Yuefeng Du, Huayi Duan, Lei Xu, Helei Cui, Cong Wang, Qian Wang
{"title":"${{\\sf PEBA}}$: Enhancing User Privacy and Coverage of Safe Browsing Services","authors":"Yuefeng Du, Huayi Duan, Lei Xu, Helei Cui, Cong Wang, Qian Wang","doi":"10.1109/TDSC.2022.3204767","DOIUrl":null,"url":null,"abstract":"To keep web users away from unsafe websites, modern web browsers enable the embedded feature of safe browsing (SB) by default. In this work, through theoretical analysis and empirical evidence, we reveal two major shortcomings in the current SB infrastructure. First, we derive a feasible tracking technique for industry best practice. We show that the current mitigation techniques cannot eliminate the threat of de-anonymization permanently. Second, we gauge the effectiveness of blacklists provided by major vendors. Our discovery indicates the urge for blacklist integration in order to boost service quality. In light of this, we propose a new three-party paradigm <inline-formula><tex-math notation=\"LaTeX\">${{\\sf PEBA}}$</tex-math><alternatives><mml:math><mml:mi mathvariant=\"sans-serif\">PEBA</mml:mi></mml:math><inline-graphic xlink:href=\"wang-ieq2-3204767.gif\"/></alternatives></inline-formula> with an intermediate third party decoupling the direct interaction of users and proprietary blacklist vendors. To satisfy practical usage requirements, we instantiate our design with trusted hardware, detailing how it can be leveraged to fulfill the requirements of privacy enhancement and broader content coverage at the same time. We also tackle numerous implementation challenges that emerged from this proxy-based and hardware-enabled solution. Extensive evaluation confirms that <inline-formula><tex-math notation=\"LaTeX\">${{\\sf PEBA}}$</tex-math><alternatives><mml:math><mml:mi mathvariant=\"sans-serif\">PEBA</mml:mi></mml:math><inline-graphic xlink:href=\"wang-ieq3-3204767.gif\"/></alternatives></inline-formula> can balance well among desirable goals of security, usability, performance, and elasticity, making it suitable for deployment in practice.","PeriodicalId":13047,"journal":{"name":"IEEE Transactions on Dependable and Secure Computing","volume":"20 1","pages":"4343-4358"},"PeriodicalIF":7.0000,"publicationDate":"2023-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Transactions on Dependable and Secure Computing","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1109/TDSC.2022.3204767","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}
引用次数: 0
Abstract
To keep web users away from unsafe websites, modern web browsers enable the embedded feature of safe browsing (SB) by default. In this work, through theoretical analysis and empirical evidence, we reveal two major shortcomings in the current SB infrastructure. First, we derive a feasible tracking technique for industry best practice. We show that the current mitigation techniques cannot eliminate the threat of de-anonymization permanently. Second, we gauge the effectiveness of blacklists provided by major vendors. Our discovery indicates the urge for blacklist integration in order to boost service quality. In light of this, we propose a new three-party paradigm ${{\sf PEBA}}$PEBA with an intermediate third party decoupling the direct interaction of users and proprietary blacklist vendors. To satisfy practical usage requirements, we instantiate our design with trusted hardware, detailing how it can be leveraged to fulfill the requirements of privacy enhancement and broader content coverage at the same time. We also tackle numerous implementation challenges that emerged from this proxy-based and hardware-enabled solution. Extensive evaluation confirms that ${{\sf PEBA}}$PEBA can balance well among desirable goals of security, usability, performance, and elasticity, making it suitable for deployment in practice.
期刊介绍:
The "IEEE Transactions on Dependable and Secure Computing (TDSC)" is a prestigious journal that publishes high-quality, peer-reviewed research in the field of computer science, specifically targeting the development of dependable and secure computing systems and networks. This journal is dedicated to exploring the fundamental principles, methodologies, and mechanisms that enable the design, modeling, and evaluation of systems that meet the required levels of reliability, security, and performance.
The scope of TDSC includes research on measurement, modeling, and simulation techniques that contribute to the understanding and improvement of system performance under various constraints. It also covers the foundations necessary for the joint evaluation, verification, and design of systems that balance performance, security, and dependability.
By publishing archival research results, TDSC aims to provide a valuable resource for researchers, engineers, and practitioners working in the areas of cybersecurity, fault tolerance, and system reliability. The journal's focus on cutting-edge research ensures that it remains at the forefront of advancements in the field, promoting the development of technologies that are critical for the functioning of modern, complex systems.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
