Enhancing Browser Security for Mobile Devices Using Smart CDNs

Explore the realm of improving browser security for mobile devices through the utilization of Smart Content Delivery Networks (CDNs). Delve into research directions, challenges in adoption, and innovative security services to safeguard against potential threats. Discover how the rise of Smart CDNs impacts the security landscape and the implications for the middle tier in mobile security architecture.

• Browser Security
• Mobile Devices
• Smart CDNs
• Research Directions
• Security Services

chr_rhe Follow

Uploaded on Sep 16, 2024 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

Presentation Transcript

1. Empowering Browser Security for Mobile Devices Using Smart CDNs Ben Livshits and David Molnar Microsoft Research 1

2. Mobile Web Growth 2

3. Opera Mobile Study 4 http://www.opera.com/media/smw/2009/pdf/smw032009.pdf

4. Research in Desktop Browser Security ConScript Nozzle [Oakland 10] [UsenixSec 09] StackGuard/HeapGuard NativeClient/XAX [UsenixSec 01/] [Oakland 09/OSDI 08] XSS filters/ worm filters 5

5. Mobile: Difficulties of Adoption http://developer.android.com/resources/dashboard/platform-versions.html 6

6. CDNs are Growing 7

7. Consequence: Fat Middle Tier Rise of smart CDN (sCDN) What does this mean for security? 8

8. Two Research Directions What if the middle tier is not trustworthy? What new security services can we provide? 9

9. Two Research Directions What if the middle tier is not trustworthy? What new security services can we provide? Let s do the easiest one first 10

10. Example Service: Nozzle in Mobile Nozzle is a heap spraying prevention system that protects desktop browsers [UsenixSec 09] How to deploy Nozzle on mobile browsers? Software updates on all handsets..? Same problem for any browser based mitigation StackGuard, RandomHeap, your paper at W2SP20XX 11

11. Example Service: Nozzle in Mobile Run Nozzle in sCDN! Catch heap sprays, pre-render benign pages, ship renders to mobile. 12

12. More sCDN Security Services Real Time phish tracking Why is everyone suddenly going to whuffo.com? URL reputation 15 other people were owned by this URL XSS filters Fuzz testing seeded with real traces 13

13. Untrustworthy Infrastructure? Multiple vendors Linksys, Cisco, Akamai, Limelight, Multiple operators Comcast, Sprint, AT&T, T-Mobile, Joe Sixpack, Multiple web applications How do these parties work together? What about privacy? 14

14. Two Research Directions What if the middle tier is not trustworthy? What new security services can we provide? 15