Location

Coda C1015 Vinings

Title: Building Empirically-driven Solutions for Enhancing Security and Privacy of Popular Internet Services

 

Date: Monday, April 21, 2025

Time: 9:00 AM – 11:00 AM EST

Location: Coda C1015 Vinings

Virtual: https://gatech.zoom.us/j/92434409278

 

Qinge Xie

CS Ph.D. Student

School of Cybersecurity and Privacy

College of Computing

Georgia Institute of Technology

 

Committee:

Dr. Frank Li (advisor), School of Cybersecurity and Privacy, Georgia Institute of Technology

Dr. Paul Pearce, School of Cybersecurity and Privacy, Georgia Institute of Technology

Dr. Saman Zonouz, School of Cybersecurity and Privacy, Georgia Institute of Technology

Dr. Mustaque Ahamad, School of Cybersecurity and Privacy, Georgia Institute of Technology

Dr. Haixin Duan, Institute for Network Sciences and Cyberspace, Tsinghua University

 

Abstract:

The Internet has become an integral part of everyday life, enabling communication, commerce, and access to information. However, as Internet users increasingly depend on online services, they are also exposed to growing risks associated with security breaches, abuse of personal information, and violations of privacy. Many popular Internet services, despite their importance, remain vulnerable to abuse and lack thorough auditing, thus posing undesirable security and privacy risks. These risks affect users by exposing their personal information and online activities, while also making it difficult for researchers to analyze or build on these services in the security, privacy, and measurement research.

 

This dissertation focuses on studying three popular Internet services: Internet domain top lists, browser extensions, and web privacy policies. My work uses real-world measurements to empirically inform the design of practical and effective solutions for enhancing the security and privacy of these services. I identify several undesirable properties in widely used domain top lists and build a secure and reliable alternative from scratch. Second, I explore the privacy risks of the browser extension ecosystem by designing a dynamic taint-tracking system for Chrome extensions, enabling fine-grained analysis of how user data flows from web pages and is potentially exfiltrated. Finally, I address the growing need to evaluate web privacy policies under modern privacy regulations by developing an LLM-based framework, which demonstrates improved accuracy, coverage, and adaptability compared to prior approaches.

 

Ultimately, this dissertation responds to the limitations of current practices in popular Internet services and contributes to the advancement of a secure and privacy-respecting Internet, which is essential for safeguarding trust and protecting the digital future.