Analysing security assumptions taken for the WebRTC and postMessage APIs led us to find a novel attack abusing the browsers' persistent storage capabilities. The presented attack can be executed without the website's visitor knowledge, and it requires neither browser vulnerabilities nor additional software on the browser's side. To exemplify this, we study how can an attacker use browsers to create a network for persistent storage and distribution of arbitrary data. In our proof of concept, the total storage of the network, and therefore the space used within each browser, grows linearly with the number of origins delivering the malicious JavaScript code. Further, data transfers between browsers are not restricted by the Same Origin Po...
Page deduplication is a mechanism to reduce the memory footprint of a system. Identical physical pag...
Most of the recent work on Web security focuses on preventing attacks that directly harm the browser...
With the introduction of HTML5, the latest browser language, a new data storage technique, called lo...
Web browsers rely on caching for improving perfor-mance and for reducing bandwidth use. Cache poison...
We present a micro-architectural side-channel attack that runs entirely in the browser. In contrast ...
The Web has become highly interactive and an important driver for modern life, enabling information...
Along with the introduction of HTML5 a new data storage technique, Web Storage, has been added to br...
Web browsers use HTTP caches to reduce the amount of data to be transferred over the network and all...
Numerous initiatives are encouraging website owners to enable and enforce TLS encryption for the com...
A fundamental assumption in software security is that a memory location can only be modified by proc...
As the adoption of the Internet grows worldwide, the volumes of valuable data being transmitted and ...
We show how malicious web content can extract cryptographic secret keys from the user\u27s computer....
Website fingerprinting attacks use statistical analysis on network traffic to compromise user privac...
Website fingerprinting attacks, which use statistical analysis on network traffic to compromise user...
Increasingly sophisticated Rowhammer exploits allow an attacker that can execute code on a vulnerabl...
Page deduplication is a mechanism to reduce the memory footprint of a system. Identical physical pag...
Most of the recent work on Web security focuses on preventing attacks that directly harm the browser...
With the introduction of HTML5, the latest browser language, a new data storage technique, called lo...
Web browsers rely on caching for improving perfor-mance and for reducing bandwidth use. Cache poison...
We present a micro-architectural side-channel attack that runs entirely in the browser. In contrast ...
The Web has become highly interactive and an important driver for modern life, enabling information...
Along with the introduction of HTML5 a new data storage technique, Web Storage, has been added to br...
Web browsers use HTTP caches to reduce the amount of data to be transferred over the network and all...
Numerous initiatives are encouraging website owners to enable and enforce TLS encryption for the com...
A fundamental assumption in software security is that a memory location can only be modified by proc...
As the adoption of the Internet grows worldwide, the volumes of valuable data being transmitted and ...
We show how malicious web content can extract cryptographic secret keys from the user\u27s computer....
Website fingerprinting attacks use statistical analysis on network traffic to compromise user privac...
Website fingerprinting attacks, which use statistical analysis on network traffic to compromise user...
Increasingly sophisticated Rowhammer exploits allow an attacker that can execute code on a vulnerabl...
Page deduplication is a mechanism to reduce the memory footprint of a system. Identical physical pag...
Most of the recent work on Web security focuses on preventing attacks that directly harm the browser...
With the introduction of HTML5, the latest browser language, a new data storage technique, called lo...