Mystique - Uncovering Information Leakage from Browser Extensions
Offered By: Association for Computing Machinery (ACM) via YouTube
Course Description
Overview
Explore the privacy implications of browser extensions in this 23-minute conference talk. Uncover potential information leakage risks associated with third-party code execution in users' browsers. Learn about the Mystique approach to taint tracking, including challenges and solutions like V8, Data Flow Graph (DFG), and control-flow dependencies. Examine real-world examples, estimate true positive rates, and understand the impact on affected users. Gain insights into popular extensions like SimilarWeb and Web of Trust. Discover the limitations of the research and the open-source availability of Mystique for further investigation.
Syllabus
Intro
Browser Extensions
Motivating Example
Privacy Implications
Goals
Overview
Approach
Taint Tracking: Challenges
Addressing the Challenges: V8
Data Flow Graph (DFG)
Control-Flow Dependencies
Implicit Data Flows
Completing the Example
Taint Propagation Points
Estimating True Positive Rates
Number of Affected Users
The SimilarWeb Library
Web of Trust
Limitations
Open-sourcing Mystique
Conclusion
Taught by
Association for Computing Machinery (ACM)
Related Courses
Software as a ServiceUniversity of California, Berkeley via Coursera Software Testing
University of Utah via Udacity The Hardware/Software Interface
University of Washington via Coursera Software Debugging
Saarland University via Udacity Introduction to Systematic Program Design - Part 1
The University of British Columbia via Coursera