CSP & Co. Can Save Us from a Rogue Cross-Origin Storage Browser Network! But for How Long?
| Autor: | Joachim Posegga, Juan D. Parra Rodriguez |
|---|---|
| Rok vydání: | 2018 |
| Předmět: |
Point (typography)
Computer science business.industry Visitor pattern 02 engineering and technology Content Security Policy Computer security computer.software_genre Internet security WebRTC Browser security Parasitic computing 020204 information systems 0202 electrical engineering electronic engineering information engineering 020201 artificial intelligence & image processing ddc:004 business computer |
| Zdroj: | Proceedings of the Eighth ACM Conference on Data and Application Security and Privacy-CODASPY 18 Proceedings of the Eighth ACM Conference on Data and Application Security and Privacy -CODASPY '18 CODASPY Proceedings of the Eighth ACM Conference on Data and Application Security and Privacy |
| DOI: | 10.1145/3176258.3176951 |
| Popis: | We introduce a new browser abuse scenario where an attacker uses local storage capabilities without the website's visitor knowledge to create a network of browsers for persistent storage and distribution of arbitrary data. We describe how security-aware users can use mechanisms such as the Content Security Policy (CSP), sandboxing, and third-party tracking protection, i.e., CSP & Company, to limit the network's effectiveness. From another point of view, we also show that the upcoming Suborigin standard can inadvertently thwart existing countermeasures, if it is adopted. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|