Date Added: Dec 2010
Leakage of private information from web applications - even when the traffic is encrypted - is a major security threat to many applications that use HTTP for data delivery. This paper considers the problem of inferring from encrypted HTTP traffic the web sites or web pages visited by a user. Existing browser-side approaches to this problem cannot defend against more advanced attacks, and server-side approaches usually require modifications to web entities, such as browsers, servers, or web objects. In this paper, the authors propose a novel browser-side system, namely HTTPOS, to prevent information leaks and offer much better scalability and flexibility.