Friday, March 26, 2010

Side-Channel Leaks in Web Applications

Side-Channel Leaks in Web Applications: a Reality Today, a Challenge Tomorrow

With software-as-a-service becoming mainstream,more and more applications are delivered to the client through the Web. Unlike a desktop application, a web application is split into browser-side and server-side components. A subset of the application’s internal information flows are inevitably exposed on the network.

This paper reports information leaks in several realworld web applications.

Download PDF

See also Side-Channel Attacks on Encrypted Web Traffic by Bruce Schneier

No comments: