[Colloquium] Byers/MS Presentation/May 31, 2016
Margaret Jaffey
margaret at cs.uchicago.edu
Tue May 17 15:36:39 CDT 2016
This is an announcement about Austin Byers’ MS Presentation.
—————
Department of Computer Science
The University of Chicago
Date: Tuesday, March 31, 2016
Time: 3:00 pm
Place: Ryerson 358
Bx/MS Candidate: Austin Byers
MS Paper Title: Toward Web Transparency: Classifying JavaScript Changes in the Wild
Abstract:
The increasing use of Web services for security- and privacy-sensitive activities has led to proposals for system architectures that reduce the degree to which users must trust the service providers. Despite their security measures, providers remain vulnerable to compromise and coercion. In particular, users are forced to completely trust providers for the distribution of client software. If the software running on a user’s device is compromised, then other security guarantees are typically moot.
To mitigate this threat, this ongoing project aims to bring transparency to client JavaScript. We ultimately envision a world in which users’ browsers verify scripts against a global, tamper-evident log before executing the code. Bringing transparency to JavaScript is challenging because, unlike binary code or web certificates, JavaScript code changes very frequently (even on every page reload) and is often highly personalized for each user and session.
We are developing a digest algorithm for client JavaScript that is resilient to these mutable features. We have implemented a prototype script classifier that analyzes scripts’ abstract syntax trees to compute a set of digests which allow script changes to be classified into broad categories. We recompile a popular open source browser to log all JavaScript before its execution, and use this data to evaluate the classifier on the Alexa Top 500 sites, including code that a user would see only after logging in, if necessary. We show that the classifier is able to filter through enormous and constantly-evolving scripts to identify code regions which have changed in a meaningful and significant way.
Using the data collection framework and the classifier, we have implemented a tool which visualizes meaningful JavaScript changes across two different versions of a website. By itself, this tool may be useful for debugging complex front-end development pipelines. Additionally, in conjunction with a transparency log, the visualizer will help security researchers make sense of real-world JavaScript evolution.
Together, these components lay the foundation for the first steps toward web transparency.
Austin’s MS advisor: Prof. Ariel Feldman
A draft copy of Austin’s MS paper is attached (preliminary version).
—————
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Margaret Jaffey
Department of Computer Science
Student Affairs Administrator
margaret at cs.uchicago.edu <mailto:margaret at cs.uchicago.edu>
Eckhart 124
773-702-6011
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.cs.uchicago.edu/pipermail/colloquium/attachments/20160517/2d11aac7/attachment-0002.htm
-------------- next part --------------
A non-text attachment was scrubbed...
Name: MS.pdf
Type: application/pdf
Size: 302481 bytes
Desc: not available
Url : http://mailman.cs.uchicago.edu/pipermail/colloquium/attachments/20160517/2d11aac7/attachment-0001.pdf
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.cs.uchicago.edu/pipermail/colloquium/attachments/20160517/2d11aac7/attachment-0003.htm
More information about the Colloquium
mailing list