Preventing data leakage in web services
DownloadFull printable version (8.433Mb)
Other Contributors
Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science.
Advisor
Nickolai Zeldovich and James Mickens.
Terms of use
Metadata
Show full item recordAbstract
Web services like Google, Facebook, and Dropbox are a regular part of users' lives. However, using these applications can cause sensitive data leakage both on the server and client. On the server-side, applications collect and analyze sensitive user data to monetize it. Consequently, this sensitive data can leak through data breaches or can be accessed by malicious service providers. On the client, when a user accesses a web service through the browser, sensitive user information may leak outside of the browser, e.g., to DNS interfaces or the swap space. An attacker who accesses the user device after a session has terminated can view this information. This dissertation presents two practical, secure systems, Veil and Splinter, that prevent some of this data leakage. Veil minimizes client-side information leakage from the browser by allowing web application developers to enforce stronger private browsing semantics without browser support. Splinter allows the server to properly respond to a user query without the server learning any sensitive information present in the query.
Description
Thesis: Ph. D., Massachusetts Institute of Technology, Department of Electrical Engineering and Computer Science, 2018. Cataloged from PDF version of thesis. Includes bibliographical references (pages 77-86).
Date issued
2018Department
Massachusetts Institute of Technology. Department of Electrical Engineering and Computer SciencePublisher
Massachusetts Institute of Technology
Keywords
Electrical Engineering and Computer Science.