Cross-Origin State Inference (COSI) Attacks: Leaking Web Site States through XS-Leaks

Sudhodanan, Avinash; Khodayari, Soheil; Caballero, Juan

doi:10.48550/arxiv.1908.02204

Cited by 2 publications

(4 citation statements)

References 21 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This definition is in line with that of prior work (XS-Leaks Wiki[46] and COSI attacks[49]), but makes it explicitly clear that the attacker aims to infer the state that the user has with the targeted website.…”

mentioning

confidence: 67%

“…in 2000, Felten and Schneider described how the time to request a resource leaked information about its cache status. Prior work on categorizing XS-Leaks has mainly focused on enumerating the different known techniques and grouping them by the technique that is used [46], or based on the differences in the resource that can be detected [18,49]. In this section we introduce a new classification method that is based on our model and aims to capture the intrinsic properties of XS-Leaks; namely the component to which the web application state is transferred, the inclusion method that is used for this state-transfer, and the technique that is used to finally extract this state.…”

Section: Xs-leak Attacks: Current Statementioning

confidence: 99%

“…Knittel et al also perform an evaluation of different browsers and identify several novel XS-Leak attacks as a result of their analysis. Other works that provide an extensive overview of XS-Leaks, is the research by Sudhodanan et al [49] and the XS-Leaks wiki [46]. These works mainly focus on the type of information that can be inferred, and introduce classes that are mainly descriptive of how an attack is performed.…”

Section: Related Workmentioning

confidence: 99%

See 2 more Smart Citations

Proceedings of the 2022 ACM on Asia Conference on Computer and Communications Security

2022

View full text Add to dashboard Cite

A web visit typically consists of the browser rendering a dynamically generated response that is specifically tailored to the user. This generation of responses based on the currently authenticated user, whose authentication credentials are automatically included via cookies in all (including cross-site) requests, have led to a multitude of issues. Through cross-site leaks (XS-Leaks), an adversary can try to circumvent the same-origin policy and extract information about responses, which in turn can reveal potentially sensitive information about the user. As research on this class of vulnerabilities only recently gained traction, and the attacks affect many different components of the web platform, the intrinsic characteristics and underlying causes remain largely unexplored.In this paper we present an abstraction of XS-Leaks attacks and introduce an extended formal model that we use to reason about the cause of different leaks and which strategies the various defense mechanisms employ to defend against them. Furthermore, we provide a classification method for current attacks, and, guided by our model, propose a methodology to comprehensively detect new XS-Leak issues, or indicate their absence. Furthermore, we analyze the current defenses and identify gaps that still require further research to provide extensive solutions for sites that rely on cross-site interactions. Finally, we explore how XS-Leak defenses are currently deployed and which challenges website owners are still facing. As a first step towards facilitating the deployment of XS-Leak defenses, we introduce Leakbuster, a dynamic web interface that provides web developers with suggestions based on the insights provided throughout this paper. CCS CONCEPTS• Security and privacy → Browser security; Network security; Formal methods and theory of security.

show abstract

mentioning

confidence: 67%

Section: Xs-leak Attacks: Current Statementioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Proceedings of the 2022 ACM on Asia Conference on Computer and Communications Security

2022

View full text Add to dashboard Cite

show abstract

“…Since resources in the HTTP cache can be hit across domains, this implies that a range request initiated on one domain can be resumed on another, thus leaking information on what other sites have been previously visited. This attack, known as a cross site leak or XS-Leak [52], is not specific to range requests. Many browsers have begun discussing the implementation of (or have already implemented in the case of Safari [26,30]) dual-key caching.…”

Section: Discussionmentioning

confidence: 99%

Browselite: A Private Data Saving Solution for the Web

Kelton,

Varvello,

Aucinas

et al. 2021

Preprint

View full text Add to dashboard Cite

The median webpage has increased in size by more than 80% in the last 4 years. This extra complexity allows for a rich browsing experience, but it hurts the majority of mobile users which still pay for their traffic. This has motivated several data-saving solutions, which aim at reducing the complexity of webpages by transforming their content. Despite each method being unique, they either reduce user privacy by further centralizing web traffic through data-saving middleboxes or introduce web compatibility (Web-compat) issues by removing content that breaks pages in unpredictable ways.In this paper, we argue that data-saving is still possible without impacting either users privacy or Web-compat. Our main observation is that Web images make up a large portion of Web traffic and have negligible impact on Web-compat. To this end we make two main contributions. First, we quantify the potential savings that image manipulation, such as dimension resizing, quality compression, and transcoding, enables at large scale: 300 landing and 880 internal pages. Next, we design and build BrowseLite, an entirely client-side tool that achieves such data savings through opportunistically instrumenting existing server-side tooling to perform image compression, while simultaneously reducing the total amount of image data fetched. The effect of BrowseLite on the user experience is quantified using standard page load metrics and a real user study of over 200 users across 50 optimized web pages. BrowseLite allows for similar savings to middlebox approaches, while offering additional security, privacy, and Web-compat guarantees.

show abstract

Cross-Origin State Inference (COSI) Attacks: Leaking Web Site States through XS-Leaks

Cited by 2 publications

References 21 publications

Proceedings of the 2022 ACM on Asia Conference on Computer and Communications Security

Proceedings of the 2022 ACM on Asia Conference on Computer and Communications Security

Browselite: A Private Data Saving Solution for the Web

Contact Info

Product

Resources

About