Stickler: Defending Against Malicious CDNs in an Unmodified Browser
release_6t4fbirpxff7hnkgv5izqwwpxe
by
Amit Levy, Henry Corrigan-Gibbs, Dan Boneh
2015
Abstract
Website publishers can derive enormous performance benefits and cost savings
by directing traffic to their sites through content distribution networks
(CDNs). However, publishers who use CDNs today must trust their CDN not to
modify the site's JavaScript, CSS, images or other media en route to end users.
A CDN that violates this trust could inject ads into websites, downsample media
to save bandwidth or, worse, inject malicious JavaScript code to steal user
secrets it could not otherwise access. We present Stickler, a system for
website publishers that guarantees the end-to-end authenticity of content
served to end users while simultaneously allowing publishers to reap the
benefits of CDNs. Crucially, Stickler achieves these guarantees without
requiring modifications to the browser.
In text/plain
format
Archived Files and Locations
application/pdf 646.9 kB
file_agswavai2fg2losbbqfqtopkim
|
arxiv.org (repository) web.archive.org (webarchive) |
1506.04110v1
access all versions, variants, and formats of this works (eg, pre-prints)