Please use this identifier to cite or link to this item:
Publication type: Working paper – expertise – study
Title: Web content signing with service workers
Authors: Sutter, Thomas
Lapagna, Kevin
Berlich, Peter
Rennhard, Marc
Germann, Fabio
et. al: Yes
DOI: 10.21256/zhaw-22514
Extent: 9
Issue Date: 12-May-2021
Publisher / Ed. Institution: ZHAW Zürcher Hochschule für Angewandte Wissenschaften
Language: English
Subjects: Computer science; Cryptography; Security
Subject (DDC): 005: Computer programming, programs and data
Abstract: Securing the communication between a web server and a browser is a fundamental task of securing the World Wide Web. Websites today rely heavily on HTTPS to set up secure connections. In recent years, several incidents undermined this trust and therefore the security of the HTTPS system. In this paper we introduce an approach allowing to secure JavaScript files in case a HTTPS connection between web server and browser is compromised. Our paper presents a solution to safeguard the user's browser so that it only processes content (e.g., JavaScript or HTML) that was genuinely provided by the web application service providers themselves. Our solution makes use of service workers, a recently proposed W3C Candidate Recommendation enabling applications to take advantage of persistent background processing, including hooks to enable bootstrapping of web applications while offline. It demonstrates how service workers are able to validate the integrity of JavaScript files within the client's browser and how service workers are used to detect and mitigate malicious JavaScript files.
License (according to publishing contract): CC BY-NC-ND 4.0: Attribution - Non commercial - No derivatives 4.0 International
Departement: School of Engineering
Organisational Unit: Institute of Applied Information Technology (InIT)
Published as part of the ZHAW project: SeCoSS: Secure Collaboration with SecureSafe
Appears in collections:Publikationen School of Engineering

Files in This Item:
File Description SizeFormat 
2021_Sutter-etal_Web-content-signing-with-service-workers.pdf194.2 kBAdobe PDFThumbnail

Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.