Projekte pro Jahr
Abstract
Research showed that microarchitectural attacks like cache attacks can be performed through websites using JavaScript. These timing attacks allow an adversary to spy on users secrets such as their keystrokes, leveraging fine-grained timers. However, the W3C and browser vendors responded to this significant threat by eliminating fine-grained timers from JavaScript. This renders previous high-resolution microarchitectural attacks non-applicable. We demonstrate the inefficacy of this mitigation by finding and evaluating a wide range of new sources of timing information. We develop measurement methods that exceed the resolution of official timing sources by 3 to 4 orders of magnitude on all major browsers, and even more on Tor browser. Our timing measurements do not only re-enable previous attacks to their full extent but also allow implementing new attacks. We demonstrate a new DRAM-based covert channel between a website and an unprivileged app in a virtual machine without network hardware. Our results emphasize that quick-fix mitigations can establish a dangerous false sense of security.
Originalsprache | englisch |
---|---|
Titel | Financial Cryptography and Data Security - 21st International Conference, FC 2017, Revised Selected Papers |
Herausgeber (Verlag) | Springer Verlag Wien |
Seiten | 247-267 |
Seitenumfang | 21 |
Band | 10322 LNCS |
ISBN (Print) | 9783319709710 |
DOIs | |
Publikationsstatus | Veröffentlicht - 1 Jan. 2017 |
Veranstaltung | 21st International Conference on Financial Cryptography and Data Security, FC 2017 - Sliema, Malta Dauer: 3 Apr. 2017 → 7 Apr. 2017 |
Publikationsreihe
Name | Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) |
---|---|
Band | 10322 LNCS |
ISSN (Print) | 0302-9743 |
ISSN (elektronisch) | 1611-3349 |
Konferenz
Konferenz | 21st International Conference on Financial Cryptography and Data Security, FC 2017 |
---|---|
Land/Gebiet | Malta |
Ort | Sliema |
Zeitraum | 3/04/17 → 7/04/17 |
ASJC Scopus subject areas
- Theoretische Informatik
- Informatik (insg.)
Fingerprint
Untersuchen Sie die Forschungsthemen von „Fantastic timers and where to find them: High-resolution microarchitectural attacks in javascript“. Zusammen bilden sie einen einzigartigen Fingerprint.Projekte
- 1 Abgeschlossen
-
EU - SOPHIA - Absicherung von Software gegen Physische Angriffe
1/09/16 → 31/08/21
Projekt: Forschungsprojekt