Quantifying Side-Channel Information Leakage From Web Applications
Recent research has shown that many popular web applications are vulnerable to side-channel attacks on encrypted streams of network data produced by the interaction of a user with an application. As a result, private user data is susceptible to being recovered by a side-channel adversary. A recent focus has been on the development of tools for the detection and quantification of side-channel information leaks from such web applications. In this paper, the authors describe a model for these web applications, analyze the effectiveness of previous approaches for the quantification of information leaks, and describe a robust, effective and generically applicable metric based on a statistical estimation of the mutual information between the user inputs made in the application and subsequent observable side-channel information.