODY[1]/DIV[1]/

SelectorXPath: // DIV[@class=‘ad’] Regular Expression Xpath //DIV[@ID=‘adSize−\d∗x\d∗’] ^NodeSelector ˆˆ// DIV[@ID=‘adPos’] // DIV[@ID=‘adPos’]/DIV[2]

Page 12: Understanding and Monitoring Embedded Web Scripts Yuchen Zhou, David Evans, University of Virginia PRESENT BY ZEYI TAO

INSPECTING SCRIPT BEHAVIOR

Recording accesses

Checking policies

DOM access recording

Recording other actions

Script-injected nodes

Attribution

Page 13: Understanding and Monitoring Embedded Web Scripts Yuchen Zhou, David Evans, University of Virginia PRESENT BY ZEYI TAO

VISUALIZATION

Page 14: Understanding and Monitoring Embedded Web Scripts Yuchen Zhou, David Evans, University of Virginia PRESENT BY ZEYI TAO

FINDINGS

Browser properties

Network

Modifying page content

Reading page content

Page 15: Understanding and Monitoring Embedded Web Scripts Yuchen Zhou, David Evans, University of Virginia PRESENT BY ZEYI TAO

DEVELOPING BASE POLICIES

Evaluation method

Base policy examples

Analytics scripts

Advertisements

Social widgets

Web development

25 selected scripts, 1000 highest ranked websites

Page 16: Understanding and Monitoring Embedded Web Scripts Yuchen Zhou, David Evans, University of Virginia PRESENT BY ZEYI TAO

Analytics scripts

Page 17: Understanding and Monitoring Embedded Web Scripts Yuchen Zhou, David Evans, University of Virginia PRESENT BY ZEYI TAO

DEVELOPING SITE-SPECIFIC POLICIES

PolicyGenerator

Site-specific policy examples

Page 18: Understanding and Monitoring Embedded Web Scripts Yuchen Zhou, David Evans, University of Virginia PRESENT BY ZEYI TAO

POLICY EVALUATION

Policy size

Page 19: Understanding and Monitoring Embedded Web Scripts Yuchen Zhou, David Evans, University of Virginia PRESENT BY ZEYI TAO

POLICY EVALUATION

Policy robustness

Page 20: Understanding and Monitoring Embedded Web Scripts Yuchen Zhou, David Evans, University of Virginia PRESENT BY ZEYI TAO

ConclusionScriptInspector

Visualizer

PolicyGenerator

Threat model

Capable of intercepting and recording API calls from third-party scripts to critical resources, including the DOM, local storage, and network

Firefox extension that uses the instrumented DOM maintained by ScriptInspector to highlight nodes accessed by third-party scripts and help a site administrator understand script behaviors.

PolicyGenerator to help site administrators develop effective policies with limited human intervention

Provide site administrators with a way to ensure the integrity of their site and protect the privacy of their users from embedded scripts

Page 21: Understanding and Monitoring Embedded Web Scripts Yuchen Zhou, David Evans, University of Virginia PRESENT BY ZEYI TAO

Quizzes

What are the 4 major Script groups based on this paper

What is the limitation of this system?

What is the DOM?


Yuchen Ding_Design Portfolio

Catching Pitfalls in Authentication Implementations (Yuchen Zhou)

Global Sparse Momentum SGD for Pruning Very Deep Neural ... · Global Sparse Momentum SGD for Pruning Very Deep Neural Networks Xiaohan Ding 1Guiguang Ding Xiangxin Zhou 2 Yuchen

Zhou Cheng

SJTU Zhou Lingling1 Introduction to Electronics Zhou Lingling

Xia, Shang, Zhou Dynasties - Mr. Brown's Webpageheritagesocialstudies.weebly.com/.../54074601/xia_shang_zhou_dynasties.pdf · Zhou Dynasty Government: •Zhou said Shang overthrown

Zhou GrowingUpAmerican

ZHou Proof

Zhou Xianling

Photos by Sun Yuchen Park Culture Week in Futian · 2017-12-07 · Photos by Sun Yuchen Citizens dance at Huanggang Park in the morning. Teams from Hong Kong, Macao and other Guangdong

Ye yuchen 633991 finaljournal

Indigenous People of Mexico Natchaya Zhou& Allison Zhou

Yuchen Portfolio 2012

Hardware Software Co-design for Automotive CPS using ... · Hardware Software Co-design for Automotive CPS using Architecture Analysis and Design Language Yuchen Zhou 1John Baras

The Smart Grid Bob Moreo And Yuchen Mao

Hacker’s Strategies Revealed WEST CHESTER UNIVERSITY Computer Science Department Yuchen Zhou March 22, 2002

Yuchen Francisco Anika Design and Cooling Team Members: Nareg

ATTRIBUTE YUCHEN LI A dissertation submitted to the In

Tianjun ZHOU

Nematoda By Liviu, Ross, and Yuchen Ross

Sun Yuchen Bronze beauty from Baojiszdaily.sznews.com/attachment/pdf/201711/03/293a32... · this autumn “Initiative Taken by Zhou,” 182 sets of the fi nest ancient bronzeware

Adelyn zhou

Yuchen Zhou and David Evans Presented by Simon du Preez Compsci 726 SSOScan: Automated Testing of Web Applications for Single Sign-On Vulnerabilities

Zhou Paper

Steven Zhou

The Zhou and Qin DynastiesThe Zhou and Qin Dynasties … · The Zhou and Qin DynastiesThe Zhou and Qin Dynasties 1045 t 206BC1045 to 206BC. ... Western Zhou Dyyynasty ...

Working conditions in hong kong & germany Yuchen Xin 07051468 Man Yee Wang 07010257

Zhou dynasty

Xia, Shang, & Zhou Dynasties Xia, Shang, & Zhou Dynasties

Yuchen Zhou, Thomas E Fuhrman, Prathap …...Yuchen Zhou, Thomas E Fuhrman, Prathap Venugopal General Motors AUTOSAR Nov-2017 2 Introduction Adaptive Platform & Scheduling Techniques

Intel Redefines GPU: Larrabee Tianhao Tong Liang Wang Runjie Zhang Yuchen Zhou

Explicating SDKs: Uncovering Assumptions Underlying Secure Authentication and Authorization Rui Wang 1 *, Yuchen Zhou 2 * †, (*Lead authors, † Speaker)

Adsorption Zhou

Zhou Dissertation

Yuchen ye final journal