Mystique - Uncovering Information Leakage from Browser Extensions
Offered By: Association for Computing Machinery (ACM) via YouTube
Course Description
Overview
Explore the privacy implications of browser extensions in this 23-minute conference talk. Uncover potential information leakage risks associated with third-party code execution in users' browsers. Learn about the Mystique approach to taint tracking, including challenges and solutions like V8, Data Flow Graph (DFG), and control-flow dependencies. Examine real-world examples, estimate true positive rates, and understand the impact on affected users. Gain insights into popular extensions like SimilarWeb and Web of Trust. Discover the limitations of the research and the open-source availability of Mystique for further investigation.
Syllabus
Intro
Browser Extensions
Motivating Example
Privacy Implications
Goals
Overview
Approach
Taint Tracking: Challenges
Addressing the Challenges: V8
Data Flow Graph (DFG)
Control-Flow Dependencies
Implicit Data Flows
Completing the Example
Taint Propagation Points
Estimating True Positive Rates
Number of Affected Users
The SimilarWeb Library
Web of Trust
Limitations
Open-sourcing Mystique
Conclusion
Taught by
Association for Computing Machinery (ACM)
Related Courses
Introduction to Cyber SecurityUttarakhand Open University, Haldwani via Swayam The Complete Cyber Security Course : Network Security!
Udemy The Beginners 2024 Cyber Security Awareness Training Course
Udemy Modern Browser Security Reports
Pluralsight JavaScript Security Part 1
Infosec via Coursera