Cooperative DOM Access Monitoring (Ongoing work)
Yuchen Zhou and David Evans
Last updated: Feb 25st, 2012
• Introduction
Following up my previous work (ESORICS 11'), the project idea is to automatically generate DOM access models from third party scripts' access patterns. The work is still ongoing and more information will come later.
• Experiment
We were trying to conduct an experiment requiring human browsing behaviors. The platform setup procedure is very easy and can be explained in several steps. We appreciate your participation in this experiment.
*Note*: This experiment is no longer ongoing as of the year 2013.
*Note*: This experiment is no longer ongoing as of the year 2013.
Step 1: If you are not using Firefox as your regular browser, you need to download a version of Firefox that's newer than version 7.0. Firefox download page can be found here. Sadly that we now only supports Firefox browser and we cannot stop you from stepping away from this experiment if you find Firefox an annoying browser to use.
Step 2: After installing Firefox, you need to download an add-on called FoxyProxy standard (Not to be confused with FoxyProxy Basic), more information can be found here. You can simply search for FoxyProxy from Firefox add-on repository and install it. Please note that this add-on is simply a more powerful way to manage proxy servers (only matching URLs will go through my proxy server, therefore minimizing the impact this experiment brings to your daily browsing experience). The current version of FoxyProxy standard as of Feb.25th is 3.5.
If you skip this step and just change your proxy server settings in Firefox, it is going to apply to all websites you visit and creating undesired behavior and/or slow down.
After successfully installing FoxyProxy, you should be able to see something like this:
You may not see the small fox on the bottom-right corner, but it doesn't matter. You can make Firefox show add-on bar (Ctrl+/) in the options to make that button visible.
If you skip this step and just change your proxy server settings in Firefox, it is going to apply to all websites you visit and creating undesired behavior and/or slow down.
Step 3: After installing FoxyProxy, you need to configure FoxyProxy. If you look at the options provided by FoxyProxy it's actually pretty confusing. Fortunately FoxyProxy supports importing/exporting configurations so you can simply download and import this preconfigured file and everything will be fine. (Warning: You may need to right-click on the previous link and manually select "save link as" to download it.) (Warning: You need to restart Firefox after you import the configuration.)
Clicking on the little fox button gives you the following option window. Right-clicking on the blank area in the center and select "Import Settings". Choose the file you downloaded above and import it. If everything goes smoothly, you should end up having a similar or same screen as this:
Clicking on the little fox button gives you the following option window. Right-clicking on the blank area in the center and select "Import Settings". Choose the file you downloaded above and import it. If everything goes smoothly, you should end up having a similar or same screen as this:
Step 4: You are all set! Let me explain what's happened and what will happen afterwards.
What's happened: You've just added a proxy server for some specific sites, the list of sites are available in the settings of your FoxyProxy. Right now it's only nytimes.com. Nothing else has changed.
What will happen: From now on until you choose to opt-out from this experiment by disabling/deleting the extension, all traffic to/from nytimes.com will be redirected to my proxy server. I will manipulate the traffic in a way that should not create any actual differences than if you are not using the proxy. However, while you are visiting a webpage from nytimes.com, since you are redirecting traffic through a proxy server you WILL experience slow downs, but I don't expect it to be too annoying.
Claim: While you are browsing webpages from nytimes.com, I will be automatically recording some of the traffic for model training purposes. I will NOT record any SSL traffic (actually SSL traffic is not redirected to my proxy server), and the recorded traffic will only be used for research purposes and will never be manually studied or released to the public. I WILL be able to see the pages on nytimes.com that all experimentees visited but I will not able to distinguish between diffrent users. I also pledge to use them only for research purposes.
*Important*: We ask you to not trying to do devastating actions such as refresh the page in a extremely high frequency. We currently have an unoptimized code base that does not support high workload consistently. We also do not track users actions individually. So we ask for your cooperation to keep the experiment up and running.
Note: If you NEVER visit any sites listed in the FoxyProxy setting, you essentially never participated in this experiment, even if you have followed every step here. *Browsing experience will not change if you do not visit the sites listed*
Note: If you noticed any bugs in using the proxy, such as a page failed to render correctly, please do not hesitate to contact me at yuchen at virginia dot edu.
Note: If you want to make sure everything is working, you may go to nytimes.com homepage. If the little fox button on the top starts to animate (rotate), it means the traffic is going through my proxy server. If the nytimes.com page renders correctly afterwards, you are golden. At times when my proxy server fails, you may always disable the extension temporarily and try to re-enable it later.
What's happened: You've just added a proxy server for some specific sites, the list of sites are available in the settings of your FoxyProxy. Right now it's only nytimes.com. Nothing else has changed.
What will happen: From now on until you choose to opt-out from this experiment by disabling/deleting the extension, all traffic to/from nytimes.com will be redirected to my proxy server. I will manipulate the traffic in a way that should not create any actual differences than if you are not using the proxy. However, while you are visiting a webpage from nytimes.com, since you are redirecting traffic through a proxy server you WILL experience slow downs, but I don't expect it to be too annoying.
Claim: While you are browsing webpages from nytimes.com, I will be automatically recording some of the traffic for model training purposes. I will NOT record any SSL traffic (actually SSL traffic is not redirected to my proxy server), and the recorded traffic will only be used for research purposes and will never be manually studied or released to the public. I WILL be able to see the pages on nytimes.com that all experimentees visited but I will not able to distinguish between diffrent users. I also pledge to use them only for research purposes.
*Important*: We ask you to not trying to do devastating actions such as refresh the page in a extremely high frequency. We currently have an unoptimized code base that does not support high workload consistently. We also do not track users actions individually. So we ask for your cooperation to keep the experiment up and running.
Note: If you NEVER visit any sites listed in the FoxyProxy setting, you essentially never participated in this experiment, even if you have followed every step here. *Browsing experience will not change if you do not visit the sites listed*
Note: If you noticed any bugs in using the proxy, such as a page failed to render correctly, please do not hesitate to contact me at yuchen at virginia dot edu.
Note: If you want to make sure everything is working, you may go to nytimes.com homepage. If the little fox button on the top starts to animate (rotate), it means the traffic is going through my proxy server. If the nytimes.com page renders correctly afterwards, you are golden. At times when my proxy server fails, you may always disable the extension temporarily and try to re-enable it later.
• Incentives
Nothing yet.
• Questions?
Email me: yuchen at virginia dot edu. Feel free to ask any questions you may have.
• People
- - Yuchen Zhou, third year PhD student in computer science/engineering at University of Virginia.
- - David Evans, associate professor in computer science department at Univeristy of Virginia.