Research Article
Identity Armour: User Controlled Browser Security
@INPROCEEDINGS{10.1007/978-3-030-63086-7_26, author={Ross Copeland and Drew Davidson}, title={Identity Armour: User Controlled Browser Security}, proceedings={Security and Privacy in Communication Networks. 16th EAI International Conference, SecureComm 2020, Washington, DC, USA, October 21-23, 2020, Proceedings, Part I}, proceedings_a={SECURECOMM}, year={2020}, month={12}, keywords={Web security User privacy Cross-site scripting}, doi={10.1007/978-3-030-63086-7_26} }- Ross Copeland
Drew Davidson
Year: 2020
Identity Armour: User Controlled Browser Security
SECURECOMM
Springer
DOI: 10.1007/978-3-030-63086-7_26
Abstract
As dynamic technologies are deployed to make the web more responsive and feature-rich, the abuse of these capabilities have given rise to emergent privacy and security concerns. At the same time, the prevalence of targeted advertising-driven revenue streams has built an incentive to amass more information about visitors and little incentive to prevent third-party entities from collecting such data. We create a prototype policy enforcement system called Identity Armour that is purely client-side, requiring no cooperation from the site developer. Our system can enforce policies over the functionality of practical JavaScript, including the ability to prevent data that users consider to be sensitive and to prevent functions that the user considers to be prohibited from being executed. We show that Identity Armour is effective at stopping real privacy leakages, and equips users with modern web protections even when first-party developers fail to supply policies themselves.
