摘要 :
Desktop browsers have introduced private browsing mode, a security control which aims to protect users' data that are generated during a private browsing session by not storing them in the filesystem. As the Internet becomes ubiqu...
展开
Desktop browsers have introduced private browsing mode, a security control which aims to protect users' data that are generated during a private browsing session by not storing them in the filesystem. As the Internet becomes ubiquitous, the existence of this security control is beneficial to users, since privacy violations are increasing, while users tend to be more concerned about their privacy when browsing the web in a post-Snowden era. In this context, this work examines the protection that is offered by the private browsing mode of the most popular desktop browsers in Windows (i.e., Chrome, Firefox, IE and Opera). Our experiments uncover occasions in which even if users browse the web with a private session, privacy violations exist contrary to what is documented by the browser. To raise the bar of privacy protection that is offered by web browsers, we propose the use of a virtual filesystem as the storage medium of browsers' cache data. We demonstrate with a case study how this countermeasure protects users from the privacy violations, which are previously identified in this work.
收起
摘要 :
To load a webpage, a web browser first downloads the base HTML file of the page in order to discover the list of objects referenced in the page. This process takes roughly one round-trip time and constitutes a significant portion ...
展开
To load a webpage, a web browser first downloads the base HTML file of the page in order to discover the list of objects referenced in the page. This process takes roughly one round-trip time and constitutes a significant portion of the web browsing delay on mobile devices as wireless networks suffer from longer transmission and access delays compared to wired networks. In this work, we propose a solution for eliminating this initial delay, which is transparent to end systems, does not require modifying HTTP, and is well suited for web browsing on mobile devices. Our solution, called WebPro, relies on a network proxy that builds an up-to-date database of resource lists for the websites visited frequently by network users. The proxy resides in the wired part of the network, and hence can afford to pro-actively build and refresh the resource list database periodically. When a request for a webpage comes to the proxy, it simultaneously fetches the base HTML and all referenced objects required to render the web page using the corresponding resource list stored in the local database. We also show that the benefits of WebPro become more significant by increasing the complexity of webpages as it is able to circumvent the inter-object dependencies in a webpage. We have built a working prototype of WebPro and have used real-world traffic traces along with live experiments over Wi-Fi and LTE networks to assess its performance. Our results show an average of 26% reduction in page load time for a mix of popular web sites chosen from categories such as news, sports and shopping. Moreover, in comparison to another best known proxy-based solution, WebPro provides delay reductions ranging from 5% to 51% for a variety of web sites. (C) 2016 Elsevier B.V. All rights reserved.
收起
摘要 :
The World Wide Web is today the largest information seeking environment. Millions of people use it to satisfy their information needs. Although it is quite easy for able-bodied users to use it, there are still a lot of problems fo...
展开
The World Wide Web is today the largest information seeking environment. Millions of people use it to satisfy their information needs. Although it is quite easy for able-bodied users to use it, there are still a lot of problems for people with disabilities. A major group of them are blind users. Blind users navigate the web in a different and less effective and efficient way especially when it comes to information seeking tasks. To ease the problem we introduced the Browsing Shortcuts (BSs) mechanism to enable blind people to move efficiently to various elements of a web page (e.g. functional elements such as forms, navigational aids, etc.), hence operating effectively as an interaction method and a vital counterbalance to low navigability of web pages. Although there are proofs that navigation performance was improved using the BSs mechanism, this effect had never been examined and explained in detail. In this paper, we re-analyse data collected from past experiments and review BSs usage from a navigation behaviour perspective. This is achieved by a new analysis using a visualisation method of “travel graphs” for studying the navigation methods of blind users. We compare behaviours of blind users using the BSs feature to the ones used without it to determine changes in behaviour. The basic aim behind this analysis is to examine how BSs have affected the navigation behaviour of blind users. We wished to determine how non-visual navigation using BSs assists users in parsing a web page into functional or semantic regions. Additionally, we wished to examine if and how these regions are accessed during an information seeking episode with and without the BSs mechanism. Finally, we wished to examine whether these changes are towards more rationalised information seeking behaviour. In overall, this new analysis of the recorded results indicate that the navigation model using BSs signifies more rationalised navigation and significantly change information seeking behaviour improving both navigability and information seeking performance.
收起
摘要 :
HTTP cookies have been widely used for maintaining session states, personalizing, authenticating, and tracking user behaviors. Despite their importance and usefulness, cookies have raised public concerns on Internet privacy becaus...
展开
HTTP cookies have been widely used for maintaining session states, personalizing, authenticating, and tracking user behaviors. Despite their importance and usefulness, cookies have raised public concerns on Internet privacy because they can be exploited by third-parties to track user behaviors and build user profiles. In addition, stolen cookies may also incur severe security problems. However, current Web browsers lack secure and convenient mechanisms for cookie management. A cookie management scheme, which is easy-to-use and has minimal privacy risk, is in great demand; but designing such a scheme is a challenge. In this paper, we conduct a large scale HTTP cookie measurement and introduce CookiePicker, a system that can automatically validate the usefulness of cookies from a Web site and set the cookie usage permission on behalf of users. CookiePicker helps users achieve the maximum benefit brought by cookies, while minimizing the possible privacy and security risks. We implement CookiePicker as an extension to Firefox Web browser, and obtain promising results in the experiments.
收起
摘要 :
Security and privacy concerns remain a major factor that hinders the whole scale adoption of web-based technology in sensitive situations, such as financial transactions (Gao and Owolabi, 2008; Lichtenstein and Williamson, 2006). ...
展开
Security and privacy concerns remain a major factor that hinders the whole scale adoption of web-based technology in sensitive situations, such as financial transactions (Gao and Owolabi, 2008; Lichtenstein and Williamson, 2006). These concerns impact both end users and content generators. To tackle this problem requires a complimentary technology to the already developed and deployed infrastructure for web security. Hence, we have developed a multi-layer framework for web client security based on mobile code instrumentation. This architecture seeks to isolate exploitable security vulnerabilities and enforce runtime policies against malicious code constructs. Our instrumentation process uniquely integrates both static and dynamic engines and is driven by flexible (XML based) rewrite rules for a scalable operation and transparent deployment. Based on secure equivalents for vulnerable JavaScript objects and methods, our mechanism offers superior runtime performance compared to other approaches. Extensive investigation using four case studies shows that the instrumentation technique provides a potential solution to curb the rising number of security exploits that exist on the web today. In addition, performance data gathered from evaluations on active websites demonstrate that the mechanism has very little impact in terms of user experience; thus making it plausible for adoption by end-users.
收起
摘要 :
Compared with traditional business operations, WWW-based commerce has many advantages, such as timeliness, worldwide communication, hyperlinks, and multimedia. However, there are also several browsing problems, such as getting los...
展开
Compared with traditional business operations, WWW-based commerce has many advantages, such as timeliness, worldwide communication, hyperlinks, and multimedia. However, there are also several browsing problems, such as getting lost, consuming a great amount of time browsing, and lack of customized interactive features. To acquire a competitive advantage over the countless number of Web sites, it is critical to solve these browsing problems. The purpose of this paper is to systematically review all browsing problems and then propose a system architecture for intelligent browsing on the Web. In this architecture, we present five kinds of browsing agents : recommendation agent, new-contents agent, search agent, customized agent, and personal-status agent. In order to support these agents, a user analyzer is provided to maintain the user profile by analyzing log files and CGI parameters. A site monitor is provided to maintain the site database by monitoring all changes to the site. We also developed a prototype to demonstrate the feasibility of the proposed system architecture. Finally, due to the time limitations, a laboratory experiment was carried out to verify the only value of the customized agent. The value of the agent was confirmed.
收起