CySER Virtual Seminar – Peeking Through the Keyhole: Exploring Web-Based Privacy-Invasive Attacks

About the event

Title: Peeking Through the Keyhole: Exploring Web-Based Privacy-Invasive Attacks

Speaker: Xu Lin

Abstract: In today’s interconnected world, the Web has become an indispensable part of our daily lives, with web browsers serving as the central hub of our digital existence. While the continuous enhancement of modern browser functionalities substantially improves the user experience, it also opens the door to new and potentially serious security and privacy threats. This talk aims to shed light on our recent efforts to identify vulnerabilities within emerging web features and conduct an analysis of the corresponding countermeasures. First, we will look at browser form autofill functionality, a convenient tool that, unfortunately, harbors a hidden danger—a novel side-channel attack that can surreptitiously harvest sensitive user information. Next, we will delve into browser fingerprinting, a controversial tracking technique that introduces flaws that allow adversaries to gain unauthorized access to user accounts, especially in critical and high-value financial services. We will conclude the talk on how the outcome of this series of research projects can be adopted in real-world applications to enhance security and privacy.

Speaker Bio: Xu Lin is an Assistant Professor in the School of Electrical Engineering and Computer Science (EECS) at Washington State University, Pullman. Her research interests revolve around web security and privacy, with a recent focus on investigating online tracking techniques and tackling pitfalls in authentication mechanisms. Her research aims to explore the Web’s threat landscape and develop countermeasures to protect user privacy. Her work has been published in top-tier security venues, including S&P, USENIX Security, and CCS.

Learn more about CySER: cyser.wsu.edu