TC: Medium: Collaborative Research: Securing Web Advertisements: Fixing the Short-term Crisis and Addressing Long-term Challenges

TC：媒介：协作研究：保护网络广告：解决短期危机并应对长期挑战

• 批准号: 1065216
• 负责人: Kevin Hamlen
• 金额: $ 52.74万
• 依托单位: University of Texas at Dallas
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2011
• 资助国家: 美国
• 起止时间: 2011-09-01 至 2016-09-30
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1065216&HistoricalAwards=false
• 关键词: TC; Medium; Collaborative; Research; Securing

Malicious and exploitable web advertisements (ads) are widely recognized as a major emerging source of online attacks and privacy violations. Rogue ads can often escape existing weak defenses employed by ad networks and websites, inflicting much harm on end-users. This ad security crisis is exacerbated by several factors: complex mechanisms by which web ads are produced, distributed and deployed; weak filtering strategies of ad networks; web sites' inability to control content supplied by ad networks; and poor browser-level primitives for ad isolation and confinement.This project tackles the ad crisis by developing a comprehensive framework that integrates and extends recent research on browser-level script sandboxing, bytecode in-lined reference monitoring, information flow analysis, and binary code certification. A key priority is to transparently preserve important web ad technologies, such as ad-billing, Flash-JavaScript interoperability, cross-site scripting, and ad network contextual targeting. The complementary strengths of the two PIs forms a natural synergy that lends itself to an elegant and easily adoptable framework for protecting users from the severe online security and privacy risks currently posed by malicious ads.With the web advertisement industry estimated to be at a USD $50 billion mark in 2010, the techniques developed by this project are contributing to the vitality of this industry. To maximize impact, the PIs are transitioning results from this research to the industrial sector engaged in the development of ads as well as their dissemination.

恶意和可利用的网络广告被广泛认为是在线攻击和侵犯隐私的主要新兴来源。流氓广告往往可以逃脱广告网络和网站现有的薄弱防御，给最终用户造成很大伤害。几个因素加剧了这场广告安全危机：制作、分发和部署网络广告的复杂机制；广告网络的过滤策略薄弱；网站无法控制广告网络提供的内容；以及用于广告隔离和限制的浏览器级原语不佳。该项目通过开发一个综合框架来解决广告危机，该框架整合并扩展了最近对浏览器级脚本沙箱、字节码内联引用监控、信息流分析和二进制代码认证的研究。一个关键的优先事项是透明地保留重要的网络广告技术，如广告计费、Flash-JavaScript互操作性、跨站点脚本和广告网络上下文定位。这两个PI的优势互补，形成了一个自然的协同作用，为用户提供了一个优雅且易于采用的框架，以保护用户免受当前恶意广告带来的严重在线安全和隐私风险。2010年，网络广告行业估计达到500亿美元大关，该项目开发的技术正在为该行业的活力做出贡献。为了最大限度地发挥影响，私人投资机构正在将这项研究的成果转移到从事广告开发和传播的工业部门。