The World Wide Web relies heavily on caching to improve performance and scalability, yet the security aspects of this mechanism remain poorly understood. This thesis investigates the security posture of web caches following three incremental steps: web cache detection, exploitation, and uncovering of novel attack primitives. First, we introduce methodologies to detect web caches using response headers, timing analysis, and subtle header variations, comparing their effectiveness and limitations. Building on this foundation, we present large-scale techniques for detecting vulnerabilities such as Web Cache Deception (WCD) and cache poisoning. We focus on understudied vulnerabilities for which no automated detection tools exist. Our empirical analysis includes the largest WCD study to date, identifying 1,188 vulnerable domains and challenging prior assumptions about its real-world severity. We then explore the broader security implications of cache misuse, showing how WCD can be chained with other web vulnerabilities to create complex attack vectors enabling data leakage and supply chain compromise, and how caching of security tokens can severely impact the security of web users. Finally, we introduce Web Cache Overflow (WCO), a new attack primitive that exploits imprecise cache keying to degrade cache performance and cause Denial of Service. Overall, this work provides a comprehensive exploration of web cache vulnerabilities, from foundational detection challenges to large-scale exploitation and mitigation, and serves as a basis for further research in this critical area. Through these contributions, we advance the state of the art in web cache security through systematic detection methodologies, large-scale vulnerability analysis, and the discovery of new attack vectors, accompanied by open-source tools to foster further research and defensive development. Our findings underscore the need for improved security practices in web caching and provide actionable insights for both researchers and practitioners.
Security Implications of Web Caching
Golinelli, Matteo
2026
Abstract
The World Wide Web relies heavily on caching to improve performance and scalability, yet the security aspects of this mechanism remain poorly understood. This thesis investigates the security posture of web caches following three incremental steps: web cache detection, exploitation, and uncovering of novel attack primitives. First, we introduce methodologies to detect web caches using response headers, timing analysis, and subtle header variations, comparing their effectiveness and limitations. Building on this foundation, we present large-scale techniques for detecting vulnerabilities such as Web Cache Deception (WCD) and cache poisoning. We focus on understudied vulnerabilities for which no automated detection tools exist. Our empirical analysis includes the largest WCD study to date, identifying 1,188 vulnerable domains and challenging prior assumptions about its real-world severity. We then explore the broader security implications of cache misuse, showing how WCD can be chained with other web vulnerabilities to create complex attack vectors enabling data leakage and supply chain compromise, and how caching of security tokens can severely impact the security of web users. Finally, we introduce Web Cache Overflow (WCO), a new attack primitive that exploits imprecise cache keying to degrade cache performance and cause Denial of Service. Overall, this work provides a comprehensive exploration of web cache vulnerabilities, from foundational detection challenges to large-scale exploitation and mitigation, and serves as a basis for further research in this critical area. Through these contributions, we advance the state of the art in web cache security through systematic detection methodologies, large-scale vulnerability analysis, and the discovery of new attack vectors, accompanied by open-source tools to foster further research and defensive development. Our findings underscore the need for improved security practices in web caching and provide actionable insights for both researchers and practitioners.| File | Dimensione | Formato | |
|---|---|---|---|
|
phd_unitn_golinelli_matteo.pdf
accesso aperto
Licenza:
Creative Commons
Dimensione
1.37 MB
Formato
Adobe PDF
|
1.37 MB | Adobe PDF | Visualizza/Apri |
I documenti in UNITESI sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
https://hdl.handle.net/20.500.14242/362134
URN:NBN:IT:UNITN-362134