|
This article is cited in 2 scientific papers (total in 2 papers)
Mathematical Foundations of Computer Security
Covert timing channels over HTTP cache-control headers
D. N. Kolegov, O. V. Broslavsky, N. E. Oleksov National Research Tomsk State University, Tomsk, Russia
Abstract:
We introduce and discuss a new family of timing covert channels based on HTTP cache headers. We propose a general scheme of the timing covert channels in terms of access control models and data flow diagrams and suggest two base threat models for them. We then consider peculiarities of program implementation of the timing covert channels and their bandwidth depending on a HTTP cache header, a threat model, a programming language (C, JavaScript, Python, Ruby), and an environment. Finally we provide the basic characteristics of the implemented covert channels in web browsers and BeEF.
Keywords:
computer security, HTTP, cache-control headers, covert channels, web application security, web browsers security, botnets.
Citation:
D. N. Kolegov, O. V. Broslavsky, N. E. Oleksov, “Covert timing channels over HTTP cache-control headers”, Prikl. Diskr. Mat., 2015, no. 2(28), 71–85
Linking options:
https://www.mathnet.ru/eng/pdm506 https://www.mathnet.ru/eng/pdm/y2015/i2/p71
|
Statistics & downloads: |
Abstract page: | 535 | Full-text PDF : | 99 | References: | 43 |
|