Talks and Poster Presentations (without Proceedings-Entry):
D. Somé, M. Squarcina, S. Calzavara, M. Maffei:
"The Remote on the Local: Exacerbating Web Attacks Via Service Workers Caches in Progressive Web Applications";
Talk: EuroS&P 2020 SecWeb Workshop,
Genova, IT;
2020-09-11.
English abstract:
Progressive Web Applications (PWAs) are the new trend in web development, promising several features and similar advantages as native applications. They heavily rely on modern web APIs to offer an engaging user experience. Service Workers are one of the core technologies employed by PWAs. They work as a proxy server for websites, allowing requests and responses to be modified, cached and served to the browser even when the user is offline. In this work we showcase a number of flaws in the Cache API that allow an attacker to void the security policies put in place by web developers, posing serious security and privacy threats. Given that these attacks are enabled by the presence of Service Workers, we demonstrate the impact of our findings by performing a large-scale analysis on the top 110K websites. Finally, we propose a redesign of the Cache API that prevents all the attacks discussed in the paper.
Keywords:
web, security, novel attack, large-scale study
Created from the Publication Database of the Vienna University of Technology.