Web traffic is exposed to potential eavesdroppers, and despite the use of encryption mechanisms, it has been shown vulnerable to side-channel attacks which reveal information about its contents. Although various countermeasures against such attacks have been proposed, the lack of mathematical foundations for reasoning about information leaks in web traffic has prevented the development of provably secure countermeasures. In this thesis, we develop a novel framework for reasoning about information leakage in web traffic. We propose flexible models of web applications, web browsing and web traffic, and develop two security models based on different notions of security: (1) an attacker’s knowledge about the possible secret values contained in ...
We show that the time web sites take to respond to HTTP requests can leak private information, using...
International audienceTo protect sensitive user data against server-side attacks, a number of securi...
As the web keeps on expanding, so does the interest of attackers whoseek to exploit users and servic...
Abstract. Recent research has shown that many popular web applications are vulnerable to side-channe...
PhDIt is not a secret that communications between client sides and server sides in web application...
Abstract. I present a traffic analysis based vulnerability in SafeWeb, an encrypting web proxy. This...
A web browser works with data and scripts from different sources, and these sources are not all trus...
As attacks on web applications get more sophisticated, browser manufactur-ers, application developer...
We analyze attacks that take advantage of the data length information leaked by HTTP transactions ov...
The Web is evolving into a melting pot of content coming from multiple stakeholders. In this mutuall...
International audience<p>Web applications are subject to several types of attacks. In particular, si...
Network intermediaries relay traffic between web servers and clients, and are often deployed on the ...
We present a novel web page fingerprinting attack that is able to defeat several recently proposed d...
The scientific community has been consistently working on the pervasive problem of information leaka...
This dissertation tackles crucial issues of web browser security. Web browsers are now a central pa...
We show that the time web sites take to respond to HTTP requests can leak private information, using...
International audienceTo protect sensitive user data against server-side attacks, a number of securi...
As the web keeps on expanding, so does the interest of attackers whoseek to exploit users and servic...
Abstract. Recent research has shown that many popular web applications are vulnerable to side-channe...
PhDIt is not a secret that communications between client sides and server sides in web application...
Abstract. I present a traffic analysis based vulnerability in SafeWeb, an encrypting web proxy. This...
A web browser works with data and scripts from different sources, and these sources are not all trus...
As attacks on web applications get more sophisticated, browser manufactur-ers, application developer...
We analyze attacks that take advantage of the data length information leaked by HTTP transactions ov...
The Web is evolving into a melting pot of content coming from multiple stakeholders. In this mutuall...
International audience<p>Web applications are subject to several types of attacks. In particular, si...
Network intermediaries relay traffic between web servers and clients, and are often deployed on the ...
We present a novel web page fingerprinting attack that is able to defeat several recently proposed d...
The scientific community has been consistently working on the pervasive problem of information leaka...
This dissertation tackles crucial issues of web browser security. Web browsers are now a central pa...
We show that the time web sites take to respond to HTTP requests can leak private information, using...
International audienceTo protect sensitive user data against server-side attacks, a number of securi...
As the web keeps on expanding, so does the interest of attackers whoseek to exploit users and servic...