• Login
    JavaScript is disabled for your browser. Some features of this site may not work without it.
    Quantitative Information Flow of Side-Channel Leakages in Web Applications 
    •   QMRO Home
    • Queen Mary University of London Theses
    • Theses
    • Quantitative Information Flow of Side-Channel Leakages in Web Applications
    •   QMRO Home
    • Queen Mary University of London Theses
    • Theses
    • Quantitative Information Flow of Side-Channel Leakages in Web Applications
    ‌
    ‌

    Browse

    All of QMROCommunities & CollectionsBy Issue DateAuthorsTitlesSubjectsThis CollectionBy Issue DateAuthorsTitlesSubjects
    ‌
    ‌

    Administrators only

    Login
    ‌
    ‌

    Statistics

    Most Popular ItemsStatistics by CountryMost Popular Authors

    Quantitative Information Flow of Side-Channel Leakages in Web Applications

    View/Open
    Huang_Xujing_PhD_Final_1105016.pdf (3.454Mb)
    Publisher
    Queen Mary University of London
    Metadata
    Show full item record
    Abstract
    It is not a secret that communications between client sides and server sides in web applications can leak user confidential data through side-channel attacks. The lower lever traffic features, such as packet sizes, packet lengths, timings, etc., are public to attackers. Attackers can infer a user's web activities including web browsing histories and user sensitive information by analysing web traffic generated during communications, even when the traffic is encrypted. There has been an increasing public concern about the disclosure of user privacy through side-channel attacks in web applications. A large amount of work has been proposed to analyse and evaluate this kind of security threat in the real world. This dissertation addresses side-channel vulnerabilities from different perspectives. First, a new approach based on verification and quantitative information flow is proposed to perform a fully automated analysis of side-channel leakages in web applications. Core to this aim is the generation of test cases without developers' manual work. Techniques are implemented into a tool, called SideAuto, which targets at the Apache Struts web applications. Then the focus is turned to real-world web applications. A black-box methodology of automatically analysing side-channel vulnerabilities in real-world web applications is proposed. This research demonstrates that communications which are not explicitly involving user sensitive information can leak user secrets, even more seriously than a traffic explicitly transmitting user information. Moreover, this thesis also examines side-channel leakages of user identities from Google accounts. The research demonstrates that user identities can be revealed, even when communicating with external websites included in Alexa Top 150 websites, which have no relation to Google accounts.
    Authors
    Huang, Xujing
    URI
    http://qmro.qmul.ac.uk/xmlui/handle/123456789/12864
    Collections
    • Theses [3321]
    Copyright statements
    The copyright of this thesis rests with the author and no quotation from it or information derived from it may be published without the prior written consent of the author
    Twitter iconFollow QMUL on Twitter
    Twitter iconFollow QM Research
    Online on twitter
    Facebook iconLike us on Facebook
    • Site Map
    • Privacy and cookies
    • Disclaimer
    • Accessibility
    • Contacts
    • Intranet
    • Current students

    Modern Slavery Statement

    Queen Mary University of London
    Mile End Road
    London E1 4NS
    Tel: +44 (0)20 7882 5555

    © Queen Mary University of London.