Titre :

Mitigating browser fingerprint tracking: multi-level reconfiguration and diversification

Auteur(s) :

Laperdrix, Pierre [Auteur]
Diversity-centric Software Engineering [DiverSe]
Rudametkin, Walter [Auteur]
Université de Lille, Sciences et Technologies
Self-adaptation for distributed services and large software systems [SPIRALS]
Baudry, Benoit [Auteur]
Diversity-centric Software Engineering [DiverSe]

Titre de la manifestation scientifique :

Proceedings of the IEEE/ACM 10th International Symposium on Software Engineering for Adaptive and Self-Managing Systems (SEAMS)

Ville :

Firenze

Pays :

Italie

Date de début de la manifestation scientifique :

2015-05-18

Discipline(s) HAL :

Informatique [cs]/Génie logiciel [cs.SE]
Informatique [cs]/Cryptographie et sécurité [cs.CR]
Informatique [cs]/Recherche d'information [cs.IR]

Résumé en anglais : [en]

The diversity of software components (e.g., browsers, plugins, fonts) is a wonderful opportunity for users to customize their platforms. Yet, massive customization creates a privacy issue: browsers are slightly different ...
Lire la suite >The diversity of software components (e.g., browsers, plugins, fonts) is a wonderful opportunity for users to customize their platforms. Yet, massive customization creates a privacy issue: browsers are slightly different from one another, allowing third parties to collect unique and stable fingerprints to track users. Although software diversity appears to be the source of this privacy issue, we claim that this same diversity, combined with automatic reconfiguration, provides the essential ingredients to constantly change browsing platforms. Constant change acts as a moving target defense strategy against fingerprint tracking by breaking one essential property: stability over time. We leverage virtualization and modular architectures to automatically assemble and reconfigure software components at multiple levels. We operate on operating systems, browsers, fonts and plugins. This work is the first application of software reconfiguration to build a moving target defense against browser fingerprint tracking. The main objective is to automatically modify the fingerprint a platform exhibits. We have developed a prototype called Blink to experiment the effectiveness of our approach at randomizing fingerprints. We have assembled and reconfigured thousands of platforms, and we observe that all of them exhibit different fingerprints, and that commercial fingerprinting solutions are not able to detect that the different platforms actually correspond to a single user.Lire moins >

Langue :

Anglais

Comité de lecture :

Oui

Audience :

Internationale

Vulgarisation :

Non

Collections :

• Centre de Recherche en Informatique, Signal et Automatique de Lille (CRIStAL) - UMR 9189

Source :

Harvested from HAL