TWC: Small: Emerging Attacks Against the Mobile Web and Novel Proxy Technologies for Their Containment
Nick Nikiforakis (Principal Investigator)
Nima Honarmand (Co-Principal Investigator)
Users entrust their mobile devices with sensitive data, including business emails, as well as health and financial information. Thus, mobile devices have become an increasingly popular target for attackers. Mobile devices house powerful browsers that are vulnerable to at least as many attacks as their desktop counterparts. Yet, the security of these mobile browsers is understudied by researchers, leading to a lack of current information about ongoing attacks and possible defenses. This project is gathering up-to-date information about potential attacks against mobile browsers, and developing defense systems that can safeguard a user while taking into account the intricacies of the mobile platform.
To help researchers better understand and prioritize protections for potential attacks against mobile browsers, the project is first developing an attack taxonomy that includes information about cornerstone vulnerabilities on which current and future attack vectors can rely. Second, the project is developing an automated vulnerability assessment framework to assist analysts in identifying which browsers are vulnerable to which attacks. Finally, the project is developing a protection proxy to allow cloud-based analysis of traffic to the resource-constrained mobile device, while avoiding proxying of privacy-sensitive activities. The information gained through this project will inform the research community of the vulnerabilities of the mobile web platform and help to prioritize future research efforts toward developing the most effective and performant defenses.