Konferenzpaper

Erschienen in: Secure IT Systems

Herausgeberliste: Askarov, Aslan; Hansen, René Rydhof; Rafnsson, Willard

Jahr der Veröffentlichung: 2019

Seiten: 20-36

ISBN: 978-3-030-35054-3

eISBN: 978-3-030-35055-0

DOI Link: https://doi.org/10.1007/978-3-030-35055-0_2

Konferenz: 24th Nordic Conference on Secure IT Systems (NordSec 2019)

Serientitel: Lecture Notes in Computer Science

Serienzählung: 11875

Abstract: 

Web browsers use HTTP caches to reduce the amount of data to be transferred over the network and allow Web pages to load faster. Content such as scripts, images, and style sheets, which are static most of the time or shared across multiple websites, are stored and loaded locally when recurring requests ask for cached resources. This behaviour can be exploited if the cache is based on a naive implementation. This paper summarises possible attacks on the browser cache and shows through extensive experiments that even modern web browsers still do not provide enough safeguards to protect their users. Moreover, the available built-in as well as addable cache controls offer rather limited functionality in terms of protection and ease of use. Due to the volatile and inhomogeneous APIs for controlling the cache in modern browsers, the development of enhanced user-centric cache controls remains—until further notice—in the hands of browser manufacturers.

Harvard-Zitierstil: Dehling, F., Mengel, T. and Lo Iacono, L. (2019) Rotten Cellar: Security and Privacy of the Browser Cache Revisited, in Askarov, A., Hansen, R. and Rafnsson, W. (eds.) Secure IT Systems. Cham: Springer. pp. 20-36. https://doi.org/10.1007/978-3-030-35055-0_2

APA-Zitierstil: Dehling, F., Mengel, T., & Lo Iacono, L. (2019). Rotten Cellar: Security and Privacy of the Browser Cache Revisited. In Askarov, A., Hansen, R., & Rafnsson, W. (Eds.), Secure IT Systems. (pp. 20-36). Springer. https://doi.org/10.1007/978-3-030-35055-0_2