Conference paper

Appeared in: Secure IT Systems

Editor list: Askarov, Aslan; Hansen, René Rydhof; Rafnsson, Willard

Publication year: 2019

Pages: 20-36

ISBN: 978-3-030-35054-3

eISBN: 978-3-030-35055-0

DOI Link: https://doi.org/10.1007/978-3-030-35055-0_2

Conference: 24th Nordic Conference on Secure IT Systems (NordSec 2019)

Title of series: Lecture Notes in Computer Science

Number in series: 11875

Abstract: 

Web browsers use HTTP caches to reduce the amount of data to be transferred over the network and allow Web pages to load faster. Content such as scripts, images, and style sheets, which are static most of the time or shared across multiple websites, are stored and loaded locally when recurring requests ask for cached resources. This behaviour can be exploited if the cache is based on a naive implementation. This paper summarises possible attacks on the browser cache and shows through extensive experiments that even modern web browsers still do not provide enough safeguards to protect their users. Moreover, the available built-in as well as addable cache controls offer rather limited functionality in terms of protection and ease of use. Due to the volatile and inhomogeneous APIs for controlling the cache in modern browsers, the development of enhanced user-centric cache controls remains—until further notice—in the hands of browser manufacturers.

Harvard Citation style: Dehling, F., Mengel, T. and Lo Iacono, L. (2019) Rotten Cellar: Security and Privacy of the Browser Cache Revisited, in Askarov, A., Hansen, R. and Rafnsson, W. (eds.) Secure IT Systems. Cham: Springer. pp. 20-36. https://doi.org/10.1007/978-3-030-35055-0_2

APA Citation style: Dehling, F., Mengel, T., & Lo Iacono, L. (2019). Rotten Cellar: Security and Privacy of the Browser Cache Revisited. In Askarov, A., Hansen, R., & Rafnsson, W. (Eds.), Secure IT Systems. (pp. 20-36). Springer. https://doi.org/10.1007/978-3-030-35055-0_2