zenon/bachelorarbeit
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Add references for Cache Control Directives

Browse Source
This commit is contained in:
Tobias Eidelpes 2020-08-25 14:12:28 +02:00
parent 6787090629
commit a108cd5778
2 changed files with 40 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
methods.tex
View File

@ -762,20 +762,21 @@ attack.
Cache Control Directives can be supplied in the Cache-Control \gls{HTTP} header,
allowing rules about storing, updating and deletion of resources in the cache to
be defined. Cache Control Directives make heavy use of \emph{\glspl{ETag}} and
\emph{Last-Modified \gls{HTTP} Headers} to determine whether a cached resource
is stale and needs to be updated. Commonly, a collision-resistant hash function
is used to generate a unique hash of a cached resource which is sent along with
the resource in the first \gls{HTTP} request. The resource and the hash—which is
be defined. Cache Control Directives make heavy use of \emph{\glspl{ETag}}
\cite{fieldingHTTPETag} and \emph{Last-Modified \gls{HTTP} Headers}
\cite{fieldingHTTPLastModified} to determine whether a cached resource is stale
and needs to be updated. Commonly, a collision-resistant hash function is used
to generate a unique hash of a cached resource which is sent along with the
resource in the first \gls{HTTP} request. The resource and the hash—which is
stored in the \gls{ETag} header—is then cached by the client. On subsequent
retrievals of the same \gls{URL}, the client checks for an expiration date on the
requested \gls{URL} via the Cache-Control and Expire headers. If the \gls{URL}
has expired, the client sends a request with the \emph{If-None-Match} field set
with the \gls{ETag}. The server then compares the \gls{ETag} received by the
client with the generated \gls{ETag} of the resource on the server side. If the
two values match (i.e., the resource has not changed), the server can send back
an \gls{HTTP} 304 Not-Modified status. Otherwise, the answer contains a full
\gls{HTTP} response with the modified resource and the newly generated
retrievals of the same \gls{URL}, the client checks for an expiration date on
the requested \gls{URL} via the Cache-Control and Expire headers. If the
\gls{URL} has expired, the client sends a request with the \emph{If-None-Match}
field set with the \gls{ETag}. The server then compares the \gls{ETag} received
by the client with the generated \gls{ETag} of the resource on the server side.
If the two values match (i.e., the resource has not changed), the server can
send back an \gls{HTTP} 304 Not-Modified status. Otherwise, the answer contains
a full \gls{HTTP} response with the modified resource and the newly generated
\gls{ETag}, which the client can cache again. Usage of \glspl{ETag} can
therefore improve performance and cache consistency while at the same time
reducing bandwidth usage.

26
references.bib
View File

@ -480,6 +480,22 @@ Web cache timing attacks},
series = {{{CCS}} '00}
}
@misc{fieldingHTTPETag,
title = {{{HTTP}}/1.1: {{ETag}}},
shorttitle = {Hypertext {{Transfer Protocol}} ({{HTTP}}/1.1)},
author = {Fielding, Roy and Reschke, Julian},
url = {https://tools.ietf.org/html/rfc7232\#section-2.3},
urldate = {2020-08-25}
}
@misc{fieldingHTTPLastModified,
title = {{{HTTP}}/1.1: {{Last}}-{{Modified}}},
shorttitle = {Hypertext {{Transfer Protocol}} ({{HTTP}}/1.1)},
author = {Fielding, Roy and Reschke, Julian},
url = {https://tools.ietf.org/html/rfc7232\#section-2.2},
urldate = {2020-08-25}
}
@misc{fieldingHTTPSemanticsContent2014,
title = {{{HTTP}}: {{Semantics}} and {{Content}} - {{Referer}}},
shorttitle = {Hypertext {{Transfer Protocol}} ({{HTTP}}/1.1)},
@ -732,6 +748,16 @@ Impact of CSS-based history detection},
language = {English}
}
@inproceedings{juelsCacheCookiesBrowser2006,
title = {Cache Cookies for Browser Authentication},
booktitle = {2006 {{IEEE Symposium}} on {{Security}} and {{Privacy}} ({{S P}}'06)},
author = {Juels, A. and Jakobsson, M. and Jagatic, T.N.},
year = {2006},
month = may,
pages = {5 pp.-305},
abstract = {Like conventional cookies, cache cookies are data objects that servers store in Web browsers. Cache cookies, however, are unintentional byproducts of protocol design for browser caches. They do not enjoy any explicit interface support or security policies. In this paper, we show that despite limitations, cache cookies can play a useful role in the identification and authentication of users. Many users today block conventional cookies in their browsers as a privacy measure. The cache-cookie tools we propose can help restore lost usability and convenience to such users while maintaining good privacy. As we show, our techniques can also help combat online security threats such as phishing and pharming that ordinary cookies cannot. The ideas we introduce for cache-cookie management can strengthen ordinary cookies as well. The full version of this paper may be referenced at www.ravenwhite.com}
}
@inproceedings{kaizerCharacterizingWebsiteBehaviors2016,
title = {Characterizing {{Website Behaviors Across Logged}}-in and {{Not}}-Logged-in {{Users}}},
booktitle = {Proceedings of the 2016 {{Internet Measurement Conference}}},