1 / 14

Empowering Browser Security for Mobile Devices Using Smart CDNs

Empowering Browser Security for Mobile Devices Using Smart CDNs. Ben Livshits and David Molnar Microsoft Research. Mobile Web Growth. Opera Mobile Study. http://www.opera.com/media/smw/2009/pdf/smw032009.pdf. Research in Desktop Browser Security. Mobile: Difficulties of Adoption.

ike
Download Presentation

Empowering Browser Security for Mobile Devices Using Smart CDNs

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Empowering Browser Security for Mobile Devices Using Smart CDNs Ben Livshits and David Molnar Microsoft Research

  2. Mobile Web Growth

  3. Opera Mobile Study http://www.opera.com/media/smw/2009/pdf/smw032009.pdf

  4. Research in Desktop Browser Security

  5. Mobile: Difficulties of Adoption http://developer.android.com/resources/dashboard/platform-versions.html

  6. CDNs are Growing

  7. Consequence: Fat Middle Tier Rise of “smart CDN” (sCDN) What does this mean for security?

  8. Two Research Directions • What if the middle tier is not trustworthy? • What new security services can we provide?

  9. Two Research Directions • What if the middle tier is not trustworthy? • What new security services can we provide? Let’s do the easiest one first…

  10. Example Service: Nozzle in Mobile • Nozzle is a heap spraying prevention system that protects desktop browsers [UsenixSec’09] • How to deploy Nozzle on mobile browsers? • Software updates on all handsets..? • Same problem for any browser based mitigation – StackGuard, RandomHeap, your paper at W2SP20XX…

  11. Example Service: Nozzle in Mobile Run Nozzle in sCDN! Catch heap sprays, pre-render benign pages, ship renders to mobile.

  12. More sCDN Security Services • Real Time phish tracking • “Why is everyone suddenly going to whuffo.com?” • URL reputation • “15 other people were owned by this URL” • XSS filters • Fuzz testing seeded with real traces

  13. Untrustworthy Infrastructure? • Multiple vendors • Linksys, Cisco, Akamai, Limelight, … • Multiple operators • Comcast, Sprint, AT&T, T-Mobile, Joe Sixpack, … • Multiple web applications • How do these parties work together? • What about privacy?

  14. Two Research Directions • What if the middle tier is not trustworthy? • What new security services can we provide?

More Related