offense presentation for adjail
Download
Skip this Video
Download Presentation
Offense Presentation for AdJail

Loading in 2 Seconds...

play fullscreen
1 / 9

Offense Presentation for AdJail - PowerPoint PPT Presentation


  • 57 Views
  • Uploaded on

Offense Presentation for AdJail. Stephen Duraski and Allen Zeng. Motivation for Implementation?. A class of rogue ads, those that involve social engineering, depend on the content of the ads.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Offense Presentation for AdJail' - ayame


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
offense presentation for adjail

Offense Presentation for AdJail

Stephen Duraski and Allen Zeng

motivation for implementation
Motivation for Implementation?
  • A class of rogue ads, those that involve social engineering, depend on the content of the ads.
  • Content such as fake anti-virus scanners etc, are not actually prevented by this system, which has no controls on the content of the ad.
  • The New York Times example
difficulty for each publisher to implement
Difficulty for each publisher to implement
  • This system requires a significant rewrite for the ad portion of a publisher\'s page.
  • Is the time spent on the implementation worth it since any mistakes would threaten the publishers ability to make money from their site.
rendering a shadow page for each ad
Rendering a shadow page for each ad?
  • Every ad will need a separate shadow page with a unique URI, this increases complexity and difficulty of maintaining a site.
  • Sites often use multiple ad networks simultaneously, AdJail would require potentially managing a large number of extra domains for proper use of the Same-Origin Policy
overhead time
Overhead Time
  • Paper states that rendering time is increased by 1.69%
    • NOT an insignificant amount of time
    • ~400ms to ~700ms for Google Ads
  • Advertisers will not appreciate their ads being rendered slowly, and may react negatively
  • Amazon loses 1% of sales for every 100ms delay:
    • http://www.exp-platform.com/Documents/IEEEComputer2007OnlineExperiments.pdf
  • Google: “Experiments demonstrate that increasing web search latency 100 to 400 ms reduces the daily number of searches per user by 0.2% to 0.6%.”
    • http://services.google.com/fh/files/blogs/google_delayexp.pdf
  • Google revenue dropped 20% in an experiment that slowed the page down by 0.5 seconds
    • http://glinden.blogspot.com/2006/11/marissa-mayer-at-web-20.html
usability and scalability issues
Usability and Scalability Issues
  • Currently uses Regular Expressions for textual transformation
  • Cannot possibly do this for the hundreds of existing Ad Networks
    • Will ultimately work for some but fail for most
real shadow page communication
Real - Shadow Page Communication
  • "To facilitate voluntary communication between the two pages, we leverage the window.postMessage() browser API. postMessage() is an inter-origin frame communication mechanism that enables two collaborating frames to share data in a controlled way, even when SOP is in effect"
  • What prevents the ads from using the same API call to send its own data?
what happens with bad ads
What happens with bad ads?
  • Ad contains code with "unallowed" javascript code
    • Gets rendered on Shadow Page - is anything communicated to the Ad Network / User that content was blocked?
  • Does ad network get charged?
    • Unclear in paper
evaluation issues
Evaluation Issues
  • What test pages were used?
    • No examples given
  • Parameters of tests were modified for each Ad Network such that it would work
ad