Kimak, Stefan, Ellman, Jeremy and Laing, Christopher (2014) Some Potential Issues with the Security of HTML5 IndexedDB. In: System Safety and Cyber Security 2014 (IET Conference), 14-16th October 2014, The Midland Hotel, Manchester, UK.
|
PDF
IETSS2014_0029_final.pdf Available under License Creative Commons Attribution. Download (1MB) | Preview |
Abstract
The new HTML5 standard provides much more access to client resources, such as user location and local data storage. Unfortunately, this greater access may create new security risks that potentially can yield new threats to user privacy and web attacks. One of these security risks lies with the HTML5 client-side database. It appears that data stored on the client file system is unencrypted. Therefore, any stored data might be at risk of exposure. This paper explains and performs a security investigation into how the data is stored on client local file systems. The investigation was undertaken using Firefox and Chrome web browsers, and Encase (a computer forensic tool), was used to examine the stored data. This paper describes how the data can be retrieved after an application deletes the client side database. Finally, based on our findings, we propose a solution to correct any potential issues and security risks, and recommend ways to store data securely on local file systems.
| Item Type: | Conference or Workshop Item (Paper) |
|---|---|
| Subjects: | G400 Computer Science |
| Department: | Faculties > Engineering and Environment > Computer and Information Sciences |
| Depositing User: | Jeremy Ellman |
| Date Deposited: | 28 Nov 2014 09:16 |
| Last Modified: | 17 Dec 2023 15:34 |
| URI: | https://nrl.northumbria.ac.uk/id/eprint/18302 |
Actions (login required)
 |
View Item |
Downloads
Downloads per month over past year
