Skip navigation

Stefan Kimak

PhD in Computer Science and Digital Technologies

This thesis presents an analysis of, and enhanced security model for IndexedDB, the persistent HTML5 browser based data store.

This thesis firstly argues that IndexedDB is insecure by design. That is, the design of IndexedDB means that every implementation is vulnerable to attacks such as Cross Site Scripting, and even data from databases that have been deleted may readily be stolen using appropriate software tools. This is demonstrated experimentally on both mobile and desktop browsers. IndexedDB is however capable of very high performance levels.This is demonstrated through the development of a formal performance model.

In the final component of this thesis, we propose and implement security enhancement that corrects the weaknesses in IndexedDB local storage. The enhancement uses multi factor authentication, and so is resistant to Cross Site Scripting attacks. This enhancement is then demonstrated experimentally, showing HTML5 IndexedDb may be securely used both on and offline.

Research Supervisors

  • Dr. Jeremy Ellman
  • Ms Shelagh Keogh

Key Publications

Some potential issues with the security of HTML5 indexedDB. / Conference paper

Performance Testing and Comparison of Client Side Databases Versus Server Side. / Conference paper

An Investigation into Possible Attacks on HTML5 IndexedDB and their Prevention. / Conference paper

 


Latest News and Features

Northumbria University Interior Architecture graduates Amber Morley and Khalil Abdulrahman.
a group of people wearing white lab coats
Dr Liam Pearson-Noseworthy Headshot
The Make and Mend pop-up studio in use at Belsay Hall.
School meals being provided in a canteen
North Tyne Youth member Matthew, helped design and build the AI ‘Logiscope’ Camera
More news
More events

Upcoming events

Centring and Clay Connections Exhibition
-
State of Play: A history of Playful Learning in 10 Video Games
Outsiders and Insiders
Inaugural Lecture Professor Stuart Roper

Back to top