D. N. Kolegov, O. V. Broslavsky, N. E. Oleksov, “Covert timing channels over HTTP cache-control headers”, Prikl. Diskr. Mat., 2015, Number 2(28),Pages <nobr>71

This article is cited in 2 papers

Mathematical Foundations of Computer Security

Covert timing channels over HTTP cache-control headers

D. N. Kolegov, O. V. Broslavsky, N. E. Oleksov

National Research Tomsk State University, Tomsk, Russia

Abstract: We introduce and discuss a new family of timing covert channels based on HTTP cache headers. We propose a general scheme of the timing covert channels in terms of access control models and data flow diagrams and suggest two base threat models for them. We then consider peculiarities of program implementation of the timing covert channels and their bandwidth depending on a HTTP cache header, a threat model, a programming language (C, JavaScript, Python, Ruby), and an environment. Finally we provide the basic characteristics of the implemented covert channels in web browsers and BeEF.

Keywords: computer security, HTTP, cache-control headers, covert channels, web application security, web browsers security, botnets.

UDC: 004.94

DOI: 10.17223/20710410/28/8