An Investigation into Possible Attacks on HTML5 IndexedDB and their Prevention

Kimak, Stefan, Ellman, Jeremy and Laing, Christopher (2012) An Investigation into Possible Attacks on HTML5 IndexedDB and their Prevention. In: 6th Conference on Software, Knowledge, Information Management and Applications (SKIMA 2012), 9-11 September 2012, Chengdu University.

PDF Kimak_Ellman_Laing_SKIMA2012.pdf - Published Version Restricted to Repository staff only Download (299kB) | Request a copy

Abstract

over the past 20 years web browsers have changed considerably from being a simple text display to now supporting complex multimedia applications [1]. The client can now enjoy chatting, playing games and Internet banking. All these applications have something in common, they can be run on multiple platforms and in some cases they will run offline. With the introduction of HTML5 this evolution will increase, with browsers offering greater levels of functionality. However, with the introduction of HTML5, new persistent database security vulnerabilities could impact on this functionality. IndexedDB functionality involves storing application data on the client PC. As client data including sensitive information is now stored locally, consequently vulnerabilities within HTML5’s IndexedDB scheme could have devastating consequences. This paper will investigate potential vulnerabilities, and propose security framework for HTML5’s IndexedDB files that could be included as part of an inherited web browser security.

Actions (login required)

View Item

Downloads