TC: Medium: Collaborative Research: Securing Web Advertisements: Fixing the Short-term Crisis and Addressing Long-term Challenges

TC：媒介：协作研究：保护网络广告：解决短期危机并应对长期挑战

• 批准号: 1065537
• 负责人: Venkat Venkatakrishnan
• 金额: $ 61.58万
• 依托单位: University of Illinois at Chicago
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2011
• 资助国家: 美国
• 起止时间: 2011-09-01 至 2016-09-30
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1065537&HistoricalAwards=false
• 关键词: TC; Medium; Collaborative; Research; Securing

Malicious and exploitable web advertisements (ads) are widely recognized as a major emerging source of online attacks and privacy violations. Rogue ads can often escape existing weak defenses employed by ad networks and websites, inflicting much harm on end-users. This ad security crisis is exacerbated by several factors: complex mechanisms by which web ads are produced, distributed and deployed; weak filtering strategies of ad networks; web sites' inability to control content supplied by ad networks; and poor browser-level primitives for ad isolation and confinement.This project tackles the ad crisis by developing a comprehensive framework that integrates and extends recent research on browser-level script sandboxing, bytecode in-lined reference monitoring, information flow analysis, and binary code certification. A key priority is to transparently preserve important web ad technologies, such as ad-billing, Flash-JavaScript interoperability, cross-site scripting, and ad network contextual targeting. The complementary strengths of the two PIs forms a natural synergy that lends itself to an elegant and easily adoptable framework for protecting users from the severe online security and privacy risks currently posed by malicious ads.With the web advertisement industry estimated to be at a USD $50 billion mark in 2010, the techniques developed by this project are contributing to the vitality of this industry. To maximize impact, the PIs are transitioning results from this research to the industrial sector engaged in the development of ads as well as their dissemination.

恶意和可剥削的网络广告（AD）被广泛认为是在线攻击和侵犯隐私行为的主要新来源。 流氓广告通常可以逃避广告网络和网站所采用的现有薄弱防御措施，从而对最终用户造成很大的伤害。这种广告安全危机对几个因素加剧了：生产，分布和部署网络广告的复杂机制；广告网络的过滤策略较弱；网站无法控制广告网络提供的内容；以及用于广告隔离和限制的不良浏览器级别的原始图。该项目通过开发一个综合框架来解决AD危机，该框架整合并扩展了有关浏览器级脚本沙盒，字节码内衬里参考监控，信息流量分析和二进制代码认证的最新研究。一个关键的优先事项是透明地保留重要的Web广告技术，例如广告填充，闪存 - JavaScript互操作性，跨站点脚本和广告网络上下文的定位。这两个PI的互补优势形成了一种自然的协同作用，该协同具有一个优雅且易于采用的框架，可保护用户免受恶意广告的严重在线安全性和当前带来的严重隐私风险。据估计，网络广告行业估计在2010年达到500亿美元，该项目为该项目开发的技术促进了该行业的活力。 为了最大程度地发挥影响力，PI正在将这项研究的结果转变为参与广告发展及其传播的工业部门。