Stefan Kimak

PhD in Computer Science and Digital Technologies

This thesis presents an analysis of, and enhanced security model for IndexedDB, the persistent HTML5 browser based data store.

This thesis firstly argues that IndexedDB is insecure by design. That is, the design of IndexedDB means that every implementation is vulnerable to attacks such as Cross Site Scripting, and even data from databases that have been deleted may readily be stolen using appropriate software tools. This is demonstrated experimentally on both mobile and desktop browsers. IndexedDB is however capable of very high performance levels.This is demonstrated through the development of a formal performance model.

In the final component of this thesis, we propose and implement security enhancement that corrects the weaknesses in IndexedDB local storage. The enhancement uses multi factor authentication, and so is resistant to Cross Site Scripting attacks. This enhancement is then demonstrated experimentally, showing HTML5 IndexedDb may be securely used both on and offline.

Research Supervisors

Dr. Jeremy Ellman
Ms Shelagh Keogh

Key Publications

Some potential issues with the security of HTML5 indexedDB. / Conference paper

Performance Testing and Comparison of Client Side Databases Versus Server Side. / Conference paper

An Investigation into Possible Attacks on HTML5 IndexedDB and their Prevention. / Conference paper

Student profiles

Latest News and Features

Will Croston pictured holding his RTS award

Film inspired by personal loss wins Best Student Drama at industry awards

21.02.25

Northumbria University graduate Will Croston has been awarded a prestigious Royal Television…

Fashion student Bethany Young pictured with some of her work

Inspiring knitwear designer wins Framework Knitters’ Award

19.02.25

Bethany Young, a 28-year-old Fashion BA (Hons) student at Northumbria University, has been…

Flies can choose to play, reveals new study

18.02.25

Scientists have discovered that flies can demonstrate play-like behaviour – the first time…

AI in construction

Using AI to cut construction waste and advance sustainability.

14.02.25

Northumbria University is leading pioneering research to enhance sustainability in the construction…

Gatwick CEO speaks with Engineering students at Northumbria

13.02.25

Northumbria University alum and Chief Executive Officer of Gatwick Airport, Stewart Wingate…

Professor Matt Baillie Smith speaking in Geneva at the International Conference of the Red Cross and Red Crescent.

Northumbria and IFRC strengthen collaboration to advance research on volunteering

13.02.25

Volunteers play critical roles in responding to the multiple humanitarian crises facing the…

More news

Social

More events

Upcoming events

Materiality, Excess and the Nightmare Visions of Horror Animation

Feb
26

Materiality, Excess and the Nightmare Visions of Horror Animation

Lecture Theatre 003

3pm - 4pm

Higgs High-Performance Computing (HPC) Launch

Mar
03

Higgs High-Performance Computing (HPC) Launch

Great Hall

10.30am - 5pm

Local Government still holds great opportunities

Mar
03

Local Government still holds great opportunities

Lecture Theatre 442

11am - 12.30pm

NU Advice: Your Future (Employability)

Mar
05

NU Advice: Your Future (Employability)

4pm - 5pm

Back to top