lnu.sePublications
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Evaluation of Security of ServiceWorker and Related APIs
Linnaeus University, Faculty of Technology, Department of computer science and media technology (CM).
2018 (English)Independent thesis Basic level (degree of Bachelor), 10 credits / 15 HE creditsStudent thesis
Abstract [en]

The Service Worker is a programmable proxy that allows the clients to keep offline parts of websites or even the whole domains, receive push notifications, have back-ground synchronization and other features. All of these features are available to the user without having to install an application - the user only visits a website. The service worker has gained popularity due to being a key component in the Progressive Web Applications (PWAs). PWAs have already proven to drastically increase the number of visits and the duration of browsing for websites such as Forbes [1], Twitter [2], and many others. The Service Worker is a powerful tool, yet it is hard for clients to understand the security implications of it. Therefore, all modern browser install the service workers without asking the client. While this offers many conveniences to the user, this powerful technology introduces new security risks. This thesis takes a closer look at the structure of the service worker and focuses on the vulnerabilities of its components. After the literature analysis and some testing using the demonstrator developed during this project, the vulnerabilities of the service worker components are classified and presented in the form of the vulnerability matrix; the mitigations to the vulnerabilities are then outlined, and the two are summarized in the form of security guidelines.

Place, publisher, year, edition, pages
2018. , p. 32
Keywords [en]
Service Worker API, Push API, Cache API, Application Cache, se- curity, Progressive Web Apps, HTTPS
National Category
Other Engineering and Technologies
Identifiers
URN: urn:nbn:se:lnu:diva-75875OAI: oai:DiVA.org:lnu-75875DiVA, id: diva2:1218197
Educational program
Network Security Programme, 180 credits
Presentation
2018-05-30, D1167v, Växjö, 10:57 (English)
Supervisors
Examiners
Available from: 2018-06-15 Created: 2018-06-14 Last updated: 2018-06-15Bibliographically approved

Open Access in DiVA

fulltext(1165 kB)32 downloads
File information
File name FULLTEXT01.pdfFile size 1165 kBChecksum SHA-512
a11923bcb56d19de7c5c311d93adcc7d20f5762e8c7ebeb4fa824f05857e10dc0532b364cae3bb8a3fd3dda1f462e6f0a894ac66e69d4c19014d7cf9d7c060fd
Type fulltextMimetype application/pdf

By organisation
Department of computer science and media technology (CM)
Other Engineering and Technologies

Search outside of DiVA

GoogleGoogle Scholar
Total: 32 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

urn-nbn

Altmetric score

urn-nbn
Total: 41 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf