Stickler: Defending against Malicious Content Distribution Networks in an Unmodified Browser

Amit Levy, Henry Corrigan-Gibbs, Dan Boneh

Research output: Contribution to journalArticlepeer-review

12 Scopus citations

Abstract

Website publishers can derive enormous performance benefits and cost savings by directing traffic to their sites through content distribution networks (CDNs). However, publishers who use CDNs must trust they won't modify the site's JavaScript, CSS, images, or other media en route to end users. A CDN that violates this trust could inject ads into websites, downsample media to save bandwidth, or, worse, inject malicious JavaScript code to steal user secrets it couldn't otherwise access. The authors present Stickler, a system for website publishers that guarantees the end-to-end authenticity of content served to users that simultaneously lets publishers reap the benefits of CDNs. Crucially, Stickler achieves these guarantees without requiring modifications to the browser.

Original languageEnglish (US)
Article number7448352
Pages (from-to)22-28
Number of pages7
JournalIEEE Security and Privacy
Volume14
Issue number2
DOIs
StatePublished - Mar 1 2016
Externally publishedYes

All Science Journal Classification (ASJC) codes

  • Computer Networks and Communications
  • Electrical and Electronic Engineering
  • Law

Keywords

  • Browsers
  • Computer security
  • Content distribution networks
  • Cryptography
  • Malware
  • Privacy
  • Servers

Fingerprint

Dive into the research topics of 'Stickler: Defending against Malicious Content Distribution Networks in an Unmodified Browser'. Together they form a unique fingerprint.

Cite this