Tool takes aim at ad attacks

ADJAIL tool helps prevent security problems with ad networks

WASHINGTON, DC --Web advertisements are one of the more pesky ways malicious  hackers have been using to steal all manner of private information or deliver other sorts of malware. One of the worst examples of this activity was last year's New York Times.com attack ad

Due to the dangers of rogue ads, publishers are in great need of an active, technological approach to protect themselves and end users accessing those ads, said Mike Ter Louw of the University of Illinois at Chicago, Department of Computer Science at the Usenix Security Symposium this week. Web publishers frequently integrate third-party advertisements into web pages that also contain sensitive publisher data and end-user personal data. This practice exposes sensitive page content to confidentiality and integrity attacks launched by advertisements, he said. 

Is ubiquitous encryption technology on the horizon? 

University of Illinois researchers are proposing a new tool, known as ADJAIL, that lets publishers protect end users with a mechanism Ter Louw said separates the ad script to a logically hidden area where the tool then evaluates it and enforces policies.

"Our enforcement strategy starts by fetching and executing ads in a hidden "sandbox" environment in the user's browser, thus shielding the end user and web application from many harmful effects.  In order to preserve the user experience, all ad user interface elements are then extracted from the sandbox and communicated back to the original page environment, as permitted by the publisher's policy. This step lets the user see and interact with the ad as if no interposition happened. All user actions are communicated back to the sandbox, thus completing a two-way message conduit for synchronization," researchers stated in their paper on ADJAIL.

Ter Louw said ADJAIL doesn't impact the all important number of ad clicks and impression counts and works with most major ad networks such as AdBrite, Clicksor, Federated Media, Google, Microsoft and Yahoo!  The prototype is designed to be compatible with several mainstream browsers including Google Chrome, Firefox,Internet Explorer 8, Safari and Opera. It is not compatible with IE 7.x or below. 

A key benefit of ADJAIL is compatibility with the existing web usage models, requiring no changes to ad networks or browsers employed by end users. Our approach offers publishers a promising near term solution until web standards support for confinement of advertisements evolves to offer solutions agreeable to all parties, the researchers stated.

 Follow Michael Cooney on Twitter: nwwlayer8  

Layer 8 Extra

Check out these other hot stories:

NASA universe-watching satellite losing its cool

Group wants to protect privacy as electronic toll systems grow

Do we need a Federal law for electronics recycling?

NASA's head techie seeks brightest systems engineers of the future

FTC busts domain name scammers

NASA wants small robots to land on the Moon

NASA goes after lighting storms on Earth

Who really sets global cybersecurity standards?

Sun storm promises Northern light show extravaganza

NASA, ESA, pick key Mars joint mission instruments

Researchers touts glass invisibility cloak

X Prize opens $1.4M competition for technology to rapidly clean up oil spills

US military wants to protect social media privacy

FBI details worst social networking cyber crime problems

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Take IDG’s 2020 IT Salary Survey: You’ll provide important data and have a chance to win $500.