Exploiting web push notification features in third-party push services = 제 3자 푸시 서비스의 웹 푸시 알림 기능 공격

Cited 0 time in webofscience Cited 0 time in scopus
  • Hit : 27
  • Download : 0
DC FieldValueLanguage
dc.contributor.advisorShin, Insik-
dc.contributor.advisor신인식-
dc.contributor.authorKim, Hayeon-
dc.date.accessioned2019-09-04T02:46:57Z-
dc.date.available2019-09-04T02:46:57Z-
dc.date.issued2019-
dc.identifier.urihttp://library.kaist.ac.kr/search/detail/view.do?bibCtrlNo=843510&flag=dissertationen_US
dc.identifier.urihttp://hdl.handle.net/10203/267056-
dc.description학위논문(석사) - 한국과학기술원 : 전산학부, 2019.2,[iv, 26 p. :]-
dc.description.abstractWeb push notification is a new feature of Web application designed to engage with the users. As Web push notification gained popularity, growing number of websites deployed Web push notification and various third-party push services which provide easy deployment emerged. Third-party push services (or push libraries) provide a convenient and fast way of enabling push notifications at the website. Despite the vast attention that Web push notifications have gained, there has been no research on current deployment status or security and privacy risks brought by Web push notification. In this paper, we conducted the systematic study of the security and privacy aspects of Web push notification that arise from third-party push services. We investigated design flaws in popular thirdparty push services that introduce new attacks-
dc.description.abstractpermission delegation and domain name spoofing attack. We demonstrated the attacks on real-world websites that are using vulnerable third-party services. We identified current Web push deployment status in Alexa top 100,000 websites and confirmed that 86.9% of sites use third-party push services to deploy Web push notification. Defenses and recommendations to mitigate the identified security and privacy risks are suggested with in-depth understanding.-
dc.languageeng-
dc.publisher한국과학기술원-
dc.subjectWeb application security▼aweb push notification▼aphishing▼aspoofing attacks-
dc.subject웹 어플리케이션 보안▼a웹 푸시 알림▼a피싱▼a스푸핑 공격-
dc.titleExploiting web push notification features in third-party push services = 제 3자 푸시 서비스의 웹 푸시 알림 기능 공격-
dc.typeThesis(Master)-
dc.identifier.CNRN325007-
dc.description.department한국과학기술원 :전산학부,-
dc.contributor.alternativeauthor김하연-
Appears in Collection
CS-Theses_Master(석사논문)
Files in This Item
There are no files associated with this item.

qr_code

  • mendeley

    citeulike


rss_1.0 rss_2.0 atom_1.0