Many browser cache attacks have been proposed in the literature to sniff the user’s browsing history. All of them rely on specific time measurements to infer if a resource is in the cache or not. Unlike the state-of-the-art, this paper reports on a novel cache-based attack that is not a timing attack but that abuses the HTTP cache-control and expires headers to extract the exact date and time when a resource was cached by the browser. The privacy implications are serious as this information can not only be utilized to detect if a website was visited by the user but it can also help build a timeline of the user’s visits. This goes beyond traditional history sniffing attacks as we can observe patterns of visit and model user’s behavior on the...
We present a micro-architectural side-channel attack that runs entirely in the browser. In contrast ...
Abstract. In this work, we present a Flow Stealing attack, where a victim’s browser is redirected du...
Web-based timing attacks have been known for over a decade, and it has been shown that, under optima...
Part 2: Web SecurityInternational audienceCache Timing Attacks (CTAs) have been shown to leak Web br...
Abstract—The existing Web timing attack methods are heavily dependent on executing client-side scrip...
Website fingerprinting attacks use statistical analysis on network traffic to compromise user privac...
Abstract. Web browser history detection using CSS visited styles has long been dismissed as an issue...
Web browser history detection using CSS $visited$ styles has long been dismissed as an issue of marg...
Website fingerprinting attacks, which use statistical analysis on network traffic to compromise user...
Web browsers rely on caching for improving perfor-mance and for reducing bandwidth use. Cache poison...
Web applications have become the foundation of many types of systems, ranging from cloud services to...
Web browsers use HTTP caches to reduce the amount of data to be transferred over the network and all...
Like conventional cookies, cache cookies are data ob-jects that servers store in Web browsers. Cache...
Privacy seems to be the Achilles' heel of today's web. Most web services make continuous efforts to ...
Abstract—History sniffing attacks allow web sites to learn about users ’ visits to other sites. The ...
We present a micro-architectural side-channel attack that runs entirely in the browser. In contrast ...
Abstract. In this work, we present a Flow Stealing attack, where a victim’s browser is redirected du...
Web-based timing attacks have been known for over a decade, and it has been shown that, under optima...
Part 2: Web SecurityInternational audienceCache Timing Attacks (CTAs) have been shown to leak Web br...
Abstract—The existing Web timing attack methods are heavily dependent on executing client-side scrip...
Website fingerprinting attacks use statistical analysis on network traffic to compromise user privac...
Abstract. Web browser history detection using CSS visited styles has long been dismissed as an issue...
Web browser history detection using CSS $visited$ styles has long been dismissed as an issue of marg...
Website fingerprinting attacks, which use statistical analysis on network traffic to compromise user...
Web browsers rely on caching for improving perfor-mance and for reducing bandwidth use. Cache poison...
Web applications have become the foundation of many types of systems, ranging from cloud services to...
Web browsers use HTTP caches to reduce the amount of data to be transferred over the network and all...
Like conventional cookies, cache cookies are data ob-jects that servers store in Web browsers. Cache...
Privacy seems to be the Achilles' heel of today's web. Most web services make continuous efforts to ...
Abstract—History sniffing attacks allow web sites to learn about users ’ visits to other sites. The ...
We present a micro-architectural side-channel attack that runs entirely in the browser. In contrast ...
Abstract. In this work, we present a Flow Stealing attack, where a victim’s browser is redirected du...
Web-based timing attacks have been known for over a decade, and it has been shown that, under optima...