Accountable Javascript Code Delivery

02/20/2022
by   Ilkan Esiyok, et al.
0

The Internet is a major distribution platform for applications, but there are no effective transparency and audit mechanisms. Due to the ephemeral nature of web applications, a client visiting a website has no guarantee that the code it receives today is the same as yesterday, or the same as others receive. Despite advances in web security, it is thus challenging to audit web applications before they are rendered in the browser. We propose Accountable JS, a browser extension and opt-in protocol for accountable delivery of active content on a web page. We prototype our protocol, formally model its security properties with the Tamarin Prover, and evaluate its compatibility and performance impact with case studies including WhatsApp Web, AdSense and Nimiq.

READ FULL TEXT

page 1

page 2

page 3

page 4

09/04/2022

InviCloak: An End-to-End Approach to Privacy and Performance in Web Content Distribution

In today's web ecosystem, a website that uses a Content Delivery Network...
07/10/2020

Web View: A Measurement Platform for Depicting Web Browsing Performance and Delivery

Web browsing is the main Internet Service and every customer wants the m...
08/11/2022

Improving Tourist Experience Through an IoT Application Based on FatBeacons

This paper describes the use of a new extension of the Bluetooth connect...
03/16/2019

Pythia: a Framework for the Automated Analysis of Web Hosting Environments

A common approach when setting up a website is to utilize third party We...
02/20/2021

Merly.jl: Web Framework in Julia

Merly.jl is a package for creating web applications in Julia. It present...
04/13/2021

WAIT: Protecting the Integrity of Web Applications with Binary-Equivalent Transparency

Modern single page web applications require client-side executions of ap...
01/05/2022

WebSpec: Towards Machine-Checked Analysis of Browser Security Mechanisms

The complexity of browsers has steadily increased over the years, driven...