Browser cross-origin timing attacks
نویسنده
چکیده
منابع مشابه
A Formal Model of Web Security Showing Malicious Cross Origin Requests and Its Mitigation using CORP
This document describes a web security model to analyse cross origin requests and block them using CORP, a browser security policy proposed for mitigating Cross Origin Request Attacks (CORA) such as CSRF, Clickjacking, Web application timing, etc. CORP is configured by website administrators and sent as an HTTP response header to the browser. A browser which is CORP-enabled will interpret the p...
متن کاملModelling and Mitigation of Cross-Origin Request Attacks on Federated Identity Management Using Cross Origin Request Policy
Cross origin request attacks (CORA) such as Cross site request forgery (CSRF), cross site timing, etc. continue to pose a threat on the modern day web. Current browser security policies inadequately mitigate these attacks. Additionally, third party authentication services are now the preferred way to carry out identity management between multiple enterprises and web applications. This scenario,...
متن کاملToward Exposing Timing-Based Probing Attacks in Web Applications †
Web applications have become the foundation of many types of systems, ranging from cloud services to Internet of Things (IoT) systems. Due to the large amount of sensitive data processed by web applications, user privacy emerges as a major concern in web security. Existing protection mechanisms in modern browsers, e.g., the same origin policy, prevent the users' browsing information on one webs...
متن کاملIdentifying Cross-origin Resource Status Using Application Cache
HTML5 Application Cache (AppCache) allows web applications to cache their sameand cross-origin resources in the local storage of a web browser to enable offline access. However, cross-origin resource caching in AppCache has potential security and privacy problems. In this paper, we consider a novel web privacy attack that exploits cross-origin AppCache. Our attack allows a remote web attacker t...
متن کاملPatching Browsers and DNS Clients to Foil Timing Attacks
Timing attacks exploit a loophole that allows any website to deduce confidential information f rom a web user visiting the website by peeping into the user’s Internet cache or DNS resolver cache. Any unscrupulous attacker can also insert ‘cache cookies’ into the user’s Internet cache. The solutions, which have been proposed so far, are disabling the caches, the java script, java and domain tagg...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2016