ucognito private browsing without tears
play

UCognito: Private Browsing without Tears Meng Xu, Yeongjin Yang, - PowerPoint PPT Presentation

Dec 20, 2023 •179 likes •645 views

UCognito: Private Browsing without Tears Meng Xu, Yeongjin Yang, Xinyu Xing, Taesoo Kim, Wenke Lee Georgia Institute of Technology 1 Private Browsing Mode Private Browsing Incognito Mode Guest Mode InPrivate Private Window 2 Private

  1. UCognito: Private Browsing without Tears Meng Xu, Yeongjin Yang, Xinyu Xing, Taesoo Kim, Wenke Lee Georgia Institute of Technology 1

  2. Private Browsing Mode Private Browsing Incognito Mode Guest Mode InPrivate Private Window 2

  3. Private Browsing Mode Private Browsing Questions: Incognito Mode Guest Mode • Same ? • Expected ? InPrivate • Implemented ? • Private ? Private Window 3

  4. Private Browsing Mode Private Browsing Questions: Incognito Mode Guest Mode • Same ? • Expected ? InPrivate • Implemented ? • Private ? Private Window 4

  5. Problem: Different Definitions of Private Browsing Use of persistent data in Chrome Firefox Opera Safari IE private browsing mode Incognito ✘ ✔ ✔ ✔ ✘ Download entries ✔ ✘ ✘ ✔ ✘ SSL self-signed certificate ✔ ✘ ✘ ✔ ✔ Add-on enabled by default 5

  6. Problem: Different Definitions of Private Browsing Use Store Category Incognito Guest Incognito Guest ✔ ✘ ✘ ✘ Browsing history ✘ ✘ ✘ ✘ Cookies ✘ ✘ ✘ ✘ Cache ✘ ✘ ✘ ✘ Local storage ✘ ✘ ✘ ✘ Flash storage ✔ ✘ ✘ ✘ Download entries ✔ ✘ ✘ ✘ Autofills ✔ ✘ ✔ ✘ Bookmarks ✔ ✘ ✘ ✘ Per-site zoom ✔ ✘ ✘ ✘ Per-site permission ✘ ✘ ✘ ✘ SSL self-signed cert ✔ ✔ ✔ ✔ SSL client cert ✔ ✘ ✔ ✘ Add-on storage 6

  7. Private Browsing Mode Private Browsing Questions: Incognito Mode Guest Mode • Same ? • Expected ? InPrivate • Implemented ? • Private ? Private Window 7

  8. 8

  9. Private Browsing Mode Private Browsing Questions: Incognito Mode Guest Mode • Same ? • Expected ? InPrivate • Implemented ? • Private ? Private Window 9

  10. Implementation is `mimicking` and ad-hoc 1 // @netwerk/cookie/nsCookieService.cpp 2 DBState *mDBState; 3 nsRefPtr<DBState> mDefaultDBState; // DB for normal mode 4 nsRefPtr<DBState> mPrivateDBState; // DB for private mode 5 6 // invoked when initializing session 7 void nsCookieService::InitDBStates() { 8 ... 9 mDefaultDBState = new DBState(); // DB for normal mode 10 mPrivateDBState = new DBState(); // DB for private mode 11 // default: normal mode 12 mDBState = mDefaultDBState; 13 ... 14 } 15 16 // invoked when storing cookies 17 void nsCookieService::SetCookieStringInternal() { 18 ... 19 // decide which cookie DB to use, depending on the mode 20 mDBState = aIsPrivate ? mPrivateDBState : mDefaultDBState; 21 ... 22 } 10

  11. Implementation is `mimicking` and ad-hoc 1 // @netwerk/cookie/nsCookieService.cpp 2 DBState *mDBState; 3 nsRefPtr<DBState> mDefaultDBState; // DB for normal mode 4 nsRefPtr<DBState> mPrivateDBState; // DB for private mode 5 6 // invoked when initializing session 7 void nsCookieService::InitDBStates() { 8 ... 9 mDefaultDBState = new DBState(); // DB for normal mode 10 mPrivateDBState = new DBState(); // DB for private mode 11 // default: normal mode 12 mDBState = mDefaultDBState; 13 ... 14 } 15 16 // invoked when storing cookies 17 void nsCookieService::SetCookieStringInternal() { 18 ... 19 // decide which cookie DB to use, depending on the mode 20 mDBState = aIsPrivate ? mPrivateDBState : mDefaultDBState; 21 ... 22 } 11

  12. Problem: Code complexity grows exponentially • How many duplications ? • cookie, history, cache, download entries, autofills, bookmarks, flash storage … • per-site permission, per-site zoom level, SSL certs … • html5 local storage, indexDB … 12

  13. Problem: Code complexity grows exponentially • How many duplications ? • cookie, history, cache, download entries, autofills, bookmarks, flash storage … • per-site permission, per-site zoom level, SSL certs … • html5 local storage, indexDB … X 3 !!! Normal mode Incognito mode Guest mode 13

  14. Problem: Lack of elegant support for add-ons 1 // 1. Detecting private browsing mode @MDN 2 Components.utils.import( 3 "resource://gre/modules/PrivateBrowsingUtils.jsm"); 4 if (!PrivateBrowsingUtils.isWindowPrivate(window)) { 5 ... 6 } 7 8 // 2. Detecting mode changes @MDN 9 function pbObserver() { /* clear private data */ } 10 var os = Components.classes["@mozilla.org/observer-service;1"] 11 .getService(Components.interfaces.nsIObserverService); 12 os.addObserver(pbObserver, "last-pb-context-exited", false); 14

  15. Private Browsing Mode Private Browsing Questions: Incognito Mode Guest Mode • Same ? • Expected ? InPrivate • Implemented ? • Private ? Private Window 15

  16. 16

  17. Per-site permission reveals browsing history Geolocation API Implemented Bug report Patched standard proposed in Chrome 5.0 51204 rev. 192540 Dec May Aug Apr 2008 2010 2010 2013 17

  18. PNaCl cache reveals browsing history • PNaCl translation cache reveals whether you have previously visited a website. • http://gonativeclient.appspot.com/demo/lua (demo) 18

  19. Problem: Not secure by default • How many places to instrument ? • cookie, history, cache, download entries, autofills, bookmarks, flash storage … ok, these are common • per-site permission, per-site zoom level, SSL certs … hmm, we can think of these 19

  20. Problem: Not secure by default • How many places to instrument ? • html5 local storage, indexDB … new features are coming in! • PNaCl, OCSPResponse … oh I forgot them! 20

  21. Uverifier: Testing Private Browsing Mode open(<file>, “w”) …… open(<file>, “r”) write(<file>, ……) …… …… read(<file>, ……) no delete(<file>) Traces Usage 21

  22. PNaCl cache explanation Normal mode Private mode open(<file>, “w”) …… open(<file>, “r”) write(<file>, ……) …… …… read(<file>, ……) no delete(<file>) Traces Usage <profile>/PnaclTranslationCache/index <profile>/PnaclTranslationCache/data_1 <profile>/PnaclTranslationCache/data_2 <profile>/PnaclTranslationCache/data_3 22

  23. UCognito: Decouple private mode implementation from browser codebase. Private Browsing Incognito Mode Guest Mode InPrivate Private Window 23

  24. Ⓤ UCognito: Decouple private mode implementation from browser codebase. UCognito UCognito Layer Mode 24

  25. Ⓤ UCognito: Decouple private mode implementation from browser codebase. Questions: UCognito • Same ? UCognito Layer • Expected ? Mode • Implemented ? • Private ? 25

  26. Ⓤ UCognito Architecture Browser 26

  27. Ⓤ Step 0: Specify Policies Browser …… Autofill Bookmarks Cookies Cache 27

  28. Ⓤ Step 0: Specify Policies Browser …… Autofill Bookmarks Cookies Cache 28

  29. Ⓤ Step 1: Starting UCognito Browser …… Autofill Bookmarks Cookies Cache …… Autofill Bookmarks Cookies Cache 29

  30. Ⓤ Step 2: Browsing …… Browser Autofill Bookmarks Cookies Cache …… Autofill Bookmarks Cookies Cache …… Autofill Bookmarks Cookies Cache 30

  31. Ⓤ Step 3: Cleaning …… Browser Autofill Bookmarks Cookies Cache …… Autofill Bookmarks Cookies Cache …… Autofill Bookmarks Cookies Cache 31

  32. UCognito Sandbox • Goal: redirecting all path to a contained location • e.g., /home/user/profile/* → /tmp/<pid>/home/user/profile/* • Implementation: seccomp-bpf • Leverage MBox, a lightweight sandboxing for non-root users • Place hooks on 50 system calls that deals with file paths, e.g., open, creat, unlink , stat etc 32

  33. UCognito Policy System • Goal: control trace storage and trace usage on a per-file granularity • Design: • CLEAN : disallow loading of any traces, run browser at its pristine stage • COPY : allow use of existing traces, carrying existing information to the sandbox • WRITE : allow storing of new traces, committing data in sandbox back to file system 33

  34. Default Policy 1 # exclude all files in home directory 2 [clean] 3 ~/ Category Use Store ✘ ✘ Browsing history ✘ ✘ Cookies Whitelist principle: ✘ ✘ Cache ✘ ✘ Local storage ✘ ✘ Flash storage By default, nothing is allowed ✘ ✘ Download entries to be stored or used ✘ ✘ Autofills unless specified in a policy ✘ ✘ Bookmarks ✘ ✘ Per-site zoom ✘ ✘ Per-site permission ✘ ✘ SSL self-signed cert ✘ ✘ SSL client cert ✘ ✘ Add-on storage ✘ ✘ (All others) 34

  35. Chrome Guest Mode 1 # exclude all files in home directory 2 [clean] 3 ~/ 4 5 # Use: SSL client certificates Category Use Store 6 [copy] ✘ ✘ 7 ~/.pki/nssdb/cert9.db Browsing history 8 ✘ ✘ Cookies 9 # write-back client certificates ✘ ✘ Cache 10 [write] 11 ~/.pki/nssdb/cert9.db ✘ ✘ Local storage ✘ ✘ Flash storage ✘ ✘ Download entries ✘ ✘ Autofills ✘ ✘ Bookmarks ✘ ✘ Per-site zoom ✘ ✘ Per-site permission ✘ ✘ SSL self-signed cert ✔ ✔ SSL client cert ✘ ✘ Add-on storage ✘ ✘ (All others) 35

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

On the Privacy of Private Browsing Kiavash Satvat, Ma8

On the Privacy of Private Browsing Kiavash Satvat, Ma8

On the Privacy of Private Browsing Kiavash Satvat, Ma8 Forshaw, Feng Hao, Ehsan Toreini Newcastle University DPM13 IntroducGon 2005, Safari first

996 views • 19 slides
[Selected Slides] Moved to Tears: Considering Tears in Scripture, Worship and the Christian Life

[Selected Slides] Moved to Tears: Considering Tears in Scripture, Worship and the Christian Life

[Selected Slides] Moved to Tears: Considering Tears in Scripture, Worship and the Christian Life PW Churchwide Gathering 2018 Lynn Miller Irritant/refmex tears form in response to pain or to fmush foreign objects out of the eye. They contain

452 views • 18 slides
An Analysis of Private Browsing Modes in Modern Browsers

An Analysis of Private Browsing Modes in Modern Browsers

Stanford Computer Security Lab An Analysis of Private Browsing Modes in Modern Browsers Gaurav Aggarwal, Elie Bursztein, Collin Jackson, Dan Boneh Usenix

653 views • 40 slides
PTT Tears: Options for Full Thickness Tears with Collapse Matrona Giakoumis, DPM Faculty, The

PTT Tears: Options for Full Thickness Tears with Collapse Matrona Giakoumis, DPM Faculty, The

PTT Tears: Options for Full Thickness Tears with Collapse Matrona Giakoumis, DPM Faculty, The New York College of Podiatric Medicine Faculty, The Podiatry Institute OSET ORTHOPAEDIC SUMMIT Evolving Techniques 2017 Conflicts of Interest No

554 views • 23 slides
Models for Models for Retrieval and Browsing Retrieval and Browsing - Structural Models and

Models for Models for Retrieval and Browsing Retrieval and Browsing - Structural Models and

Models for Models for Retrieval and Browsing Retrieval and Browsing - Structural Models and Browsing Berlin Chen 2004 Reference : 1. Modern Information Retrieval , chapter 2 Taxonomy of Classic IR Models Set Theoretic Fuzzy Extended Boolean

837 views • 29 slides
Your Secrets Are Safe : How Browsers Explanations Impact Misconceptions About Private Browsing

Your Secrets Are Safe : How Browsers Explanations Impact Misconceptions About Private Browsing

Your Secrets Are Safe : How Browsers Explanations Impact Misconceptions About Private Browsing Mode Yuxi Wu, Panya Gupta, Miranda Wei, Yasemin Acar, Sascha Fahl, Blase Ur https://FancyWines.com 2 Yuxi Wu, Miranda Wei | Your Secrets Are

851 views • 51 slides
Performance Metrics for Web Browsing draft fan ippm web metrics 00 Peng Fan

Performance Metrics for Web Browsing draft fan ippm web metrics 00 Peng Fan

Performance Metrics for Web Browsing draft fan ippm web metrics 00 Peng Fan Motivation Web browsing is a basic internet service, with a large population of users and proportion of traffic Understanding web browsing

578 views • 10 slides
Models for Models for Retrieval and Browsing Retrieval and Browsing - Fuzzy Set, Extended

Models for Models for Retrieval and Browsing Retrieval and Browsing - Fuzzy Set, Extended

Models for Models for Retrieval and Browsing Retrieval and Browsing - Fuzzy Set, Extended Boolean, Generalized Vector Space Models Berlin Chen 2004 Reference: 1. Modern Information Retrieval . Chapter 2 Taxonomy of Classic IR Models Set

511 views • 30 slides
and Privacy Protection Xianyi Gao*, Yulong Yang*, Huiqing Fu*, Janne Lindqvist*, Yang Wang+

and Privacy Protection Xianyi Gao*, Yulong Yang*, Huiqing Fu*, Janne Lindqvist*, Yang Wang+

Private Browsing: an Inquiry on Usability and Privacy Protection Xianyi Gao*, Yulong Yang*, Huiqing Fu*, Janne Lindqvist*, Yang Wang+ *Rutgers University +Syracuse University Published in WPES 2014 What is private browsing? Introduced in

632 views • 21 slides
Secure Browsing and Email Web Browsing with HTTPS Secure Email with OpenPGP Organised by Steven

Secure Browsing and Email Web Browsing with HTTPS Secure Email with OpenPGP Organised by Steven

Free Technology Workshop Secure Browsing and Email Web Browsing with HTTPS Secure Email with OpenPGP Organised by Steven Gordon Room RS309 9am - 12noon Friday 27 June 2014 http://ict.siit.tu.ac.th/moodle/ Adresses Local copies of

667 views • 19 slides
Forced/forceful browsing sws2 1 Forced browsing (not in book!) Supplying a URL directly

Forced/forceful browsing sws2 1 Forced browsing (not in book!) Supplying a URL directly

Software and Web Security 2 Forced/forceful browsing sws2 1 Forced browsing (not in book!) Supplying a URL directly (forcing the URL) rather than by accessing it by following links from other pages Modify (numerical) value in known

1.16k views • 38 slides
Indentifying and Repairing Meniscus Root Tears Thomas Carter, MD Phoenix, AZ Meniscal Root

Indentifying and Repairing Meniscus Root Tears Thomas Carter, MD Phoenix, AZ Meniscal Root

Indentifying and Repairing Meniscus Root Tears Thomas Carter, MD Phoenix, AZ Meniscal Root Tears (MRT) tear within 1cm (typically radial) or avulsion of the meniscus insertion loss of circumferential hoop stress and significant

858 views • 24 slides
DAGs with NO TEARS Continuous Optimization for Structure Learning Xun Zheng Bryon Aragam

DAGs with NO TEARS Continuous Optimization for Structure Learning Xun Zheng Bryon Aragam

DAGs with NO TEARS Continuous Optimization for Structure Learning Xun Zheng Bryon Aragam Pradeep Ravikumar Eric Xing Machine Learning Department Carnegie Mellon University November 28, 2018 Xun Zheng (CMU) DAGs with NO TEARS November 28,

723 views • 11 slides
Web Browsing Topics Physical Exchange of Web Web Browsing 101 Technology Information

Web Browsing Topics Physical Exchange of Web Web Browsing 101 Technology Information

10/24/2011 Web Browsing Topics Physical Exchange of Web Web Browsing 101 Technology Information Browsers Web Evolution of Applications Technology NAGTRI Webinar Series NCJRL / NAAG NAGTRI Webinar Series NCJRL / NAAG Personal

267 views • 12 slides
Knee Arthritis and Meniscus Tears: An Evidence Based Approach Brian Feeley, MD Sports Medicine

Knee Arthritis and Meniscus Tears: An Evidence Based Approach Brian Feeley, MD Sports Medicine

Knee Arthritis and Meniscus Tears: An Evidence Based Approach Brian Feeley, MD Sports Medicine and Shoulder Surgery UC San Francisco Using Evidence to Guide Treatment of Degenerative Knee Conditions Degenerative Meniscus Tears Natural

338 views • 30 slides
Agenda CPSC 533C Information Visualization Project Update Motivation: Exploratory browsing?

Agenda CPSC 533C Information Visualization Project Update Motivation: Exploratory browsing?

Agenda CPSC 533C Information Visualization Project Update Motivation: Exploratory browsing? Exploratory Browsing in The ideal infovis solution: what should it be? Music Space Related work: displaying query-based results

473 views • 6 slides
From Final Goods to Inputs: the Cascade Effect of Preferential Rules of Origin Paola Conconi 1 , 2

From Final Goods to Inputs: the Cascade Effect of Preferential Rules of Origin Paola Conconi 1 , 2

From Final Goods to Inputs: the Cascade Effect of Preferential Rules of Origin Paola Conconi 1 , 2 a-Santana 1 Laura Puccio 1 , 3 Manuel Garc Roberto Venturini 1 1 ECARES, Universit e Libre de Bruxelles 2 CEPR and 3 European University

916 views • 57 slides
LARGE SCALE OPEN SOURCE DEVELOPMENT MODELS A COMPARATIVE ANALYSIS By Joe Gordon WHY Saw

LARGE SCALE OPEN SOURCE DEVELOPMENT MODELS A COMPARATIVE ANALYSIS By Joe Gordon WHY Saw

LARGE SCALE OPEN SOURCE DEVELOPMENT MODELS A COMPARATIVE ANALYSIS By Joe Gordon WHY Saw OpenStack grow from around 60 developers to over 2,100 developers Unusual development model But how do other projects solve the same problems? WHY IS

629 views • 34 slides
2021 LEARN TO SWIM GRANTS FOR SWIM LESSON PROVIDERS Overview Eligibility General

2021 LEARN TO SWIM GRANTS FOR SWIM LESSON PROVIDERS Overview Eligibility General

2021 LEARN TO SWIM GRANTS FOR SWIM LESSON PROVIDERS Overview Eligibility General Information Process Helpful Tips Questions? ELIGIBILITY Eligibility Requirements 1. Program must have an approved Swim Lesson Provider Network

415 views • 22 slides
Zenith Project By Kirsten Andrews Research 3 Research The internet: Reaching out to people:

Zenith Project By Kirsten Andrews Research 3 Research The internet: Reaching out to people:

Zenith Project By Kirsten Andrews Research 3 Research The internet: Reaching out to people: - Studio binder - Emailing producer - Film hierarchy - Production assistant 4 5 6 - Monday.com - Daily task list - Budget

698 views • 12 slides
Exam 2 Review Stephen Checkoway University of Illinois at Chicago CS 487 Fall 2017 Format

Exam 2 Review Stephen Checkoway University of Illinois at Chicago CS 487 Fall 2017 Format

Exam 2 Review Stephen Checkoway University of Illinois at Chicago CS 487 Fall 2017 Format Two parts - Part I: Fifty minutes, in-class Short answer questions Probably an attack problem - Part II: Ninety minutes, online

783 views • 29 slides
A complete certificate universal rigidity Bob Connelly and Shlomo Gortler Cornell University and

A complete certificate universal rigidity Bob Connelly and Shlomo Gortler Cornell University and

First Section A complete certificate universal rigidity Bob Connelly and Shlomo Gortler Cornell University and Harvard University connelly@math.cornell.edu and sjg@cs.harvard.edu Retrospective Workshop on Discrete Geometry, Optimization, and

648 views • 27 slides
EQANIE GOALS &amp; ACTIVITIES. THE EURO-INF QUALITY LABEL EDUARDO VENDRELL VIDAL EQANIE

EQANIE GOALS &amp; ACTIVITIES. THE EURO-INF QUALITY LABEL EDUARDO VENDRELL VIDAL EQANIE

EQANIE GOALS &amp; ACTIVITIES. THE EURO-INF QUALITY LABEL EDUARDO VENDRELL VIDAL EQANIE PRESIDENT ECSS 2016 - Oct, 2016. Budapest WHY ACCREDITATION? WHY INFORMATICS ACCREDITATION? THE EURO-INF QUALITY LABEL EUROPEAN

514 views • 36 slides
concerto : A Methodology Towards Reproducible Analyses of TLS Datasets Olivier Levillain, Maxence

concerto : A Methodology Towards Reproducible Analyses of TLS Datasets Olivier Levillain, Maxence

concerto : A Methodology Towards Reproducible Analyses of TLS Datasets Olivier Levillain, Maxence Tury and Nicolas Vivet ANSSI Real World Crypto January 6th 2017 Levillain, Tury, Vivet (ANSSI) concerto @ RWC 2017 2017-01-06 1 / 16 SSL/TLS

679 views • 30 slides

More recommend