Henry
Corrigan-
Gibbs

background

publications

talks

teaching

personal

Contact
  • my email address is henrycg at csail / mit / edu
  • Pronouns: he/him
Office Address
  • 32 Vassar Street
  • Room 32-G970
  • Cambridge, MA 02139
 

Stickler: Defending Against Malicious CDNs in an Unmodified Browser

Amit Levy, Henry Corrigan-Gibbs, and Dan Boneh

Web 2.0 Security and Privacy Workshop (W2SP)
May 21, 2015, San Jose, California

Invited to appear in IEEE Security and Privacy Magazine

Materials
  • Proceedings version: PDF (646 KB)
  • IEEE S&P Magazine Version: PDF (997 KB)
Abstract

Website publishers can derive enormous performance benefits and cost savings by directing traffic to their sites through content distribution networks (CDNs). However, publishers who use CDNs today must trust their CDN not to modify the site's JavaScript, CSS, images or other media en route to end users. A CDN that violates this trust could inject ads into websites, downsample media to save bandwidth or, worse, inject malicious JavaScript code to steal user secrets it could not otherwise access. We present Stickler, a system for website publishers that guarantees the end-to-end authenticity of content served to end users while simultaneously allowing publishers to reap the benefits of CDNs. Crucially, Stickler achieves these guarantees without requiring modifications to the browser.

 

MIT | CSAIL | Accessibility