HTTPOS: Sealing Information Leaks With Browser-Side Obfuscation of Encrypted Flows

Leakage of private information from web applications - even when the traffic is encrypted - is a major security threat to many applications that use HTTP for data delivery. This paper considers the problem of inferring from encrypted HTTP traffic the web sites or web pages visited by a user. Existing browser-side approaches to this problem cannot defend against more advanced attacks, and server-side approaches usually require modifications to web entities, such as browsers, servers, or web objects. In this paper, the authors propose a novel browser-side system, namely HTTPOS, to prevent information leaks and offer much better scalability and flexibility.