An Investigation into Possible Attacks on HTML5 IndexedDB and their Prevention

Kimak, Stefan, Ellman, Jeremy and Laing, Christopher (2012) An Investigation into Possible Attacks on HTML5 IndexedDB and their Prevention. In: 6th Conference on Software, Knowledge, Information Management and Applications (SKIMA 2012), 9-11 September 2012, Chengdu University.

[img] PDF
Kimak_Ellman_Laing_SKIMA2012.pdf - Published Version
Restricted to Repository staff only

Download (299kB) | Request a copy

Abstract

over the past 20 years web browsers have changed considerably from being a simple text display to now supporting complex multimedia applications [1]. The client can now enjoy chatting, playing games and Internet banking. All these applications have something in common, they can be run on multiple platforms and in some cases they will run offline. With the introduction of HTML5 this evolution will increase, with browsers offering greater levels of functionality. However, with the introduction of HTML5, new persistent database security vulnerabilities could impact on this functionality. IndexedDB functionality involves storing application data on the client PC. As client data including sensitive information is now stored locally, consequently vulnerabilities within HTML5’s IndexedDB scheme could have devastating consequences. This paper will investigate potential vulnerabilities, and propose security framework for HTML5’s IndexedDB files that could be included as part of an inherited web browser security.

Item Type: Conference or Workshop Item (Paper)
Uncontrolled Keywords: web security; HTML5; IndexedDB
Subjects: G400 Computer Science
Department: Faculties > Engineering and Environment > Mathematics, Physics and Electrical Engineering
Depositing User: Jeremy Ellman
Date Deposited: 21 Oct 2013 07:54
Last Modified: 10 May 2017 18:27
URI: http://nrl.northumbria.ac.uk/id/eprint/14089

Actions (login required)

View Item View Item

Downloads

Downloads per month over past year

View more statistics


Policies: NRL Policies | NRL University Deposit Policy | NRL Deposit Licence