Stickler: Defending Against Malicious CDNs in an Unmodified Browser release_6t4fbirpxff7hnkgv5izqwwpxe

by Amit Levy, Henry Corrigan-Gibbs, Dan Boneh

Released as a article .

2015  

Abstract

Website publishers can derive enormous performance benefits and cost savings by directing traffic to their sites through content distribution networks (CDNs). However, publishers who use CDNs today must trust their CDN not to modify the site's JavaScript, CSS, images or other media en route to end users. A CDN that violates this trust could inject ads into websites, downsample media to save bandwidth or, worse, inject malicious JavaScript code to steal user secrets it could not otherwise access. We present Stickler, a system for website publishers that guarantees the end-to-end authenticity of content served to end users while simultaneously allowing publishers to reap the benefits of CDNs. Crucially, Stickler achieves these guarantees without requiring modifications to the browser.
In text/plain format

Archived Files and Locations

application/pdf  646.9 kB
file_agswavai2fg2losbbqfqtopkim
arxiv.org (repository)
web.archive.org (webarchive)
Read Archived PDF
Preserved and Accessible
Type  article
Stage   submitted
Date   2015-06-12
Version   v1
Language   en ?
arXiv  1506.04110v1
Work Entity
access all versions, variants, and formats of this works (eg, pre-prints)
Catalog Record
Revision: def71b4d-4f59-4935-a228-2d67e9ae1291
API URL: JSON