Rotten Cellar: Security and Privacy of the Browser Cache Revisited

Web browsers use HTTP caches to reduce the amount of data to be transferred over the network and allow Web pages to load faster. Content such as scripts, images, and style sheets, which are static most of the time or shared across multiple websites, are stored and loaded locally when recurring requests ask for cached resources. This behaviour can be exploited if the cache is based on a naive implementation. This paper summarises possible attacks on the browser cache and shows through extensive experiments that even modern web browsers still do not provide enough safeguards to protect their users. Moreover, the available built-in as well as addable cache controls offer rather limited functionality in terms of protection and ease of use. Due to the volatile and inhomogeneous APIs for controlling the cache in modern browsers, the development of enhanced user-centric cache controls remains -until further notice- in the hands of browser manufacturers.

Metadaten
Author:	Florian Dehling, Tobias Mengel, Luigi Lo Iacono
URN:	urn:nbn:de:hbz:832-epub4-14249
Descirption of the primary publication:	24th Nordic Conference on Secure IT Systems (NordSec 2019), Aalborg, Denmark, November 18–20, 2019, Proceedings, Lecture Notes in Computer Science, vol. 11875
Document Type:	Conference Proceeding
Language:	English
Date of first Publication:	2019/11/18
Date of Publication (online):	2019/10/30
GND-Keyword:	Browser; Privatheit; Security+-Zertifikat
Tag:	Browser Cache; Privacy; Security
Page Number:	16
Institutes:	Informations-, Medien- und Elektrotechnik (F07) / Fakultät 07 / Institut für Medien- und Phototechnik
CCS-Classification:	C. Computer Systems Organization / C.2 COMPUTER-COMMUNICATION NETWORKS / C.2.0 General / Security and protection (e.g., firewalls) (REVISED)
Dewey Decimal Classification:	000 Allgemeines, Informatik, Informationswissenschaft
Open Access:	Open Access
Licence (German):	Es gilt das UrhG

Open Access