dc.contributor.author | Ikram, M | |
dc.contributor.author | Masood, R | |
dc.contributor.author | Tyson, G | |
dc.contributor.author | Kafaar, M | |
dc.contributor.author | Loizon, N | |
dc.contributor.author | Ensafi, R | |
dc.date.accessioned | 2020-05-13T15:17:07Z | |
dc.date.available | 2020-02-06 | |
dc.date.available | 2020-05-13T15:17:07Z | |
dc.date.issued | 2020 | |
dc.identifier.citation | Ikram, Muhammad et al. "Measuring And Analysing The Chain Of Implicit Trust". ACM Transactions On Privacy And Security, vol 23, no. 2, 2020, pp. 1-27. Association For Computing Machinery (ACM), doi:10.1145/3380466. Accessed 13 May 2020. | en_US |
dc.identifier.uri | https://qmro.qmul.ac.uk/xmlui/handle/123456789/64073 | |
dc.description.abstract | The web is a tangled mass of interconnected services, whereby websites import a range of external resources from various third-party domains. The latter can also load further resources hosted on other domains. For each website, this creates a dependency chain underpinned by a form of implicit trust between the first-party and transitively connected third parties. The chain can only be loosely controlled as first-party websites often have little, if any, visibility on where these resources are loaded from. This article performs a large-scale study of dependency chains in the web to find that around 50% of first-party websites render content that they do not directly load. Although the majority (84.91%) of websites have short dependency chains (below three levels), we find websites with dependency chains exceeding 30. Using VirusTotal, we show that 1.2% of these third parties are classified as suspicious—although seemingly small, this limited set of suspicious third parties have remarkable reach into the wider ecosystem. We find that 73% of websites under-study load resources from suspicious third parties, and 24.8% of first-party webpages contain at least three third parties classified as suspicious in their dependency chain. By running sandboxed experiments, we observe a range of activities with the majority of suspicious JavaScript codes downloading malware. | en_US |
dc.publisher | ACM | en_US |
dc.relation.ispartof | ACM Transactions on Privacy and Security | |
dc.rights | This is a pre-copyedited, author-produced version of an article accepted for publication in ACM Transactions on Privacy and Security following peer review. The version of record is available https://dl.acm.org/doi/10.1145/3380466 | |
dc.title | Measuring and Analysing the Chain of Implicit Trust: AStudy of Third-party Resources Loading | en_US |
dc.type | Article | en_US |
dc.rights.holder | © 2020 ACM, Inc. | |
pubs.notes | Not known | en_US |
pubs.publication-status | Accepted | en_US |
dcterms.dateAccepted | 2020-02-06 | |
rioxxterms.funder | Default funder | en_US |
rioxxterms.identifier.project | Default project | en_US |