![Page 1: UCognito: Private Browsing without Tears Present by Zhang He Meng Xu, Yeongjin Jang, Xinyu Xing, Taesoo Kim, and Wenke Lee](https://reader036.vdocuments.net/reader036/viewer/2022062408/56649e9e5503460f94ba094c/html5/thumbnails/1.jpg)
UCognito: Private Browsing without Tears
Present by Zhang He
Meng Xu, Yeongjin Jang, Xinyu Xing, Taesoo Kim, and Wenke Lee
![Page 2: UCognito: Private Browsing without Tears Present by Zhang He Meng Xu, Yeongjin Jang, Xinyu Xing, Taesoo Kim, and Wenke Lee](https://reader036.vdocuments.net/reader036/viewer/2022062408/56649e9e5503460f94ba094c/html5/thumbnails/2.jpg)
Privacy
Browser
Keywords
![Page 3: UCognito: Private Browsing without Tears Present by Zhang He Meng Xu, Yeongjin Jang, Xinyu Xing, Taesoo Kim, and Wenke Lee](https://reader036.vdocuments.net/reader036/viewer/2022062408/56649e9e5503460f94ba094c/html5/thumbnails/3.jpg)
Private Browsing
![Page 4: UCognito: Private Browsing without Tears Present by Zhang He Meng Xu, Yeongjin Jang, Xinyu Xing, Taesoo Kim, and Wenke Lee](https://reader036.vdocuments.net/reader036/viewer/2022062408/56649e9e5503460f94ba094c/html5/thumbnails/4.jpg)
Privacy Goals
Stealthiness: should not be stored
Freshness: persistent data should not be used
![Page 5: UCognito: Private Browsing without Tears Present by Zhang He Meng Xu, Yeongjin Jang, Xinyu Xing, Taesoo Kim, and Wenke Lee](https://reader036.vdocuments.net/reader036/viewer/2022062408/56649e9e5503460f94ba094c/html5/thumbnails/5.jpg)
• Research Problem• Motivation• Major research• Uverifier• Ucognito
• Evaluation• Conclusion• Quiz
Overview
![Page 6: UCognito: Private Browsing without Tears Present by Zhang He Meng Xu, Yeongjin Jang, Xinyu Xing, Taesoo Kim, and Wenke Lee](https://reader036.vdocuments.net/reader036/viewer/2022062408/56649e9e5503460f94ba094c/html5/thumbnails/6.jpg)
Chrome and FireFox
How do they support the private browsing?
![Page 7: UCognito: Private Browsing without Tears Present by Zhang He Meng Xu, Yeongjin Jang, Xinyu Xing, Taesoo Kim, and Wenke Lee](https://reader036.vdocuments.net/reader036/viewer/2022062408/56649e9e5503460f94ba094c/html5/thumbnails/7.jpg)
Complexity to implement
![Page 8: UCognito: Private Browsing without Tears Present by Zhang He Meng Xu, Yeongjin Jang, Xinyu Xing, Taesoo Kim, and Wenke Lee](https://reader036.vdocuments.net/reader036/viewer/2022062408/56649e9e5503460f94ba094c/html5/thumbnails/8.jpg)
Limitation
Each add-on has to take a special care on private modeThis amount of complexity results in many privacy issues in popular add-on.
![Page 9: UCognito: Private Browsing without Tears Present by Zhang He Meng Xu, Yeongjin Jang, Xinyu Xing, Taesoo Kim, and Wenke Lee](https://reader036.vdocuments.net/reader036/viewer/2022062408/56649e9e5503460f94ba094c/html5/thumbnails/9.jpg)
Bug report samples related to private mode implementation in Firefox and Chrome.
![Page 10: UCognito: Private Browsing without Tears Present by Zhang He Meng Xu, Yeongjin Jang, Xinyu Xing, Taesoo Kim, and Wenke Lee](https://reader036.vdocuments.net/reader036/viewer/2022062408/56649e9e5503460f94ba094c/html5/thumbnails/10.jpg)
FireFox: takes the approach of manual app re-view
Chrome:
Caveat Interface for Add-on
![Page 11: UCognito: Private Browsing without Tears Present by Zhang He Meng Xu, Yeongjin Jang, Xinyu Xing, Taesoo Kim, and Wenke Lee](https://reader036.vdocuments.net/reader036/viewer/2022062408/56649e9e5503460f94ba094c/html5/thumbnails/11.jpg)
Testing private browsing
Goal: employ a systematic way to identify and support the features/components that persist data during a browsing session
Environment:feasible with a small code base and in a slow development cycle
![Page 12: UCognito: Private Browsing without Tears Present by Zhang He Meng Xu, Yeongjin Jang, Xinyu Xing, Taesoo Kim, and Wenke Lee](https://reader036.vdocuments.net/reader036/viewer/2022062408/56649e9e5503460f94ba094c/html5/thumbnails/12.jpg)
• Research Problem• Existing Problem and Motivation• Major research• Uverifier• Ucognito
• Evaluation• Conclusion• Quiz
Overview
![Page 13: UCognito: Private Browsing without Tears Present by Zhang He Meng Xu, Yeongjin Jang, Xinyu Xing, Taesoo Kim, and Wenke Lee](https://reader036.vdocuments.net/reader036/viewer/2022062408/56649e9e5503460f94ba094c/html5/thumbnails/13.jpg)
Uverifier: Privacy Violation Detector
Three major components:• a script-based driver that drives a browsing session• a system call tracer• an analyzer
Test:• To test stealthiness goal, we run one private session (A) only.• To test freshness goal, we run one public session (A) and one private session (B) consecutively.
![Page 14: UCognito: Private Browsing without Tears Present by Zhang He Meng Xu, Yeongjin Jang, Xinyu Xing, Taesoo Kim, and Wenke Lee](https://reader036.vdocuments.net/reader036/viewer/2022062408/56649e9e5503460f94ba094c/html5/thumbnails/14.jpg)
Privacy Violations
OCSP cache
PNaCl translation cache
Nvidia’s OpenGL cache
![Page 15: UCognito: Private Browsing without Tears Present by Zhang He Meng Xu, Yeongjin Jang, Xinyu Xing, Taesoo Kim, and Wenke Lee](https://reader036.vdocuments.net/reader036/viewer/2022062408/56649e9e5503460f94ba094c/html5/thumbnails/15.jpg)
Ucognito
Filesystem sandboxing
Policy system kicks in at two points
![Page 16: UCognito: Private Browsing without Tears Present by Zhang He Meng Xu, Yeongjin Jang, Xinyu Xing, Taesoo Kim, and Wenke Lee](https://reader036.vdocuments.net/reader036/viewer/2022062408/56649e9e5503460f94ba094c/html5/thumbnails/16.jpg)
Policy System
• CLEAN: create an empty file to prevent file-copying from the original user profile to the private profile
• COPY: copy a file or sub-directory to the private profile from existing user profile, to employ existing settings
• WRITE: allow data to be written back to the user profile after the session closes
![Page 17: UCognito: Private Browsing without Tears Present by Zhang He Meng Xu, Yeongjin Jang, Xinyu Xing, Taesoo Kim, and Wenke Lee](https://reader036.vdocuments.net/reader036/viewer/2022062408/56649e9e5503460f94ba094c/html5/thumbnails/17.jpg)
![Page 18: UCognito: Private Browsing without Tears Present by Zhang He Meng Xu, Yeongjin Jang, Xinyu Xing, Taesoo Kim, and Wenke Lee](https://reader036.vdocuments.net/reader036/viewer/2022062408/56649e9e5503460f94ba094c/html5/thumbnails/18.jpg)
IMPLEMENTATION
Sandboxing Layer
• System call hooking:Placed hooks on 50 system calls
• Containing file access:rewrite the path argument on each system call entrance
first argument (path) is on /home/user/.config
rewrite the path to/tmp/ucognito-pid/home/user/.config
![Page 19: UCognito: Private Browsing without Tears Present by Zhang He Meng Xu, Yeongjin Jang, Xinyu Xing, Taesoo Kim, and Wenke Lee](https://reader036.vdocuments.net/reader036/viewer/2022062408/56649e9e5503460f94ba094c/html5/thumbnails/19.jpg)
UI Layer
![Page 20: UCognito: Private Browsing without Tears Present by Zhang He Meng Xu, Yeongjin Jang, Xinyu Xing, Taesoo Kim, and Wenke Lee](https://reader036.vdocuments.net/reader036/viewer/2022062408/56649e9e5503460f94ba094c/html5/thumbnails/20.jpg)
Launching a Private Mode
1. Initialization phase2. Browser starting phase3. Browsing phase4. Cleaning phase
Example: Google Chrome web browser
Whole procedure:
![Page 21: UCognito: Private Browsing without Tears Present by Zhang He Meng Xu, Yeongjin Jang, Xinyu Xing, Taesoo Kim, and Wenke Lee](https://reader036.vdocuments.net/reader036/viewer/2022062408/56649e9e5503460f94ba094c/html5/thumbnails/21.jpg)
• Research Problem• Motivation• Major research• Uverifier• Ucognito
• Evaluation• Conclusion• Quiz
Overview
![Page 22: UCognito: Private Browsing without Tears Present by Zhang He Meng Xu, Yeongjin Jang, Xinyu Xing, Taesoo Kim, and Wenke Lee](https://reader036.vdocuments.net/reader036/viewer/2022062408/56649e9e5503460f94ba094c/html5/thumbnails/22.jpg)
Evaluation
1. What are the use cases for UCOGNITO?
2. How flexible and general is UCOGNITO’s policy in implementing private browsing schemes of popular browsers?
3. How much is the performance overheads?
![Page 23: UCognito: Private Browsing without Tears Present by Zhang He Meng Xu, Yeongjin Jang, Xinyu Xing, Taesoo Kim, and Wenke Lee](https://reader036.vdocuments.net/reader036/viewer/2022062408/56649e9e5503460f94ba094c/html5/thumbnails/23.jpg)
Preventing Privacy Violations
OCSP cache
PNaCl translation cache
Nvidia’s OpenGL cache
UCOGNITO is able to mitigate all these privacy violation cases
![Page 24: UCognito: Private Browsing without Tears Present by Zhang He Meng Xu, Yeongjin Jang, Xinyu Xing, Taesoo Kim, and Wenke Lee](https://reader036.vdocuments.net/reader036/viewer/2022062408/56649e9e5503460f94ba094c/html5/thumbnails/24.jpg)
Supporting Add-ons
![Page 25: UCognito: Private Browsing without Tears Present by Zhang He Meng Xu, Yeongjin Jang, Xinyu Xing, Taesoo Kim, and Wenke Lee](https://reader036.vdocuments.net/reader036/viewer/2022062408/56649e9e5503460f94ba094c/html5/thumbnails/25.jpg)
Policy Flexibility
![Page 26: UCognito: Private Browsing without Tears Present by Zhang He Meng Xu, Yeongjin Jang, Xinyu Xing, Taesoo Kim, and Wenke Lee](https://reader036.vdocuments.net/reader036/viewer/2022062408/56649e9e5503460f94ba094c/html5/thumbnails/26.jpg)
Browsing Performance
![Page 27: UCognito: Private Browsing without Tears Present by Zhang He Meng Xu, Yeongjin Jang, Xinyu Xing, Taesoo Kim, and Wenke Lee](https://reader036.vdocuments.net/reader036/viewer/2022062408/56649e9e5503460f94ba094c/html5/thumbnails/27.jpg)
![Page 28: UCognito: Private Browsing without Tears Present by Zhang He Meng Xu, Yeongjin Jang, Xinyu Xing, Taesoo Kim, and Wenke Lee](https://reader036.vdocuments.net/reader036/viewer/2022062408/56649e9e5503460f94ba094c/html5/thumbnails/28.jpg)
• Research Problem• Motivation• Major research• Uverifier• Ucognito
• Evaluation• Conclusion• Quiz
Overview
![Page 29: UCognito: Private Browsing without Tears Present by Zhang He Meng Xu, Yeongjin Jang, Xinyu Xing, Taesoo Kim, and Wenke Lee](https://reader036.vdocuments.net/reader036/viewer/2022062408/56649e9e5503460f94ba094c/html5/thumbnails/29.jpg)
CONCLUSION
• Problem:Private browsing is not implemented consistently and correctly in major browsers
• Contribution:UverifierUcognito
Stop all known privacy leaksOverhead (1-2.5%)
• Limitation:Only applied to Chrome and FireFox
![Page 30: UCognito: Private Browsing without Tears Present by Zhang He Meng Xu, Yeongjin Jang, Xinyu Xing, Taesoo Kim, and Wenke Lee](https://reader036.vdocuments.net/reader036/viewer/2022062408/56649e9e5503460f94ba094c/html5/thumbnails/30.jpg)
• Research Problem• Motivation• Major research• Uverifier• Ucognito
• Evaluation• Conclusion• Quiz
Overview
![Page 31: UCognito: Private Browsing without Tears Present by Zhang He Meng Xu, Yeongjin Jang, Xinyu Xing, Taesoo Kim, and Wenke Lee](https://reader036.vdocuments.net/reader036/viewer/2022062408/56649e9e5503460f94ba094c/html5/thumbnails/31.jpg)
Quiz
Q1:What is the most important thing(goal) to privacy browsing?
Q2:Why Ucognito don’t requires to change browsers and system kernel?
Q3:When we use CLEAN policy, what will we do if a path is specified as CLEAN?
![Page 32: UCognito: Private Browsing without Tears Present by Zhang He Meng Xu, Yeongjin Jang, Xinyu Xing, Taesoo Kim, and Wenke Lee](https://reader036.vdocuments.net/reader036/viewer/2022062408/56649e9e5503460f94ba094c/html5/thumbnails/32.jpg)
Thank you!