Annual Computer Security Applications Conference 2011 Technical Track Papers

Full Program »

AdSentry: Comprehensive and Flexible Confinement of JavaScript-based Advertisements

Internet advertising is one of the most popular online business models. JavaScript-based advertisements (ads) are often directly embedded in a web publisher's page to display ads relevant to users (e.g., by checking the user's browser environment and page content). However, as third-party code, the ads pose a significant threat to user privacy. Worse, malicious ads can exploit browser vulnerabilities to compromise users' machines and install malware. To protect users from these threats, we propose AdSentry, a comprehensive confinement solution for JavaScript-based advertisements. The crux of our approach is to use a shadow JavaScript engine to sandbox untrusted ads. In addition, AdSentry enables flexible regulation on ad script behaviors by completely mediating its access to the web page (including its DOM) without limiting the JavaScript functionality exposed to the ads. Our solution allows both web publishers and end users to specify access control policies to confine ads' behaviors. We have implemented a proof-of-concept prototype of AdSentry that transparently supports the Mozilla Firefox browser. Our experiments with a number of ads-related attacks successfully demonstrate its practicality and effectiveness. The performance measurement indicates that our system incurs a small performance overhead.

Author(s):

Xinshu Dong    
Department of Computer Science, National University of Singapore
Singapore

Minh Tran    
Department of Computer Science, North Carolina State University
United States

Zhenkai Liang    
Department of Computer Science, National University of Singapore
Singapore

Xuxian Jiang    
Department of Computer Science, North Carolina State University
United States

 

Powered by OpenConf®
Copyright©2002-2014 Zakon Group LLC