Research on HTML5 application cache poison attack
HTML5 application cache (AppCache) allowed Web browser to access Web offline.But it also brought a new method of cache poisoning attack that was more persisting.As for websites which used the AppCache,a novel poisoning method RFTM (replace file twice method),in which the attacker replaced the manife...
Saved in:
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Language: | zho |
| Published: |
Editorial Department of Journal on Communications
2016-10-01
|
| Series: | Tongxin xuebao |
| Subjects: | |
| Online Access: | http://www.joconline.com.cn/zh/article/doi/10.11959/j.issn.1000-436x.2016206/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1841539583608619008 |
|---|---|
| author | Yan JIA He WANG Shao-qing LYU Yu-qing ZHANG |
| author_facet | Yan JIA He WANG Shao-qing LYU Yu-qing ZHANG |
| author_sort | Yan JIA |
| collection | DOAJ |
| description | HTML5 application cache (AppCache) allowed Web browser to access Web offline.But it also brought a new method of cache poisoning attack that was more persisting.As for websites which used the AppCache,a novel poisoning method RFTM (replace file twice method),in which the attacker replaced the manifest file twice to poison the client’s AppCache,was proposed.Compared with the original attack,the legal server would not receive abnormal HTTP requests from the client in the attack.Therefore,changing the server configuration could not prevent the client from the RFTM AppCache poisoning.To avoid the attack mentioned above,a lightweight signature defense scheme Sec-Cache in application layer was designed.Furthermore,experiments show that it has good performance and compatibility. |
| format | Article |
| id | doaj-art-6a90811d969a4085bb6bb262940bb1cf |
| institution | Kabale University |
| issn | 1000-436X |
| language | zho |
| publishDate | 2016-10-01 |
| publisher | Editorial Department of Journal on Communications |
| record_format | Article |
| series | Tongxin xuebao |
| spelling | doaj-art-6a90811d969a4085bb6bb262940bb1cf2025-01-14T06:56:11ZzhoEditorial Department of Journal on CommunicationsTongxin xuebao1000-436X2016-10-013714915759704177Research on HTML5 application cache poison attackYan JIAHe WANGShao-qing LYUYu-qing ZHANGHTML5 application cache (AppCache) allowed Web browser to access Web offline.But it also brought a new method of cache poisoning attack that was more persisting.As for websites which used the AppCache,a novel poisoning method RFTM (replace file twice method),in which the attacker replaced the manifest file twice to poison the client’s AppCache,was proposed.Compared with the original attack,the legal server would not receive abnormal HTTP requests from the client in the attack.Therefore,changing the server configuration could not prevent the client from the RFTM AppCache poisoning.To avoid the attack mentioned above,a lightweight signature defense scheme Sec-Cache in application layer was designed.Furthermore,experiments show that it has good performance and compatibility.http://www.joconline.com.cn/zh/article/doi/10.11959/j.issn.1000-436x.2016206/Web securityHTML5application cachecache poisoning attacksignature scheme |
| spellingShingle | Yan JIA He WANG Shao-qing LYU Yu-qing ZHANG Research on HTML5 application cache poison attack Tongxin xuebao Web security HTML5 application cache cache poisoning attack signature scheme |
| title | Research on HTML5 application cache poison attack |
| title_full | Research on HTML5 application cache poison attack |
| title_fullStr | Research on HTML5 application cache poison attack |
| title_full_unstemmed | Research on HTML5 application cache poison attack |
| title_short | Research on HTML5 application cache poison attack |
| title_sort | research on html5 application cache poison attack |
| topic | Web security HTML5 application cache cache poisoning attack signature scheme |
| url | http://www.joconline.com.cn/zh/article/doi/10.11959/j.issn.1000-436x.2016206/ |
| work_keys_str_mv | AT yanjia researchonhtml5applicationcachepoisonattack AT hewang researchonhtml5applicationcachepoisonattack AT shaoqinglyu researchonhtml5applicationcachepoisonattack AT yuqingzhang researchonhtml5applicationcachepoisonattack |