Keep our web applications safe : A security evaluation of Service Workers

• Main Authors: Erickson, Adam, Nielsen, Oscar
• Format: Others
• Language: English
• Published: Linköpings universitet, Programvara och system 2019
• Subjects: Computer Systems; Datorsystem
• Online Access: http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-161753

With the ever-expanding internet, finding new ways to increase the user experience are vital in order to keeping concurrent users on your web application. One way to achieve this could be to implement a Service Worker to unlock more capabilities of a web application. The purpose of this paper is to evaluate what new security vulnerabilities can arise when implementing a Service Worker. This could then be used to evaluate if the technology has evolved far enough to be used by a wider audience of programmers and users. The analysis in this paper will be presented in a security matrix that is based on four experiments and a complementary literature study on web-based attacks. This paper found that some new vulnerabilities must be considered when implementing a Service Worker in a web application. The worst of these is the Living Outside of Scope, which can be used by an attacker to secretly hijack a victim's computer even when the application is shut down. This paper concludes that the technology has evolved far enough so that a secure web application with the use of the Service Worker is possible, but there are still some new vulnerabilities that can become a problem if not considered.