CISPA
Browse

Accountable Javascript Code Delivery

Download (516.47 kB)
conference contribution
posted on 2023-11-29, 18:25 authored by Ilkan Esiyok, Pascal Berrang, Katriel Cohn-Gordon, Robert KünnemannRobert Künnemann
The Internet is a major distribution platform for web applications, but there are no effective transparency and audit mechanisms in place for the web. Due to the ephemeral nature of web applications, a client visiting a website has no guarantee that the code it receives today is the same as yesterday, or the same as other visitors receive. Despite advances in web security, it is thus challenging to audit web applications before they are rendered in the browser. We propose Accountable JS, a browser extension and opt-in protocol for accountable delivery of active content on a web page. We prototype our protocol, formally model its security properties with the TAMARIN Prover, and evaluate its compatibility and performance impact with case studies including WhatsApp Web, AdSense and Nimiq. Accountability is beginning to be deployed at scale, with Meta’s recent announcement of Code Verify available to all 2 billion WhatsApp users, but there has been little formal analysis of such protocols. We formally model Code Verify using the TAMARIN Prover and compare its properties to our Accountable JS protocol. We also compare Code Verify’s and Accountable JS extension’s performance impacts on WhatsApp Web.

History

Preferred Citation

Ilkan Esiyok, Pascal Berrang, Katriel Cohn-Gordon and Robert Künnemann. Accountable Javascript Code Delivery. In: Network and Distributed System Security Symposium (NDSS). 2023.

Primary Research Area

  • Algorithmic Foundations and Cryptography

Name of Conference

Network and Distributed System Security Symposium (NDSS)

Legacy Posted Date

2023-03-23

Open Access Type

  • Green

BibTeX

@inproceedings{cispa_all_3919, title = "Accountable Javascript Code Delivery", author = "Esiyok, Ilkan and Berrang, Pascal and Cohn-Gordon, Katriel and Künnemann, Robert", booktitle="{Network and Distributed System Security Symposium (NDSS)}", year="2023", }

Usage metrics

    Categories

    No categories selected

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC