Sciweavers

SP
2010
IEEE

Side-Channel Leaks in Web Applications: A Reality Today, a Challenge Tomorrow

14 years 3 months ago
Side-Channel Leaks in Web Applications: A Reality Today, a Challenge Tomorrow
– With software-as-a-service becoming mainstream, more and more applications are delivered to the client through the Web. Unlike a desktop application, a web application is split into browser-side and server-side components. A subset of the application’s internal information flows are inevitably exposed on the network. We show that despite encryption, such a side-channel information leak is a realistic and serious threat to user privacy. Specifically, we found that surprisingly detailed sensitive information is being leaked out from a number of high-profile, top-of-the-line web applications in healthcare, taxation, investment and web search: an eavesdropper can infer the illnesses/medications/surgeries of the user, her family income and investment secrets, despite HTTPS protection; a stranger on the street can glean enterprise employees' web search queries, despite WPA/WPA2 Wi-Fi encryption. More importantly, the root causes of the problem are some fundamental characteristics ...
Shuo Chen, Rui Wang, XiaoFeng Wang, Kehuan Zhang
Added 16 Aug 2010
Updated 16 Aug 2010
Type Conference
Year 2010
Where SP
Authors Shuo Chen, Rui Wang, XiaoFeng Wang, Kehuan Zhang
Comments (0)