Loading...
Please wait, while we are loading the content...
Similar Documents
Quantifying Side-Channel Information Leakage from Web Applications
| Content Provider | CiteSeerX |
|---|---|
| Author | Mather, Luke Oswald, Elisabeth |
| Abstract | Abstract. Recent research has shown that many popular web applications are vulnerable to side-channel attacks on encrypted streams of network data produced by the interaction of a user with an application. As a result, private user data is susceptible to being recovered by a side-channel adversary. A recent focus has been on the development of tools for the detection and quantification of side-channel information leaks from such web applications. In this work we describe a model for these web applications, analyse the effectiveness of previous approaches for the quantification of information leaks, and describe a robust, effective and generically applicable metric based on a statistical estimation of the mutual information between the user inputs made in the application and subsequent observable side-channel information. We use our proposed metric to construct a test capable of analysing sampled traces of packets to detect information leaks, and demonstrate the application of our test on a real-world web application. 1 |
| File Format | |
| Access Restriction | Open |
| Subject Keyword | Web Application Side-channel Information Leakage Information Leak Test Capable Subsequent Observable Side-channel Information Mutual Information Recent Focus Recent Research Statistical Estimation Previous Approach Side-channel Attack Private User Data Encrypted Stream Real-world Web Application Many Popular Web Application Sampled Trace Network Data Side-channel Information Leak Side-channel Adversary User Input |
| Content Type | Text |
| Resource Type | Article |
