Research on HTML5 application cache poison attack

Research on HTML5 application cache poison attack

HTML5 application cache (AppCache) allowed Web browser to access Web offline.But it also brought a new method of cache poisoning attack that was more persisting.As for websites which used the AppCache,a novel poisoning method RFTM (replace file twice method),in which the attacker replaced the manife...

Full description

Saved in:
Bibliographic Details
Main Authors: Yan JIA, He WANG, Shao-qing LYU, Yu-qing ZHANG
Format: Article
Language:zho
Published: Editorial Department of Journal on Communications 2016-10-01
Series:Tongxin xuebao
Subjects:
Web security
HTML5
application cache
cache poisoning attack
signature scheme
Online Access:http://www.joconline.com.cn/zh/article/doi/10.11959/j.issn.1000-436x.2016206/
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:HTML5 application cache (AppCache) allowed Web browser to access Web offline.But it also brought a new method of cache poisoning attack that was more persisting.As for websites which used the AppCache,a novel poisoning method RFTM (replace file twice method),in which the attacker replaced the manifest file twice to poison the client’s AppCache,was proposed.Compared with the original attack,the legal server would not receive abnormal HTTP requests from the client in the attack.Therefore,changing the server configuration could not prevent the client from the RFTM AppCache poisoning.To avoid the attack mentioned above,a lightweight signature defense scheme Sec-Cache in application layer was designed.Furthermore,experiments show that it has good performance and compatibility.
ISSN:1000-436X

Similar Items