1 / 9

Offense Presentation for AdJail

Offense Presentation for AdJail. Stephen Duraski and Allen Zeng. Motivation for Implementation?. A class of rogue ads, those that involve social engineering, depend on the content of the ads.

ayame
Download Presentation

Offense Presentation for AdJail

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Offense Presentation for AdJail Stephen Duraski and Allen Zeng

  2. Motivation for Implementation? • A class of rogue ads, those that involve social engineering, depend on the content of the ads. • Content such as fake anti-virus scanners etc, are not actually prevented by this system, which has no controls on the content of the ad. • The New York Times example

  3. Difficulty for each publisher to implement • This system requires a significant rewrite for the ad portion of a publisher's page. • Is the time spent on the implementation worth it since any mistakes would threaten the publishers ability to make money from their site.

  4. Rendering a shadow page for each ad? • Every ad will need a separate shadow page with a unique URI, this increases complexity and difficulty of maintaining a site. • Sites often use multiple ad networks simultaneously, AdJail would require potentially managing a large number of extra domains for proper use of the Same-Origin Policy

  5. Overhead Time • Paper states that rendering time is increased by 1.69% • NOT an insignificant amount of time • ~400ms to ~700ms for Google Ads • Advertisers will not appreciate their ads being rendered slowly, and may react negatively • Amazon loses 1% of sales for every 100ms delay: • http://www.exp-platform.com/Documents/IEEEComputer2007OnlineExperiments.pdf • Google: “Experiments demonstrate that increasing web search latency 100 to 400 ms reduces the daily number of searches per user by 0.2% to 0.6%.” • http://services.google.com/fh/files/blogs/google_delayexp.pdf • Google revenue dropped 20% in an experiment that slowed the page down by 0.5 seconds • http://glinden.blogspot.com/2006/11/marissa-mayer-at-web-20.html

  6. Usability and Scalability Issues • Currently uses Regular Expressions for textual transformation • Cannot possibly do this for the hundreds of existing Ad Networks • Will ultimately work for some but fail for most

  7. Real - Shadow Page Communication • "To facilitate voluntary communication between the two pages, we leverage the window.postMessage() browser API. postMessage() is an inter-origin frame communication mechanism that enables two collaborating frames to share data in a controlled way, even when SOP is in effect" • What prevents the ads from using the same API call to send its own data?

  8. What happens with bad ads? • Ad contains code with "unallowed" javascript code • Gets rendered on Shadow Page - is anything communicated to the Ad Network / User that content was blocked? • Does ad network get charged? • Unclear in paper

  9. Evaluation Issues • What test pages were used? • No examples given • Parameters of tests were modified for each Ad Network such that it would work

More Related