Security Study of Service Worker Cross-Site Scripting.

Chinprutthiwong, Phakpoom; Vardhan, Raj; Yang, Guangliang; Gu, Guofei

doi:10.1145/3427228.3427290

Cited by 13 publications

(4 citation statements)

References 14 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Attacks on Service Worker and CSS: Recent research has explored attacks on Service Worker [35,60,70]. However, these attacks exploit the vulnerabilities in the Javascript code of a website.…”

Section: Limitations and Discussionmentioning

confidence: 99%

InviCloak: An End-to-End Approach to Privacy and Performance in Web Content Distribution

Lin,

Xin,

Goel

et al. 2022

Preprint

View full text Add to dashboard Cite

In today's web ecosystem, a website that uses a Content Delivery Network (CDN) shares its Transport Layer Security (TLS) private key or session key with the CDN. In this paper, we present the design and implementation of InviCloak, a system that protects the confidentiality and integrity of a user and a website's private communications without changing TLS or upgrading a CDN. Invi-Cloak builds a lightweight but secure and practical key distribution mechanism using the existing DNS infrastructure to distribute a new public key associated with a website's domain name. A web client and a website can use the new key pair to build an encryption channel inside TLS. InviCloak accommodates the current web ecosystem. A website can deploy InviCloak unilaterally without a client's involvement to prevent a passive attacker inside a CDN from eavesdropping on their communications. If a client also installs InviCloak's browser extension, the client and the website can achieve end-to-end confidential and untampered communications in the presence of an active attacker inside a CDN. Our evaluation shows that InviCloak increases the median page load times (PLTs) of realistic web pages from 2.0s to 2.1s, which is smaller than the median PLTs (2.8s) of a state-of-the-art TEE-based solution. CCS CONCEPTS• Networks → Web protocol security; • Security and privacy → Key management.

show abstract

Section: Limitations and Discussionmentioning

confidence: 99%

InviCloak: An End-to-End Approach to Privacy and Performance in Web Content Distribution

Lin,

Xin,

Goel

et al. 2022

Preprint

View full text Add to dashboard Cite

show abstract

“…We brie y discuss some recent research on the topic of web accessibility in this section. Making digital content accessible to all people, regardless of their disabilities or environmental limitations, is the de nition of accessibility [10]. The availability of supplementaryskills to increase the web accessibility, such as by employing assistive technologies like reading software based on screen view, magnify the screen, alternate skills and digital devices i.e., keyboard, alternate touchpads, display the Braille exhibitions refresh, and speechcontribution.…”

Section: Literature Surveymentioning

confidence: 99%

Web accessibility evaluation of private and government websites for people with disabilities through fuzzy classifier in the USA

Polireddi,

Chaitanya

2023

Soft Comput

View full text Add to dashboard Cite

The impact of technological advancements in construct the web in order tomake it accessible for people with impairments was examined through a retrospective analysis of websites. For the years 1997-2002, anarbitraryillustration of overall webpages and a suitabilityillustration of US administration webpages were researched and related. The accessing the web becomes barrier (WAB) and di culty ratings remained computed. ANOVA and Tukey's HSD remainedrecycled to detect alterations between centuries for overallpositions. ANOVA repeat measurements wereutilized to analyze changes in US government websites, and Pearson's connection factor (r) was calculated toward assess the connection among convenience and di culty. Arbitrary webpages gradually develop unreachable as di culty rises. The complexity of US government websites is increasing while they are still accessible through fuzzy classi er. It's not necessary for increasing complexity, which is frequently brought on by adding complicated components to a Web page, to result in greater accessibility hurdles reducing the use of scripts in webpage design will increase complexity.

show abstract

“…This gives the developers control of caching assets and relevant data for offline use. Due to this powerful feature of service worker, it only works on secure connections (HTTPS) for security reasons, this will prevent external attacks from intercepting and modifying the network requests [4]. It should also be noted that service workers can do a lot more than offline-first capabilities, they can also handle notifications and perform heavy tasks on a separate thread.…”

Section: Literature Reviewmentioning

confidence: 99%

Progressive Web Apps to Support (Critical) Systems in Low or No Connectivity Areas

Josephe,

Chrysoulas,

Peng

et al. 2023

2023 IEEE IAS Global Conference on Emerging Technologies (GlobConET)

View full text Add to dashboard Cite

Web applications are popular in our world today and every organization or individual either build or access at least one each day. It's important for every application user to continue accessing contents of a web application irrespective of the network connectivity and user's location. Previous researchers have tried to solve this problem by using the browser's cache to make the web application work offline. Although this approach has worked, it lacks the aspect of permitting a user to send information to the server when offline. This work proposed an architecture to solve this by sending essential data through an SMS platform. A Minimum Viable Product (MVP) that fits into the proposed architecture was implemented leveraging on service worker to detect an offline application and send the data through SMS. The information is retrieved by a webhook and sent to the webserver. The result of this research validates that the proposed architecture can be used to send data when a web application is offline. The research also recommends areas where further work can be explored to improve on this solution.

show abstract

Security Study of Service Worker Cross-Site Scripting.

Cited by 13 publications

References 14 publications

InviCloak: An End-to-End Approach to Privacy and Performance in Web Content Distribution

InviCloak: An End-to-End Approach to Privacy and Performance in Web Content Distribution

Web accessibility evaluation of private and government websites for people with disabilities through fuzzy classifier in the USA

Progressive Web Apps to Support (Critical) Systems in Low or No Connectivity Areas

Contact Info

Product

Resources

About