Browse by author
Lookup NU author(s): Dr Matthew ForshawORCiD, Professor Feng Hao, Ehsan Toreini
Private browsing has been a popular privacy feature built into all mainstream browsers since 2005. However, despite the prevalent use, the security of this feature has received little attention from the research community. To the best of our knowledge, no study has existed that systematically evaluates the security of private browsing across all major browsers and from all angles: not only examining the memory, but also the underlying database structure on the disk and the web traffic. In this paper, we present an up-to-date and comprehensive analysis of private browsing across the four most popular web browsers: IE, Firefox, Chrome and Safari. We report that all browsers under study suffer from a variety of vulnerabilities, many of which have not been reported or known before. The problems are generally caused by the following factors: a lax control of permission to allow extensions to run in the private mode with unrestricted privilege; inconsistent implementations of the underlying SQLite database between the private and usual modes; the neglect of the cross-mode interference when the two modes are run in parallel; a lack of attention to side-channel timing attacks, etc. All of the attacks have been experimentally verified with countermeasures proposed.
Author(s): Satvat K, Forshaw M, Hao F, Toreini E
Publication type: Report
Publication status: Published
Series Title: School of Computing Science Technical Report Series
Year: 2013
Pages: 25
Print publication date: 01/10/2013
Source Publication Date: October 2013
Report Number: 1397
Institution: School of Computing Science, University of Newcastle upon Tyne
Place Published: Newcastle upon Tyne
URL: http://www.cs.ncl.ac.uk/publications/trs/papers/1397.pdf