论文信息 - Security assurance of local data stored by HTML5 web application

Security assurance of local data stored by HTML5 web application

Local data storage is one of the features that came with the HTML5 standard. Its purpose is to ensure the storage of web application's data in the device of the user rather than in the server side. With HTM5, the storage is no more achieved by proprietary solution as it is ensured by standardized APIs. However, with this new functionality that improves the user's quality of experience, it is crucial to reassure the end user about his data protection when they are stored locally and when they are externalized. In this work, our contribution deals with the assurance and security of data stored by HTML5 APIs. These measures are integrated into the browser to be performed automatically. In fact, data will be stored safely in a secure local space devoted to each user. As a proof of concept, we implemented our approach on the chromium browser, and we studied its performances.

Ahmed Serhrouchni | Mayssa Jemel

[1] Karthikeyan Bhargavan,et al. Web-based Attacks on Host-Proof Encrypted Storage , 2012, WOOT.

[2] Matt Bishop. A Proactive Password Checker , 1990 .

[3] Chris Jay Hoofnagle,et al. Flash Cookies and Privacy , 2009, AAAI Spring Symposium: Intelligent Information Privacy Management.

[4] Stefan Kimak. An investigation into possible attacks on HTML5 IndexedDB and their prevention , 2012 .

[5] Heng Yin,et al. Code Injection Attacks on HTML5-based Mobile Apps: Characterization, Detection and Mitigation , 2014, CCS.

[6] Qi Zhao,et al. Towards a data access framework for service-oriented rich clients , 2010, SOCA.

[7] Simon Josefsson. PKCS #5: Password-Based Key Derivation Function 2 (PBKDF2) Test Vectors , 2011, RFC.

[8] Jeffrey D. Walker,et al. A client-side web application for interactive environmental simulation modeling , 2014, Environ. Model. Softw..

[9] Jeremy Ellman,et al. Performance Testing and Comparison of Client Side Databases Versus Server Side , 2013 .

[10] Rui Zhao,et al. All your browser-saved passwords could belong to us: a security analysis and a cloud-based new design , 2013, CODASPY '13.

[11] Edgar R. Weippl,et al. Dark Clouds on the Horizon: Using Cloud Storage as Attack Vector and Online Slack Space , 2011, USENIX Security Symposium.