Poster: Security Analysis of HSTS Implementation in Browsers

نویسندگان

Yan Jia

Yuqing Zhang

چکیده

Currently, HTTP Strict Transport Security, used to harden HTTPS, has gained increasing adoption in browsers and servers. We conduct an in-depth empirical security study of HSTS implementation in browsers, then successfully discover several new flaws in storage implementation and interaction with certificates. These flaws enable cookies theft, DoS, and bypassing problems. Moreover, we point out some other concerns including origin risk, entries missing, preload, and complex interaction. Keywords—HTTPS; HSTS; security; browser.

برای دانلود رایگان متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Cookies Lack Integrity: Real-World Implications

A cookie can contain a “secure” flag, indicating that it should be only sent over an HTTPS connection. Yet there is no corresponding flag to indicate how a cookie was set: attackers who act as a man-in-the-midddle even temporarily on an HTTP session can inject cookies which will be attached to subsequent HTTPS connections. Similar attacks can also be launched by a web attacker from a related do...

متن کامل

An Analysis of Private Browsing Modes in Modern Browsers

We study the security and privacy of private browsing modes recently added to all major browsers. We first propose a clean definition of the goals of private browsing and survey its implementation in different browsers. We conduct a measurement study to determine how often it is used and on what categories of sites. Our results suggest that private browsing is used differently from how it is ma...

متن کامل

VulnerableMe: Measuring Systemic Weaknesses in Mobile Browser Security

Porting browsers to mobile platforms may lead to new vulnerabilities whose solutions require careful balancing between usability and security and might not always be equivalent to those in desktop browsers. In this paper, we perform the first large-scale security comparison between mobile and desktop browsers. We focus our efforts on display security given the inherent screen limitations of mob...

متن کامل

An Improved Features of Health Screening Test System for Malaysian Social Security Organisation (SOCSO) Programme

The purpose of this paper is to improve the features of Health Screening Test System (HSTS) on Social Security Organization (SOCSO) program as physical evaluation for musculoskeletal disable workers (MSDs). SOCSO existing functional testing system are not suitable because of the evaluation was recorded manually peg board too high for Asian people. The occupational therapist whose involve in all...

متن کامل

A Security Analysis of Emerging Web Standards - Extended Version HTML5 and Friends, from Specification to Implementation

Over the past few years, a significant effort went into the development of a new generation of web standards, centered around the HTML5 specification. Given the importance of the web in our society, it is essential that these new standards are scrutinized for potential security problems. This paper reports on a systematic analysis of ten important, recent specifications with respect to two gene...

متن کامل

ذخیره در منابع من

ذخیره در منابع من قبلا به منابع من ذحیره شده

{@ msg_add @}

با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

عنوان ژورنال:

دوره شماره

صفحات -

تاریخ انتشار 2017

Poster: Security Analysis of HSTS Implementation in Browsers

نویسندگان

چکیده

منابع مشابه

Cookies Lack Integrity: Real-World Implications

An Analysis of Private Browsing Modes in Modern Browsers

VulnerableMe: Measuring Systemic Weaknesses in Mobile Browser Security

An Improved Features of Health Screening Test System for Malaysian Social Security Organisation (SOCSO) Programme

A Security Analysis of Emerging Web Standards - Extended Version HTML5 and Friends, from Specification to Implementation

عنوان ژورنال:

اشتراک گذاری