Service workers boost the user experience of modern web applications by taking advantage of the Cache API to improve responsiveness and support offline usage. In this paper, we present the first security analysis of the threats posed by this programming practice, identifying an attack with major security implications. In particular, we show how a traditional XSS attack can abuse the Cache API to escalate into a personin-The-middle attack against cached content, thus compromising its confidentiality and integrity. Remarkably, this attack enables new threats which are beyond the scope of traditional XSS. After defining the attack, we study its prevalence in the wild, finding that the large majority of the sites which register service workers ...
Cache attacks have increasingly gained momentum in the security community. In such attacks, attacker...
Distributed caching is increasingly used to shorten the response time of Web servers and balance the...
The Web has become highly interactive and an important driver for modern life, enabling information...
Service workers boost the user experience of modern web applications by taking advantage of the Cach...
Web browsers rely on caching for improving perfor-mance and for reducing bandwidth use. Cache poison...
We present a micro-architectural side-channel attack that runs entirely in the browser. In contrast ...
Website fingerprinting attacks use statistical analysis on network traffic to compromise user privac...
Part 2: Web SecurityInternational audienceCache Timing Attacks (CTAs) have been shown to leak Web br...
Website fingerprinting attacks, which use statistical analysis on network traffic to compromise user...
Analysing security assumptions taken for the WebRTC and postMessage APIs led us to find a novel atta...
Web browsers use HTTP caches to reduce the amount of data to be transferred over the network and all...
Like conventional cookies, cache cookies are data ob-jects that servers store in Web browsers. Cache...
Abstract — As social websites get more and more users across internet, Cross Site Scripting is becom...
We show how malicious web content can extract cryptographic secret keys from the user\u27s computer....
With the ever-expanding internet, finding new ways to increase the user experience are vital in orde...
Cache attacks have increasingly gained momentum in the security community. In such attacks, attacker...
Distributed caching is increasingly used to shorten the response time of Web servers and balance the...
The Web has become highly interactive and an important driver for modern life, enabling information...
Service workers boost the user experience of modern web applications by taking advantage of the Cach...
Web browsers rely on caching for improving perfor-mance and for reducing bandwidth use. Cache poison...
We present a micro-architectural side-channel attack that runs entirely in the browser. In contrast ...
Website fingerprinting attacks use statistical analysis on network traffic to compromise user privac...
Part 2: Web SecurityInternational audienceCache Timing Attacks (CTAs) have been shown to leak Web br...
Website fingerprinting attacks, which use statistical analysis on network traffic to compromise user...
Analysing security assumptions taken for the WebRTC and postMessage APIs led us to find a novel atta...
Web browsers use HTTP caches to reduce the amount of data to be transferred over the network and all...
Like conventional cookies, cache cookies are data ob-jects that servers store in Web browsers. Cache...
Abstract — As social websites get more and more users across internet, Cross Site Scripting is becom...
We show how malicious web content can extract cryptographic secret keys from the user\u27s computer....
With the ever-expanding internet, finding new ways to increase the user experience are vital in orde...
Cache attacks have increasingly gained momentum in the security community. In such attacks, attacker...
Distributed caching is increasingly used to shorten the response time of Web servers and balance the...
The Web has become highly interactive and an important driver for modern life, enabling information...