Belloro, S. and Mylonas, A., 2018. Security considerations around the usage of client-side storage APIs. Technical Report. Poole, England: Bournemouth University.
Full text available as:
|
PDF
BUCSR-2018-01 Client side security considerations.pdf - Published Version Available under License Creative Commons Attribution Non-commercial No Derivatives. 2MB | |
Copyright to original material in this document is with the original owner(s). Access to this content through BURO is granted on condition that you use it only for research, scholarly or other non-commercial purposes. If you wish to use it for any other purposes, you must contact BU via BURO@bournemouth.ac.uk. Any third party copyright material in this document remains the property of its respective owner(s). BU grants no licence for further use of that third party material. |
Abstract
Web Storage, Indexed Database API and Web SQL Database are primitives that allow web browsers to store information in the client in a much more advanced way compared to other techniques such as HTTP Cookies. They were originally introduced with the goal of enhancing the capabilities of websites, however, they are often exploited as a way of tracking users across multiple sessions and websites. This work is divided in two parts. First, it quantifies the usage of these three primitives in the context of user tracking. This is done by performing a large-scale analysis on the usage of these techniques in the wild. The results highlight that code snippets belonging to those primitives can be found in tracking scripts at a surprising high rate, suggesting that user tracking is a major use case of these technologies. The second part reviews of the effectiveness of the removal of client-side storage data in modern browsers. A web application, built for specifically for this study, is used to highlight that it is often extremely hard, if not impossible, for users to remove personal data stored using the three primitives considered. This finding has significant implications, because those techniques are often uses as vector for cookie resurrection.
Item Type: | Monograph (Technical Report) |
---|---|
Group: | Faculty of Science & Technology |
ID Code: | 30202 |
Deposited By: | Symplectic RT2 |
Deposited On: | 15 Jan 2018 14:43 |
Last Modified: | 14 Mar 2022 14:09 |
Downloads
Downloads per month over past year
Repository Staff Only - |