资源描述:
《JavaScript Engine FingerprintingJavaScript引擎》由会员上传分享,免费在线阅读,更多相关内容在学术论文-天天文库。
1、FastandReliableBrowserIdentificationwithJavaScriptEngineFingerprintingMartinMulazzani,PhilippReschly,MarkusHuber,ManuelLeithner,SebastianSchrittwieserandEdgarWeipplSBAResearchVienna,AustriayFHCampusWienVienna,AustriaAbstract—Webbrowsersarecrucialsoftwa
2、recomponentsWhiletoday’sbrowsersinterpretawebsite’scodeinintoday’susageoftheInternet,butthereliabledetectionsimilarways(basedonstandards),theactualimplementationsofwhetheraclientisusingaspecificbrowsercanstillbeofthesestandardsdiffer.Thisdiversityofbrowsersh
3、asconsideredanontrivialproblem.ReliablebrowseridentificationalwayscausedheadachesforWebdevelopers,asthesameiscrucialforonlinesecurityandprivacye.g.,regardingdrive-bydownloadsandusertracking,andcanbeusedtoenhancethewebsitecanvaryacrossdifferentbrowserswithres
4、pecttouser’ssecurity.SofartheUserAgentstringisoftenusedtofunctionalityorappearance,requiringadditionaltestingandidentifyagivenbrowser,butitisaself-reportedstringprovideddebuggingofawebsite’scodeinordertoensurecorrectbytheclientandcanbechangedarbitrarily.fun
5、ctionalityinrelevantbrowsers.However,thiscanalsohavesevereimplicationsonprivacyandsecurity.InthisInthispaperweproposeanewmethodforidentifyingwebbrowsersbasedontheunderlyingJavascriptengine,whichcanpaper,weproposeanovelconceptforbrowseridentification,beexecut
6、edontheclientsidewithinafractionofasecond.Ourwhichexploitsexactlytheseimperfectimplementationsofmethodisthreeordersofmagnitudefasterthanpreviousworkstandardsinthedifferentbrowsers.OurworkwasoriginallyonJavascriptenginefingerprinting,andcanbeimplementedwithmo
7、tivatedbythesecurityscannernmap,whichusesTCP/IPwellbelowafewhundredlinesofcode.Weshowthefeasibilityofstackfingerprintingtodeterminetheoperatingsystemofaourmethodwithasurveyanddiscusstheconsequencesforuserprivacyandbrowsersecurity.Furthermore,wecollecteddataf
8、orremotehost.Inaverysimilarway,weusethebrowser’smorethan150browserandoperatingsystemcombinations,andunderlyingJavaScriptengineforbrowseridentification.presentalgorithmstomakebrowseridentificationasfastas