Browser

Automated Black-Box Detection of Side-Channel Vulnerabilities in Web Applications

Free registration required

Executive Summary

Web applications divide their state between the client and the server. The frequent and highly dynamic client-server communication that is characteristic of modern web applications leaves them vulnerable to side-channel leaks, even over encrypted connections. The authors describe a black-box tool for detecting and quantifying the severity of side-channel vulnerabilities by analyzing network traffic over repeated crawls of a web application. By viewing the adversary as a multi-dimensional classifier, they develop a methodology to more thoroughly measure the distinguishably of network traffic for a variety of classification metrics.

  • Format: PDF
  • Size: 478.12 KB