Malicious and exploitable web advertisements (ads) are widely recognized as a major emerging source of online attacks and privacy violations. Rogue ads can often escape existing weak defenses employed by ad networks and websites, inflicting much harm on end-users. This ad security crisis is exacerbated by several factors: complex mechanisms by which web ads are produced, distributed and deployed; weak filtering strategies of ad networks; web sites' inability to control content supplied by ad networks; and poor browser-level primitives for ad isolation and confinement.
This project tackles the ad crisis by developing a comprehensive framework that integrates and extends recent research on browser-level script sandboxing, bytecode in-lined reference monitoring, information flow analysis, and binary code certification. A key priority is to transparently preserve important web ad technologies, such as ad-billing, Flash-JavaScript interoperability, cross-site scripting, and ad network contextual targeting. The complementary strengths of the two PIs forms a natural synergy that lends itself to an elegant and easily adoptable framework for protecting users from the severe online security and privacy risks currently posed by malicious ads.
With the web advertisement industry estimated to be at a USD $50 billion mark in 2010, the techniques developed by this project are contributing to the vitality of this industry. To maximize impact, the PIs are transitioning results from this research to the industrial sector engaged in the development of ads as well as their dissemination.
