Abstract | ||
---|---|---|
The Web is a tangled mass of interconnected services, where websites import a range of external resources from various third-party domains. The latter can also load resources hosted on other domains. For each website, this creates a dependency chain underpinned by a form of implicit trust between the first-party and transitively connected third-parties. The chain can only be loosely controlled as first-party websites often have little, if any, visibility on where these resources are loaded from. This paper performs a large-scale study of dependency chains in the Web, to find that around 50% of first-party websites render content that they did not directly load. Although the majority (84.91%) of websites have short dependency chains (below 3 levels), we find websites with dependency chains exceeding 30. Using VirusTotal, we show that 1.2% of these third-parties are classified as suspicious - although seemingly small, this limited set of suspicious third-parties have remarkable reach into the wider ecosystem.
|
Year | DOI | Venue |
---|---|---|
2019 | 10.1145/3308558.3313521 | WWW '19: The Web Conference on The World Wide Web Conference WWW 2019 |
DocType | Volume | ISBN |
Journal | abs/1901.07699 | 978-1-4503-6674-8 |
Citations | PageRank | References |
5 | 0.45 | 19 |
Authors | ||
6 |
Name | Order | Citations | PageRank |
---|---|---|---|
Ikram Muhammad | 1 | 18 | 7.16 |
Rahat Masood | 2 | 40 | 7.94 |
Gareth Tyson | 3 | 443 | 46.65 |
Mohamed Ali Kâafar | 4 | 984 | 75.45 |
Noha Loizon | 5 | 5 | 0.45 |
Roya Ensafi | 6 | 11 | 3.25 |