Security Header Fields in HTTP Clients

Gadient, Pascal; Nierstrasz, Oscar; Ghafari, Mohammad (December 2021). Security Header Fields in HTTP Clients. In: 21st IEEE International Conference on Software Quality, Reliability, and Security (QRS). Hainan, China and virtually. December 6 and 10, 2021. 10.1109/QRS54544.2021.00020

[img] Text
Gadi21c.pdf - Published Version
Restricted to registered users only
Available under License Publisher holds Copyright.

Download (180kB)

HTTP headers are commonly used to establish web communications, and some of them are relevant for security. However, we have only little information about the usage and support of security-relevant headers in mobile applications. We explored the adoption of such headers in mobile app communication by querying 9,714 distinct URLs that were used in 3,376 apps and collected each server's response information. We discovered that support for secure HTTP header fields is absent in all major HTTP clients, and it is barely provided with any server response. Based on these results, we discuss opportunities for improvement particularly to reduce the likelihood of data leaks and arbitrary code execution. We advocate more comprehensive use of existing HTTP headers and timely development of relevant web browser security features in HTTP client libraries.

Item Type:

Conference or Workshop Item (Paper)

Division/Institute:

08 Faculty of Science > Institute of Computer Science (INF)
08 Faculty of Science > Institute of Computer Science (INF) > Software Composition Group (SCG) [discontinued]

UniBE Contributor:

Gadient, Pascal Josef, Nierstrasz, Oscar, Ghafari, Mohammad

Subjects:

000 Computer science, knowledge & systems

Language:

English

Submitter:

Oscar Nierstrasz

Date Deposited:

23 Feb 2022 14:41

Last Modified:

05 Dec 2022 16:07

Publisher DOI:

10.1109/QRS54544.2021.00020

Uncontrolled Keywords:

scg-pub security snf-asa3 scg21 jb22 MISSING-DOI

BORIS DOI:

10.48350/165143

URI:

https://boris.unibe.ch/id/eprint/165143

Actions (login required)

Edit item Edit item
Provide Feedback