Empowering Browser Security for Mobile Devices Using Smart CDNs Ben Livshits and David Molnar Microsoft Research 1.

Slides:



Advertisements
Similar presentations
Process Improvement Analysis and Reporting APPLICATIONS TOOLS COMPONENTS CONSULTING.
Advertisements

RePri v Ben Livshits RISE Microsoft Research. users want a highly personaliz ed web experience.
Web browsers It’s a software application for retrieving and presenting information on WWW. An information resource is identified by a Uniform Resource.
Finding Malware on a Web Scale Ben Livshits Microsoft Research Redmond, WA.
Nozzle: A Defense Against Heap-spraying Code Injection Attacks Paruj Ratanaworabhan, Cornell University Ben Livshits and Ben Zorn, Microsoft Research (Redmond,
You can run that from a USB Drive ? Portable Applications: the good, the bad and the ugly Jeff Gimbel © 2007.
Multiple Tiers in Action
Computer Software Applications By YOUR NAME in YOUR TUTOR GROUP.
Introducing Quick Heal Endpoint Security 5.3. “Quick Heal Endpoint Security 5.3 is designed to provide simple, intuitive centralized management and control.
Lab 3 Cookie Stealing using XSS Kara James, Chelsea Collins, Trevor Norwood, David Johnson.
Trend Micro Deployment Kelvin Hwang IT Services University of Windsor.
Security Difficulties of E-Learning in Cloud Computing
Telenet for Business Mobile & Security? Brice Mees Security Services Operations Manager.
DLT (Quote Engine) Home Home CRM Quote Engine WebSite.
Partnering For Profitability Growing your business with Microsoft Forefront Security Solutions Mark Hassall Director Security & Access BG Microsoft Corporation.
Internet Safety By Megan Wilkinson. Viruses If your computer haves a viruses on it, it will show one of them or a different one. All commuters have different.
{ Parental Controls What the different services do to give you control.
©2012 Check Point Software Technologies Ltd. | [Confidential] For Check Point users and approved third parties Building Your Security Strategy with 3D.
Gulfstream Salvatore Guarnieri University of Washington Ben Livshits Microsoft Research Staged Static Analysis for Streaming JavaScript Applications.
GONE PHISHING ECE 4112 Final Lab Project Group #19 Enid Brown & Linda Larmore.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
E. Jay Saunders, Turks & Caicos Islands 24 July 2012.
Introducing Quick Heal Endpoint Security 5.2. “Quick Heal Endpoint Security 5.2 is designed to provide simple, intuitive centralized management and control.
PROJECT PAPER ON BLUEFIRE MOBILE SECURITY. BY PONNURU VENKATA DINESH KUMAR STUDENT ID # A0815 PROFESSOR – VICKY HSU CS-426.
SiS Technical Training Development Track Day 8. Agenda  Quick Overview of PeopleSoft Security  Understand Permission Lists, Roles, User and Tree Security.
Myles McReynolds.  Cloud-based software platform for central management of geospatial applications, data and services.  Gives you the tools you need.
Mobile data. Introduction Wireless (cellular) communications has experienced a tremendous growth in this decade. Most of the wireless users also access.
Education Empowered Ask every customer: “Does your school use (or want to use) laptops or tablets for learning?” If the answer is yes, recommend devices.
What DNS is Not 0 Kylie Brown, Jordan Eberst, Danielle Franz Drew Hanson, Dennis Kilgore, Charles Newton, Lindsay Romano, Lisa Soros 0 Paul Vixie
COMPREHENSIVE Windows Tutorial 5 Protecting Your Computer.
Virtual techdays INDIA │ 9-11 February 2011 Security Discussion: Ask the Experts M.S.Anand │ MTC Technology Specialist │ Microsoft Corporation Anirudh.
Store, sync, and share your files
3-Protecting Systems Dr. John P. Abraham Professor UTPA.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Basic Security Networking for Home and Small Businesses – Chapter 8.
Selecting a Time and Attendance System for your institution Scott Mowery – Tracy Inc. Friday, September 25, 2015.
Building Rich Web Applications with Ajax Linda Dailey Paulson IEEE – Computer, October 05 (Vol.38, No.10) Presented by Jingming Zhang.
Georgios Kontaxis‡, Michalis Polychronakis‡, Angelos D. Keromytis‡, and Evangelos P.Markatos* ‡Columbia University and *FORTH-ICS USENIX-SEC (August, 2012)
Emerging Security Trends & Technologies Presented by Santhosh Koratt Head Consulting & Compliance SecureSynergy Pvt.Ltd.
Educational Computing David Goldschmidt, Ph.D. Computer Science The College of Saint Rose CIS 204 Spring 2009.
Jim Janson. Agenda Evolution of software architectures 3-tier User interfaces Application servers Databases.
Web Application for Mobile access to students exam Information.
Google Apps and Education Jack Nieporte St James of the Valley
Skill Area 214 Introduce World wide web(www)
Summer Intern Showcase Hello, I am Utkarsh Goel Division: PDG Department: Foundry Web Experience Title: Research Engineer Hiring Manager: Moritz.
Wireless Communication & Mobile Programming 1 UNIT- 1 – MOBILECOMPUTINGINTRODUCTION Blog: aforajayshahnirma.wordpress.com.
Overlays and The Evolution of BGP Peering. Agenda BGP Issues – Overlay Networks – VPNs – ToR BGP Peering Today – Rise of the Tier-3 ISPs.
Your Cyber Security: The scope of your risk is broad and growing To understand the nature of the risk landscape look at the presentations here today-begin.
SendPro is the Easy-to-Use, Online Solution that Simplifies Office Shipping for USPS ®, FedEx ® and UPS ® – Integrated with the Features of Windows 10.
Siân Shordon Schools Broadband Manager Schools’ Broadband Service.
THE LEADER IN MID-MARKET ENTERPRISE DOCUMENT MANAGEMENT SOLUTIONS A Day in the Life of a Paperless Office Presented by: NAME Sales Director, ______ Region.
Dial toll free number Visit Need support for your Antivirus issues We let you do your.
Over the Top (OTT) Market to Global Analysis and Forecasts by Content Type, Deployment Type, Platform, User Type and Services No of Pages: 150 Publishing.
Web Real-Time Communication Market to Global Analysis and Forecasts by Product Type, and by Vertical No of Pages: 150 Publishing Date: Feb 2017.
Webroot Antivirus support phone number Technical Support
Windows Tutorial 5 Protecting Your Computer
BUILD SECURE PRODUCTS AND SERVICES
Managing Windows Security
Cisco's Assurance System
ATIS’ Cloud Services Activity
CompareDocs cloud Makes it Immediately Clear What has Changed Between Document Versions, on any Windows 10-Compatible PC or Device WINDOWS APP BUILDER.
Protect Your Computer Against Harmful Attacks!
© 2016 Global Market Insights, Inc. USA. All Rights Reserved Endpoint Security Market to grow at 7% CAGR from 2017 to 2024: Global Market.
NORTON CUSTOMER SUPPORT NUMBER. NORTON CUSTOMER SERVICE.
OPERATING SYSTEMS.
Securely run and grow your business with Microsoft 365 Business
Microsoft Office 365 for Education
Siân Shordon Schools Broadband Manager
Implementing Client Security on Windows 2000 and Windows XP Level 150
Home Security in the Age of Broadband
Your computer is the client
Presentation transcript:

Empowering Browser Security for Mobile Devices Using Smart CDNs Ben Livshits and David Molnar Microsoft Research 1

Mobile Web Growth 2

US Mobile Web Growth 3

Opera Mobile Study 4

Research in Desktop Browser Security 5 Nozzle [UsenixSec’09] NativeClient/XAX [Oakland’09/OSDI’08] XSS filters/ worm filters StackGuard/HeapGuard [UsenixSec’01/] ConScript [Oakland’10]

Mobile: Difficulties of Adoption 6

CDNs are Growing 7

Consequence: Fat Middle Tier 8 Rise of “smart CDN” (sCDN) What does this mean for security?

Two Research Directions What if the middle tier is not trustworthy? What new security services can we provide? 9

Two Research Directions What if the middle tier is not trustworthy? What new security services can we provide? 10 Let’s do the easiest one first…

Example Service: Nozzle in Mobile Nozzle is a heap spraying prevention system that protects desktop browsers [UsenixSec’09] How to deploy Nozzle on mobile browsers? Software updates on all handsets..? Same problem for any browser based mitigation – StackGuard, RandomHeap, your paper at W2SP20XX… 11

Example Service: Nozzle in Mobile 12 Run Nozzle in sCDN! Catch heap sprays, pre-render benign pages, ship renders to mobile.

More sCDN Security Services Real Time phish tracking – “Why is everyone suddenly going to whuffo.com?” URL reputation – “15 other people were owned by this URL” XSS filters Fuzz testing seeded with real traces 13

Untrustworthy Infrastructure? Multiple vendors – Linksys, Cisco, Akamai, Limelight, … Multiple operators – Comcast, Sprint, AT&T, T-Mobile, Joe Sixpack, … Multiple web applications How do these parties work together? What about privacy? 14

Two Research Directions What if the middle tier is not trustworthy? What new security services can we provide? 15

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.