dc.description.abstract | The service worker (SW) is an emerging web technology that was introduced to enhance the
browsing experience of web users. At the core, it is essentially a JavaScript file that runs in an
isolated and privileged context separated from the main web page or web workers. Websites can register a service worker to enable native mobile application features including but not limited to supporting offline usage and sending push notifications. With the help of this technology, traditional websites can now act like native mobile apps or become appified. Recently, the use of service workers has gained much attention from web developers, security researchers, and even cyber-criminals due to the service worker’s unique capabilities, especially the ability to intercept and modify web requests and responses at runtime. Such capabilities inevitably introduce new factors to web security considerations.
The goal of this research is to systematically study both the vulnerabilities and the security enhancement to websites that can come with the introduction of service workers. The contributions of this dissertation are three folds. First, we investigate the service worker lifecycle and uncover a vulnerability allowing cross-site scripts to be executed inside the service worker. We term this novel attack as Service Worker Cross-Site Scripting (SW-XSS) and develop a dynamic taint tracking tool to measure the impact of SW-XSS in the wild. Second, we analyze the communication channels between the service worker and other web contexts. We identify two vulnerable channels, IndexedDB and Push notifications. These channels can be utilized to launch SW-XSS and push hijacking attacks, which can lead to the privacy leakage of users. Third, we propose and develop a framework, SWAPP (Service Worker APplication Platform), for implementing security appliances by leveraging the unique capabilities of a service worker. Not only can SWAPP prevent the aforementioned attacks against service workers but also be used to implement defense mechanisms for traditional web attacks such as Cross-Site Scripting (XSS), data leakage, or side-channel attacks. We develop several defenses for traditional attacks using SWAPP and show that they are easier to develop, have lesser installation requirements, and are effective compared to existing solutions. | |