The Community for Technology Leaders
Green Image
Issue No. 02 - Mar.-Apr. (2016 vol. 14)
ISSN: 1540-7993
pp: 22-28
Amit Levy , Stanford University
Henry Corrigan-Gibbs , Stanford University
Dan Boneh , Stanford University
ABSTRACT
Website publishers can derive enormous performance benefits and cost savings by directing traffic to their sites through content distribution networks (CDNs). However, publishers who use CDNs must trust they won't modify the site's JavaScript, CSS, images, or other media en route to end users. A CDN that violates this trust could inject ads into websites, downsample media to save bandwidth, or, worse, inject malicious JavaScript code to steal user secrets it couldn't otherwise access. The authors present Stickler, a system for website publishers that guarantees the end-to-end authenticity of content served to users that simultaneously lets publishers reap the benefits of CDNs. Crucially, Stickler achieves these guarantees without requiring modifications to the browser.
INDEX TERMS
Browsers, Servers, Content distribution networks, Cryptography, Privacy, Malware, Computer security
CITATION

A. Levy, H. Corrigan-Gibbs and D. Boneh, "Stickler: Defending against Malicious Content Distribution Networks in an Unmodified Browser," in IEEE Security & Privacy, vol. 14, no. 2, pp. 22-28, 2016.
doi:10.1109/MSP.2016.32
349 ms
(Ver 3.3 (11022016))