Practical memory deduplication attacks in sandboxed javascript

Daniel Gruss*, David Bidner, Stefan Mangard

*Korrespondierende/r Autor/in für diese Arbeit

Publikation: Beitrag in Buch/Bericht/KonferenzbandBeitrag in einem Konferenzband

Abstract

Page deduplication is a mechanism to reduce the memory footprint of a system. Identical physical pages are identified across borders of virtual machines and programs and merged by the operating system or the hypervisor. However, this enables side-channel information leakage through cache or memory access time. Therefore, it is considered harmful in public clouds today, but it is still considered safe to use in a private environment, i.e., private clouds, personal computers, and smartphones. We present the first memory-disclosure attack in sandboxed Javascript which exploits page deduplication. Unlike previous attacks, our attack does not require the victim to execute an adversary’s program, but simply to open a website which contains the adversary’s Javascript code. We are not only able to determine which applications are running, but also specific user activities, for instance, whether the user has specific websites currently opened. The attack works on servers, personal computers and smartphones, and across the borders of virtual machines.

Originalspracheenglisch
TitelComputer Security – ESORICS 2015 - 20th European Symposium on Research in Computer Security, Proceedings
Herausgeber (Verlag)Springer Verlag Wien
Seiten108-122
Seitenumfang15
Band9326
ISBN (Print)9783319241739
DOIs
PublikationsstatusVeröffentlicht - 1 Jan 2015
Veranstaltung20th European Symposium on Research in Computer Security, ESORICS 2015 - Vienna, Österreich
Dauer: 21 Sep 201525 Sep 2015

Publikationsreihe

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Band9326
ISSN (Print)0302-9743
ISSN (elektronisch)1611-3349

Konferenz

Konferenz20th European Symposium on Research in Computer Security, ESORICS 2015
LandÖsterreich
OrtVienna
Zeitraum21/09/1525/09/15

ASJC Scopus subject areas

  • !!Theoretical Computer Science
  • !!Computer Science(all)

Fingerprint

Untersuchen Sie die Forschungsthemen von „Practical memory deduplication attacks in sandboxed javascript“. Zusammen bilden sie einen einzigartigen Fingerprint.

Dieses zitieren