Web users suffer from security and privacy threats. According to Symantec, 430 million new unique pieces of malware have been discovered in 2015, and over half a billion personal records were stolen or lost in the same year. Defense mechanisms can be classified as reactive approach and proactive approach. Reactive approach is based on attacks that have happened or vulnerabilities that have been discovered. Signature-based detection systems or blacklist-based blocking system belong to this category. Reactive approach works well for known attacks, but it requires prior-knowledge, that is, it cannot respond to unknown vulnerabilities or attackers. My thesis focuses on protecting web users’ security and privacy using proactive approach. Generally, a proactive system should address the following two challenges: first, how to block the attacks when the enemy is unknown; second, how to strive a good balance between security/privacy and compatibility. In this these, I will introduce two of my projects CSPAutoGen and TrackingFree. The former protects web security, while the latter works in web privacy. Both systems adopt proactive approach and I will discuss how each of them addresses the above two challenges.

Last modified

• 04/09/2018

Creator

• Xiang Pan

DOI

• https://doi.org/10.21985/N2668G

Subject

• Computer Science

Keyword

• Web Tracking
• Web Security
• XSS
• Web Privacy
• Proactive System

Date created

• 2017-01-01

Resource type

• Dissertation

Rights statement

• In Copyright