Presentation is loading. Please wait.

Presentation is loading. Please wait.

Gaurav Aggarwal and Elie Bursztein, Collin Jackson, Dan Boneh, USENIX (Aug.,2010) A N A NALYSIS OF P RIVATE B ROWSING M ODES IN M ODERN B ROWSERS 1.

Published byTimothy Garrison Modified over 8 years ago

Similar presentations

Presentation on theme: "Gaurav Aggarwal and Elie Bursztein, Collin Jackson, Dan Boneh, USENIX (Aug.,2010) A N A NALYSIS OF P RIVATE B ROWSING M ODES IN M ODERN B ROWSERS 1."— Presentation transcript:

1 Gaurav Aggarwal and Elie Bursztein, Collin Jackson, Dan Boneh, USENIX (Aug.,2010) A N A NALYSIS OF P RIVATE B ROWSING M ODES IN M ODERN B ROWSERS 1

2 O UTLINE  Introduction  Private browsing: goal and threat model  A survey of private browsing in modern browsers  Usage measurement  Weaknesses in current implementations  Browser addons  Conclusions 2

3 O UTLINE  Introduction  Private browsing: goal and threat model  A survey of private browsing in modern browsers  Usage measurement  Weaknesses in current implementations  Browser addons  Conclusions 3

4 I NTRODUCTION  The four major browsers (IE, Firefox, Chrome and Safari) recently added private browsing modes to their user interfaces - Sites visited while browsing in private mode should leave no trace on the user’s computer - Users may want to hide their identity from web sites they visit by 4

5 I NTRODUCTION  While all major browsers support private browsing, there is a great deal of inconsistency in the type of privacy provided by the different browsers  Even within a single browser there are inconsistencies 5

6 I NTRODUCTION  Even if a browser adequately implements private browsing, an extension or plug-ins can completely undermine its privacy guarantees 6

7 O UTLINE  Introduction  Private browsing: goal and threat model  A survey of private browsing in modern browsers  Usage measurement  Weaknesses in current implementations  Browser addons  Conclusions 7

8 P RIVATE BROWSING : GOAL AND THREAT MODEL  Defined two types of attackers: 1. An attacker who controls the user’s machine (a local attacker) 2. An attacker who controls web sites that the user visits (a web attacker) 8

9 L OCAL A TTACKER  Security against a local attacker means that an attacker who takes control of the machine after the user exits private browsing can learn nothing about the user’s actions while in private browsing  Limitation: local attacker has no access to the user’s machine before the user exits private browsing 9

10 L OCAL A TTACKER  We need adequately erase persistent state changes during a private browsing session 1. Changes initiated by a web site without any user interaction 2. Changes initiated by a web site, but requiring user interaction 3. Changes initiated by the user. 4. Non-user-specific state changes 10

11 L OCAL A TTACKER :S ECURITY M ODEL  Attacker’s capabilities 1. The attacker does nothing until the user leaves private browsing mode 2. While active, the attacker cannot communicate with network elements that contain information about the user’s activities while in private mode 11

12 L OCAL A TTACKER :S ECURITY M ODEL  Attacker’s goal - For a set S of HTTP requests of the attacker’s choosing, determine if the browser issued any of those requests while in private browsing mode 12

13 L OCAL A TTACKER :S ECURITY M ODEL  Challenge - The browser will need to ensure that all DNS queries while in private mode do not affect the system’s DNS cache: no entries should be added or removed - Operating system can swap memory pages to the swap partition on disk which can leave traces of the user’s activity. 13

14 L OCAL A TTACKER :S ECURITY M ODEL  Solution? - VMM(Virtual Machine Monitor) - User profile backup - Not recording certain date in private mode 14

15 W EB A TTACKER  Goal 1. A web site cannot link a user visiting in private mode to the same user visiting in public mode 2. A web site cannot link a user in one private session to the same user in another private session 3. A web site should not be able to determine whether the browser is currently in private browsing mode 15

16 O UTLINE  Introduction  Private browsing: goal and threat model  A survey of private browsing in modern browsers  Usage measurement  Weaknesses in current implementations  Browser addons  Conclusions 16

17 SURVEY OF PRIVATE BROWSING IN MODERN BROWSERS  User Interface 17

18 SURVEY OF PRIVATE BROWSING IN MODERN BROWSERS  User Interface 18

19 SURVEY OF PRIVATE BROWSING IN MODERN BROWSERS  Internal behavior 19

20 SURVEY OF PRIVATE BROWSING IN MODERN BROWSERS  Internal behavior 20

21 SURVEY OF PRIVATE BROWSING IN MODERN BROWSERS  Internal behavior 21

22 SURVEY OF PRIVATE BROWSING IN MODERN BROWSERS  Initial privacy violation examples 1. Custom Handler Protocol - Custom protocol handlers(CPH) 2. Client Certificate - SSL client certification 22

23 O UTLINE  Introduction  Private browsing: goal and threat model  A survey of private browsing in modern browsers  Usage measurement  Weaknesses in current implementations  Browser addons  Conclusions 23

24 U SAGE MEASUREMENT :D ESIGN  Ad network - Ran two simultaneous one-day campaigns: targeted adult sites, gift shopping sites and news sites Ad network 24

25 U SAGE MEASUREMENT :R ESULT 25  Private browsing was more popular at adult web sites than at gift shopping sites and news sites  Private browsing was more commonly used in browsers that displayed subtle private browsing indicators

26 O UTLINE  Introduction  Private browsing: goal and threat model  A survey of private browsing in modern browsers  Usage measurement  Weaknesses in current implementations  Browser addons  Conclusions 26

27 W EAKNESSES IN CURRENT IMPLEMENTATIONS  Manual code review - Firefox keeps all the state related to the user’s browsing activity including preferences, history, cookies, text entered in forms fields, search queries, etc. in a Profile folder on disk 27

28 W EAKNESSES IN CURRENT IMPLEMENTATIONS  Manual code review 1. nsIFile - A cross-platform representation of a location in the file system used to read or write to filesnsIFile 2. Storage - A SQLite database API that can be used by other Firefox components and extensions to manipulate SQLite database filesStorage 28

29 W EAKNESSES IN CURRENT IMPLEMENTATIONS  Security certificate settings(stored in file cert8.db) - Stores all security certificate settings and any SSL 29

30 W EAKNESSES IN CURRENT IMPLEMENTATIONS  Site-specific preferences (stored in file permissions.sqlite) - Stores many of Firefox permissions that are decided on a per-site basis. 30

31 W EAKNESSES IN CURRENT IMPLEMENTATIONS  Download actions (stored in file mimeTypes.rdf) - Stores the user’s preferences with respect to what Firefox does when it comes across known file types like pdf or avi. 31

32 W EAKNESSES IN CURRENT IMPLEMENTATIONS  An automated private browsing test using unit tests - All major browsers have a collection of unit tests for testing browser features before a release - MozMill, a Fire fox user-interface test automation tool 32

33 W EAKNESSES IN CURRENT IMPLEMENTATIONS  Use fs usage to output the name of the system call used to access the filesystem and the file descriptor being acted upon  Also use the “last modified time” for files in the profile directory to identity those files that are changed during the test. 33

34 W EAKNESSES IN CURRENT IMPLEMENTATIONS  Search Plugins (stored in search.sqlite and search.json) 34

35 O UTLINE  Introduction  Private browsing: goal and threat model  A survey of private browsing in modern browsers  Usage measurement  Weaknesses in current implementations  Browser addons  Conclusions 35

36 B ROWSER ADDONS  Browser addons (extensions and plug-ins) pose a privacy risk to private browsing because they can persist state to disk about a user’s behavior in private mode 36

37 B ROWSER ADDONS  Internet Explorer - Default set extensions disabled, but plugins are still functional.  Firefox - Both are enable in private mode  Google Chrome - Disables most extension functionality in private mode, but plugins are enabled  Safari - Does not have a supported extension API 37

38 B ROWSER ADDONS  URL whitelist/blocklist/queues  URL Mappings  Timestamp 38

39 B ROWSER ADDONS  Manual check - Extensions that opt-in to running in private browsing mode  Disallow writes - Prevent extensions from changing any local state while in private browsing mode  Override option - Discard changes made by extensions to local state while in private browsing mode, unless the extension explicitly indicates that the write should persist beyond private browsing mode 39

40 B ROWSER ADDONS  ExtensionBlocker in JavaScript - Disable all extensions that are not safe for private mode. 40

41 O UTLINE  Introduction  Private browsing: goal and threat model  A survey of private browsing in modern browsers  Usage measurement  Weaknesses in current implementations  Browser addons  Conclusions 41

42 C ONCLUSION  Manual review and automated testing tool pointed out several weaknesses in existing implementations  Performed the first measurement study of private browsing usage in different browsers and on different sites  Keeping browser extensions and plug-ins from undoing the goals of private browsing 42

Download ppt "Gaurav Aggarwal and Elie Bursztein, Collin Jackson, Dan Boneh, USENIX (Aug.,2010) A N A NALYSIS OF P RIVATE B ROWSING M ODES IN M ODERN B ROWSERS 1."

Similar presentations

Protecting Browser State from Web Privacy Attacks Collin Jackson, Andrew Bortz, Dan Boneh, John Mitchell Stanford University.

Protecting Browser State from Web Privacy Attacks Collin Jackson, Andrew Bortz, Dan Boneh, John Mitchell Stanford University.
Transfer Content to a Website What is FTP? File Transfer Protocol FTP is a protocol – a set of rules Designed to allow files to be transferred across.

Transfer Content to a Website What is FTP? File Transfer Protocol FTP is a protocol – a set of rules Designed to allow files to be transferred across.
Unit 11 Using the Internet & Browsing the Web.  Define the Internet and the Web  Set up & troubleshoot an Internet connection  Categorize webs sites.

Unit 11 Using the Internet & Browsing the Web.  Define the Internet and the Web  Set up & troubleshoot an Internet connection  Categorize webs sites.
Browser Comparisons Internet Explorer 8 & 9, Chrome 11 and Firefox 4 Security, Privacy, Add-ons & Convenience.

Browser Comparisons Internet Explorer 8 & 9, Chrome 11 and Firefox 4 Security, Privacy, Add-ons & Convenience.
On the Privacy of Private Browsing Kiavash Satvat, Matt Forshaw, Feng Hao, Ehsan Toreini Newcastle University DPM’13.

On the Privacy of Private Browsing Kiavash Satvat, Matt Forshaw, Feng Hao, Ehsan Toreini Newcastle University DPM’13.
Web browsers It’s a software application for retrieving and presenting information on WWW. An information resource is identified by a Uniform Resource.

Web browsers It’s a software application for retrieving and presenting information on WWW. An information resource is identified by a Uniform Resource.
Copyright © 2012 Certification Partners, LLC -- All Rights Reserved Lesson 4: Web Browsing.

Copyright © 2012 Certification Partners, LLC -- All Rights Reserved Lesson 4: Web Browsing.
September 2009 DOG Demonstration RON JEFFERIES Chrome & Firefox Web Browsers INTRODUCTION.

September 2009 DOG Demonstration RON JEFFERIES Chrome & Firefox Web Browsers INTRODUCTION.
Lesson 4: Web Browsing.

Lesson 4: Web Browsing.
Internet Artifacts Dr. John Abraham Professor UTPA.

Internet Artifacts Dr. John Abraham Professor UTPA.
Copyright 2004 Monash University IMS5401 Web-based Systems Development Topic 2: Elements of the Web (g) Interactivity.

Copyright 2004 Monash University IMS5401 Web-based Systems Development Topic 2: Elements of the Web (g) Interactivity.
Chapter 9: Configuring Internet Explorer. Internet Explorer Usability Features Reorganized user interface Instant Search box RSS support Tabbed browsing.

Chapter 9: Configuring Internet Explorer. Internet Explorer Usability Features Reorganized user interface Instant Search box RSS support Tabbed browsing.
James Tam Web Browsers In this section of notes you will learn about the web browsing process, some of the important features of popular browsers and a.

James Tam Web Browsers In this section of notes you will learn about the web browsing process, some of the important features of popular browsers and a.
Firefox 2 Feature Proposal: Remote User Profiles TeamOne August 3, 2007 TeamOne August 3, 2007.

Firefox 2 Feature Proposal: Remote User Profiles TeamOne August 3, 2007 TeamOne August 3, 2007.
ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.

ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.
Lesson 18: Configuring Application Restriction Policies

Lesson 18: Configuring Application Restriction Policies
The Internet 8th Edition Tutorial 1 Browser Basics.

The Internet 8th Edition Tutorial 1 Browser Basics.
MCDST 70-271: Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 15: Internet Explorer and Remote Connectivity Tools.

MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 15: Internet Explorer and Remote Connectivity Tools.
Operating System & Application Files BACS 371 Computer Forensics.

Operating System & Application Files BACS 371 Computer Forensics.
OS and Application Files BACS 371 Computer Forensics.

OS and Application Files BACS 371 Computer Forensics.

Similar presentations

Ads by Google