TY - GEN
T1 - Oblique
T2 - 18th USENIX Symposium on Networked Systems Design and Implementation, NSDI 2021
AU - Ko, Ronny
AU - Mickens, James
AU - Loring, Blake
AU - Netravali, Ravi
N1 - Publisher Copyright:
© 2021 by The USENIX Association.
PY - 2021
Y1 - 2021
N2 - Mobile devices are often stuck behind high-latency links. Unfortunately for mobile browsers, latency (not bandwidth) is often the key influence on page load time. Proxy-based web accelerators hide last-mile latency by analyzing a page's content, and informing clients about useful objects to prefetch. However, most accelerators require content providers to divulge cleartext HTTPS data to third-party analysis servers. Acceleration systems can be installed on first-party web servers, avoiding the violation of end-to-end TLS security; however, due to the administrative overhead (and additional VM costs) associated with running an accelerator, many first-party content providers would prefer to outsource the acceleration work-if outsourcing could be secure. In this paper, we introduce Oblique, a third-party web accelerator which enables secure outsourcing of page analysis. Oblique symbolically executes the client-side of a page load, generating a prefetch list of symbolic URLs. Each symbolic URL describes a URL that a client browser should fetch, given user-specific values for cookies, the User-Agent string, and other sensitive variables. Those sensitive values are never revealed to Oblique's analysis server. Instead, during a real page load, the user's browser concretizes URLs by reading sensitive local state; the browser can then prefetch the associated objects. Experiments involving real sites demonstrate that Oblique preserves TLS integrity while providing faster page loads than state-of-the-art accelerators. For popular sites, Oblique is also financially cheaper in terms of VM costs.
AB - Mobile devices are often stuck behind high-latency links. Unfortunately for mobile browsers, latency (not bandwidth) is often the key influence on page load time. Proxy-based web accelerators hide last-mile latency by analyzing a page's content, and informing clients about useful objects to prefetch. However, most accelerators require content providers to divulge cleartext HTTPS data to third-party analysis servers. Acceleration systems can be installed on first-party web servers, avoiding the violation of end-to-end TLS security; however, due to the administrative overhead (and additional VM costs) associated with running an accelerator, many first-party content providers would prefer to outsource the acceleration work-if outsourcing could be secure. In this paper, we introduce Oblique, a third-party web accelerator which enables secure outsourcing of page analysis. Oblique symbolically executes the client-side of a page load, generating a prefetch list of symbolic URLs. Each symbolic URL describes a URL that a client browser should fetch, given user-specific values for cookies, the User-Agent string, and other sensitive variables. Those sensitive values are never revealed to Oblique's analysis server. Instead, during a real page load, the user's browser concretizes URLs by reading sensitive local state; the browser can then prefetch the associated objects. Experiments involving real sites demonstrate that Oblique preserves TLS integrity while providing faster page loads than state-of-the-art accelerators. For popular sites, Oblique is also financially cheaper in terms of VM costs.
UR - http://www.scopus.com/inward/record.url?scp=85106159238&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85106159238&partnerID=8YFLogxK
M3 - Conference contribution
AN - SCOPUS:85106159238
T3 - Proceedings of the 18th USENIX Symposium on Networked Systems Design and Implementation, NSDI 2021
SP - 289
EP - 302
BT - Proceedings of the 18th USENIX Symposium on Networked Systems Design and Implementation, NSDI 2021
PB - USENIX Association
Y2 - 12 April 2021 through 14 April 2021
ER -