Accountable Javascript Code Delivery

by   Ilkan Esiyok, et al.

The Internet is a major distribution platform for applications, but there are no effective transparency and audit mechanisms. Due to the ephemeral nature of web applications, a client visiting a website has no guarantee that the code it receives today is the same as yesterday, or the same as others receive. Despite advances in web security, it is thus challenging to audit web applications before they are rendered in the browser. We propose Accountable JS, a browser extension and opt-in protocol for accountable delivery of active content on a web page. We prototype our protocol, formally model its security properties with the Tamarin Prover, and evaluate its compatibility and performance impact with case studies including WhatsApp Web, AdSense and Nimiq.


page 1

page 2

page 3

page 4


InviCloak: An End-to-End Approach to Privacy and Performance in Web Content Distribution

In today's web ecosystem, a website that uses a Content Delivery Network...

Web View: A Measurement Platform for Depicting Web Browsing Performance and Delivery

Web browsing is the main Internet Service and every customer wants the m...

Improving Tourist Experience Through an IoT Application Based on FatBeacons

This paper describes the use of a new extension of the Bluetooth connect...

Pythia: a Framework for the Automated Analysis of Web Hosting Environments

A common approach when setting up a website is to utilize third party We...

Merly.jl: Web Framework in Julia

Merly.jl is a package for creating web applications in Julia. It present...

WAIT: Protecting the Integrity of Web Applications with Binary-Equivalent Transparency

Modern single page web applications require client-side executions of ap...

WebSpec: Towards Machine-Checked Analysis of Browser Security Mechanisms

The complexity of browsers has steadily increased over the years, driven...