Covert timing channels over HTTP cache-control headers

D. N. Kolegov; O. V. Broslavsky; N. E. Oleksov

Geodesic

Parcourir par

Covert timing channels over HTTP cache-control headers

D. N. Kolegov ; O. V. Broslavsky ; N. E. Oleksov

Prikladnaâ diskretnaâ matematika, no. 2 (2015), pp. 71-85

Voir la notice de l'article provenant de la source Math-Net.Ru

Résumé

We introduce and discuss a new family of timing covert channels based on HTTP cache headers. We propose a general scheme of the timing covert channels in terms of access control models and data flow diagrams and suggest two base threat models for them. We then consider peculiarities of program implementation of the timing covert channels and their bandwidth depending on a HTTP cache header, a threat model, a programming language (C, JavaScript, Python, Ruby), and an environment. Finally we provide the basic characteristics of the implemented covert channels in web browsers and BeEF.

Keywords: computer security, HTTP, cache-control headers, covert channels, web application security, web browsers security, botnets.

@article{PDM_2015_2_a7,
     author = {D. N. Kolegov and O. V. Broslavsky and N. E. Oleksov},
     title = {Covert timing channels over {HTTP} cache-control headers},
     journal = {Prikladna\^a diskretna\^a matematika},
     pages = {71--85},
     publisher = {mathdoc},
     number = {2},
     year = {2015},
     language = {ru},
     url = {http://geodesic.mathdoc.fr/item/PDM_2015_2_a7/}
}

TY  - JOUR
AU  - D. N. Kolegov
AU  - O. V. Broslavsky
AU  - N. E. Oleksov
TI  - Covert timing channels over HTTP cache-control headers
JO  - Prikladnaâ diskretnaâ matematika
PY  - 2015
SP  - 71
EP  - 85
IS  - 2
PB  - mathdoc
UR  - http://geodesic.mathdoc.fr/item/PDM_2015_2_a7/
LA  - ru
ID  - PDM_2015_2_a7
ER  -

%0 Journal Article
%A D. N. Kolegov
%A O. V. Broslavsky
%A N. E. Oleksov
%T Covert timing channels over HTTP cache-control headers
%J Prikladnaâ diskretnaâ matematika
%D 2015
%P 71-85
%N 2
%I mathdoc
%U http://geodesic.mathdoc.fr/item/PDM_2015_2_a7/
%G ru
%F PDM_2015_2_a7

D. N. Kolegov; O. V. Broslavsky; N. E. Oleksov. Covert timing channels over HTTP cache-control headers. Prikladnaâ diskretnaâ matematika, no. 2 (2015), pp. 71-85. http://geodesic.mathdoc.fr/item/PDM_2015_2_a7/