Practical memory deduplication attacks in sandboxed javascript

Research output: Chapter in Book/Report/Conference proceedingConference contributionResearchpeer-review

Abstract

Page deduplication is a mechanism to reduce the memory footprint of a system. Identical physical pages are identified across borders of virtual machines and programs and merged by the operating system or the hypervisor. However, this enables side-channel information leakage through cache or memory access time. Therefore, it is considered harmful in public clouds today, but it is still considered safe to use in a private environment, i.e., private clouds, personal computers, and smartphones. We present the first memory-disclosure attack in sandboxed Javascript which exploits page deduplication. Unlike previous attacks, our attack does not require the victim to execute an adversary’s program, but simply to open a website which contains the adversary’s Javascript code. We are not only able to determine which applications are running, but also specific user activities, for instance, whether the user has specific websites currently opened. The attack works on servers, personal computers and smartphones, and across the borders of virtual machines.

Original languageEnglish
Title of host publicationComputer Security – ESORICS 2015 - 20th European Symposium on Research in Computer Security, Proceedings
PublisherSpringer Verlag Wien
Pages108-122
Number of pages15
Volume9326
ISBN (Print)9783319241739
DOIs
Publication statusPublished - 1 Jan 2015
Event20th European Symposium on Research in Computer Security, ESORICS 2015 - Vienna, Austria
Duration: 21 Sep 201525 Sep 2015

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume9326
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference20th European Symposium on Research in Computer Security, ESORICS 2015
CountryAustria
CityVienna
Period21/09/1525/09/15

Fingerprint

JavaScript
Smartphones
Attack
Data storage equipment
Personal computers
Websites
Personal Computer
Virtual Machine
Computer operating systems
Disclosure
Servers
Operating Systems
Leakage
Cache
Server
Virtual machine

Keywords

  • Javascriptbased attack
  • Memory deduplication
  • Side-channel attack
  • Website fingerprinting

ASJC Scopus subject areas

  • Theoretical Computer Science
  • Computer Science(all)

Cite this

Gruss, D., Bidner, D., & Mangard, S. (2015). Practical memory deduplication attacks in sandboxed javascript. In Computer Security – ESORICS 2015 - 20th European Symposium on Research in Computer Security, Proceedings (Vol. 9326, pp. 108-122). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 9326). Springer Verlag Wien. https://doi.org/10.1007/978-3-319-24174-6_6

Practical memory deduplication attacks in sandboxed javascript. / Gruss, Daniel; Bidner, David; Mangard, Stefan.

Computer Security – ESORICS 2015 - 20th European Symposium on Research in Computer Security, Proceedings. Vol. 9326 Springer Verlag Wien, 2015. p. 108-122 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 9326).

Research output: Chapter in Book/Report/Conference proceedingConference contributionResearchpeer-review

Gruss, D, Bidner, D & Mangard, S 2015, Practical memory deduplication attacks in sandboxed javascript. in Computer Security – ESORICS 2015 - 20th European Symposium on Research in Computer Security, Proceedings. vol. 9326, Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 9326, Springer Verlag Wien, pp. 108-122, 20th European Symposium on Research in Computer Security, ESORICS 2015, Vienna, Austria, 21/09/15. https://doi.org/10.1007/978-3-319-24174-6_6
Gruss D, Bidner D, Mangard S. Practical memory deduplication attacks in sandboxed javascript. In Computer Security – ESORICS 2015 - 20th European Symposium on Research in Computer Security, Proceedings. Vol. 9326. Springer Verlag Wien. 2015. p. 108-122. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). https://doi.org/10.1007/978-3-319-24174-6_6
Gruss, Daniel ; Bidner, David ; Mangard, Stefan. / Practical memory deduplication attacks in sandboxed javascript. Computer Security – ESORICS 2015 - 20th European Symposium on Research in Computer Security, Proceedings. Vol. 9326 Springer Verlag Wien, 2015. pp. 108-122 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).
@inproceedings{8c90dbbc42e64719a28698296bc09214,
title = "Practical memory deduplication attacks in sandboxed javascript",
abstract = "Page deduplication is a mechanism to reduce the memory footprint of a system. Identical physical pages are identified across borders of virtual machines and programs and merged by the operating system or the hypervisor. However, this enables side-channel information leakage through cache or memory access time. Therefore, it is considered harmful in public clouds today, but it is still considered safe to use in a private environment, i.e., private clouds, personal computers, and smartphones. We present the first memory-disclosure attack in sandboxed Javascript which exploits page deduplication. Unlike previous attacks, our attack does not require the victim to execute an adversary’s program, but simply to open a website which contains the adversary’s Javascript code. We are not only able to determine which applications are running, but also specific user activities, for instance, whether the user has specific websites currently opened. The attack works on servers, personal computers and smartphones, and across the borders of virtual machines.",
keywords = "Javascriptbased attack, Memory deduplication, Side-channel attack, Website fingerprinting",
author = "Daniel Gruss and David Bidner and Stefan Mangard",
year = "2015",
month = "1",
day = "1",
doi = "10.1007/978-3-319-24174-6_6",
language = "English",
isbn = "9783319241739",
volume = "9326",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
publisher = "Springer Verlag Wien",
pages = "108--122",
booktitle = "Computer Security – ESORICS 2015 - 20th European Symposium on Research in Computer Security, Proceedings",

}

TY - GEN

T1 - Practical memory deduplication attacks in sandboxed javascript

AU - Gruss, Daniel

AU - Bidner, David

AU - Mangard, Stefan

PY - 2015/1/1

Y1 - 2015/1/1

N2 - Page deduplication is a mechanism to reduce the memory footprint of a system. Identical physical pages are identified across borders of virtual machines and programs and merged by the operating system or the hypervisor. However, this enables side-channel information leakage through cache or memory access time. Therefore, it is considered harmful in public clouds today, but it is still considered safe to use in a private environment, i.e., private clouds, personal computers, and smartphones. We present the first memory-disclosure attack in sandboxed Javascript which exploits page deduplication. Unlike previous attacks, our attack does not require the victim to execute an adversary’s program, but simply to open a website which contains the adversary’s Javascript code. We are not only able to determine which applications are running, but also specific user activities, for instance, whether the user has specific websites currently opened. The attack works on servers, personal computers and smartphones, and across the borders of virtual machines.

AB - Page deduplication is a mechanism to reduce the memory footprint of a system. Identical physical pages are identified across borders of virtual machines and programs and merged by the operating system or the hypervisor. However, this enables side-channel information leakage through cache or memory access time. Therefore, it is considered harmful in public clouds today, but it is still considered safe to use in a private environment, i.e., private clouds, personal computers, and smartphones. We present the first memory-disclosure attack in sandboxed Javascript which exploits page deduplication. Unlike previous attacks, our attack does not require the victim to execute an adversary’s program, but simply to open a website which contains the adversary’s Javascript code. We are not only able to determine which applications are running, but also specific user activities, for instance, whether the user has specific websites currently opened. The attack works on servers, personal computers and smartphones, and across the borders of virtual machines.

KW - Javascriptbased attack

KW - Memory deduplication

KW - Side-channel attack

KW - Website fingerprinting

UR - http://www.scopus.com/inward/record.url?scp=84951325544&partnerID=8YFLogxK

U2 - 10.1007/978-3-319-24174-6_6

DO - 10.1007/978-3-319-24174-6_6

M3 - Conference contribution

SN - 9783319241739

VL - 9326

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 108

EP - 122

BT - Computer Security – ESORICS 2015 - 20th European Symposium on Research in Computer Security, Proceedings

PB - Springer Verlag Wien

ER -