Preserving Privacy Against Side-Channel Leaks - From Data Publishing to Web Applications

-Oct. 2020 1039-1050 The Overhead from Combating Side-Channels in Cloud Systems Using VM-Scheduling. ... -Dec. 2020 1333-1344 Computability The Overhead from Combating Side-Channels in Cloud Systems Using VM-Scheduling. ... Sensitivity Analysis for Non-Interactive Differential Privacy: Bounds and Efficient Algorithms. Inan, A., +, TDSC Jan.-Feb. 2020 194-207 ...

doi:10.1109/tdsc.2020.3038615 fatcat:vzqqhgq3rrda3atviwpz65ch5e

The encrypted traffic of many popular Web applications may actually disclose highly sensitive data due to the side channel attack, and consequently lead to serious breaches of user privacy. ... In the proposed system a similarity has been identified between the privacy preserving traffic padding (PPTP) issue and well studied problem privacy preserving data publishing (PPDP). ... well studied hard question, namely, privacy preserving data publishing (PPDP) . ...

doi:10.15623/ijret.2015.0408027 fatcat:4l2kffhjdffxleavktuwakg6ly

Open Access

To help users protect their privacy, we have designed and implemented Private Web Search (PWS), a usable client-side tool that minimizes the information that users reveal to a search engine. ... Our tool protects users against attacks that involve active components and timing information, to which more general Web-browsing privacy tools (including the combination of FoxTor and Privoxy) are vulnerable ... Solutions to privacy-preserving data publishing therefore suggest solutions to private web search. ...

doi:10.1145/1314333.1314351 dblp:conf/wpes/Saint-JeanJBF07 fatcat:3gv7cmctu5g25fz2gqn2hsupkq

Then, we conduct a comprehensive survey of the most relevant privacy mechanisms, and classify and compare them on the basis of their privacy guarantees and impact on the Web. ... Online advertising, the pillar of the "free" content on the Web, has revolutionized the marketing business in recent years by creating a myriad of new opportunities for advertisers to reach potential customers ... ACKNOWLEDGMENT We would also like to thank the anonymous reviewers for their immensely helpful suggestions to improve the readability and contents of this paper. ...

doi:10.1016/j.comcom.2016.12.016 fatcat:qkct7qifnnahxd4tvlau3e6wiy

We show that despite encryption, such a side-channel information leak is a realistic and serious threat to user privacy. ... Therefore, effective defense against the side-channel leaks is a future research topic with strong practical relevance. ... Rob Oikawa, Jim Oker and Yi-Min Wang spent significant efforts helping resolve the issues related to publishing this research. We also thank anonymous reviewers for valuable comments. ...

doi:10.1109/sp.2010.20 dblp:conf/sp/ChenWWZ10 fatcat:5eh7kc6rrrhvnivnwqkzuihz4m

Preservation of user privacy is however essential for successful deployment of such a system. ... MobiAd would perform a range of data mining tasks in order to maintain an interest profile on the user's phone, and use the infrastructure network to download and display relevant ads and reports the clicks ... Acknowledgment We wish to acknowledge Tristan Henderson, Joss Wright and anonymous reviewers for constructive feedback on the security and privacy strategies. ...

doi:10.1145/1859983.1859993 fatcat:hflvlbmhazf2lavrhcn3u7qqgi

Therefore, we designed a lightweight obfuscation and encryption model to defend against honest-but-curious behavior attack. ... We propose a protocol for privacy-preserving P2P information sharing for mobile social networking; because of the limitation of computation and communication for mobile devices, traditional privacy-preserving ... From the applications on mobile social networking, we have found that Privacy-preserving peer-to-peer information sharing protocol is significant for mobile social networking users. ...

doi:10.7763/ijcce.2013.v2.200 fatcat:2celxzvcorbm3f3h33f6vemsny

In particular, recent research revealed that many high profile Web applications might cause sensitive user inputs to be leaked from encrypted traffic due to side-channel attacks exploiting unique patterns ... In this paper, we first observe an interesting similarity between this privacy-preserving traffic padding (PPTP) issue and another well studied problem, privacy-preserving data publishing (PPDP). ... Privacy Preservation in Web Applications: The privacy preserving issue has received significant attentions in various domains, such as, data publishing and data mining [15] [34] , network [5] [ ...

doi:10.1109/tdsc.2014.2302308 fatcat:z4vnkpqiufamjcjqnp36puz5sm

The seminar brought 44 web security researchers together, coming from companies and research institutions across Europe and the US. ... This report documents the program and the outcomes of Dagstuhl Seminar 12401 "Web Application Security". ... Google Web Toolkit (GWT). ...

doi:10.4230/dagrep.2.10.1 dblp:journals/dagstuhl-reports/DesmetJLS12 fatcat:qkke5ohg6fcblf5prpes3a4znm

This study investigates how to continuously release privacy-preserving histograms (or distributions) from online streams of sensitive data by combining DP and semantic web technologies. ... This study investigates how to continuously release privacy-preserving histograms (or distributions) from online streams of sensitive data by combining DP and semantic web technologies. ... This study investigates how to continuously publish data extracted from private data streams containing user-related information to the web of data in a privacy-preserving manner. ...

doi:10.1145/3366423.3380265 dblp:conf/www/DellAglioB20 fatcat:62dylyzztfaotp4xdf45wqo7h4

Today there is a constant battle between privacy advocates and advertisers, where advertisers try to push new personalization technologies, and privacy advocates try to stop them. ... As long as privacy advocates, however, are unable to propose an alternative personalization system that is private, this is a battle they are destined to lose. ... They suggest the separation of profile managers from user by use of anonymous networks and web proxies. The profile management side can be done at the user end. ...

doi:10.1007/978-3-642-04280-5_14 fatcat:uqstvvk4irbutgckw455gykyqy

In particular, recent research revealed that many high profile Web applications might cause private user information to leak from encrypted traffic due to side-channel attacks exploiting packet sizes and ... While web-based applications are becoming increasingly ubiquitous, they also present new security and privacy challenges. ... side-channel leaks. ...

doi:10.1007/978-3-642-31680-7_5 fatcat:x4vwapxotfh2rdcc7qxffqkos4

Preservation of user privacy, however, is essential for successful deployment of such a system. ... In this chapter we provide an overview of existing advertising systems and privacy concerns on mobile phones, in addition to a system, MobiAd, which includes protocols for scalable local advertisement ... This information is in essence an aggregation of information from the user's web history, application caches and keyword extractions from activities on social networks and email. ...

doi:10.1007/978-0-85729-352-7_6 dblp:series/hci/HaddadiHHB11 fatcat:65pjhgm2gjgpfnqhs2aquzedqu

Other approaches provide full privacy by moving all data and processing logic to clients – but which is prohibitively expensive for both clients and servers. ... In order to preserve the possibility of an Internet that is free at the point of use, attention is turning to new solutions that would allow targeted advertisement delivery based on behavioral information ... Such systems preserve privacy since the user does not leak to third parties any information as to which content it is requesting from the database. ...

arXiv:2109.08189v1 fatcat:2oynhqqqyvbbhiizgvqw4xjefa

More precisely, we show that an attacker can use seemingly benign features to build side channel attacks that measure and exfiltrate almost arbitrary data displayed on a given website. ... Through several case studies, we introduce the so called scriptless attacks and demonstrate that an adversary might not need to execute code to preserve his ability to extract sensitive information from ... By keeping the browser from contacting URLs that do not belong to the domain of the web application, this tool prevents an adversary from leaking sensitive data to his server. ...

doi:10.1145/2382196.2382276 dblp:conf/ccs/HeiderichNSHS12 fatcat:qf27r473mvdtxakegcujj6w6cm

2020 Index IEEE Transactions on Dependable and Secure Computing Vol. 17

Preserved Fulltext

SECURING WEB-BASED APPLICATIONS WITH PRIVACY PRESERVING TRAFFIC PADDING

Preserved Fulltext

Private web search

Preserved Fulltext

Online advertising: Analysis of privacy threats and protection approaches

Preserved Fulltext

Side-Channel Leaks in Web Applications: A Reality Today, a Challenge Tomorrow

Preserved Fulltext

MobiAd

Preserved Fulltext

Privacy-Preserving P2P Information Sharing Protocol for Mobile Social Networks

Preserved Fulltext

PPTP: Privacy-Preserving Traffic Padding in Web-Based Applications

Preserved Fulltext

Web Application Security (Dagstuhl Seminar 12401)

Preserved Fulltext

Differentially Private Stream Processing for the Semantic Web

Preserved Fulltext

Not All Adware Is Badware: Towards Privacy-Aware Advertising [chapter]

Preserved Fulltext

k-Indistinguishable Traffic Padding in Web Applications [chapter]

Preserved Fulltext

Targeted Advertising on the Handset: Privacy and Security Challenges [chapter]

Preserved Fulltext

PrivateFetch: Scalable Catalog Delivery in Privacy-Preserving Advertising [article]

Preserved Fulltext

Scriptless attacks

Preserved Fulltext