Prime+Probe 1, JavaScript 0: Overcoming browser-based side-channel defenses
| dc.contributor.author | Shusterman, A. | |
| dc.contributor.author | Agarwal, A. | |
| dc.contributor.author | O'Connell, S. | |
| dc.contributor.author | Genkin, D. | |
| dc.contributor.author | Oren, Y. | |
| dc.contributor.author | Yarom, Y. | |
| dc.contributor.conference | 30th USENIX Security Symposium (11 Aug 2021 - 13 Aug 2021 : virtual online) | |
| dc.date.issued | 2021 | |
| dc.description | USENIX Association | |
| dc.description.abstract | The “eternal war in cache” has reached browsers, with multiple cache-based side-channel attacks and countermeasures being suggested. A common approach for countermeasures is to disable or restrict JavaScript features deemed essential for carrying out attacks. To assess the effectiveness of this approach, in this work we seek to identify those JavaScript features which are essential for carrying out a cache-based attack. We develop a sequence of attacks with progressively decreasing dependency on JavaScript features, culminating in the first browser based side-channel attack which is constructed entirely from Cascading Style Sheets (CSS) and HTML, and works even when script execution is completely blocked. We then show that avoiding JavaScript features makes our techniques architecturally agnostic, resulting in microarchitectural website fingerprinting attacks that work across hardware platforms including Intel Core, AMD Ryzen, Samsung Exynos, and Apple M1 architectures. As a final contribution, we evaluate our techniques in hardened browser environments including the Tor browser, Deter- Fox (Cao el al., CCS 2017), and Chrome Zero (Schwartz et al., NDSS 2018). We confirm that none of these approaches completely defend against our attacks. We further argue that the protections of Chrome Zero need to be more comprehensively applied, and that the performance and user experience of Chrome Zero will be severely degraded if this approach is taken. | |
| dc.description.statementofresponsibility | Anatoly Shusterman, Ayush Agarwal, Sioli O’Connell, Daniel Genkin, Yossi Oren, Yuval Yarom | |
| dc.identifier.citation | Proceedings of the 30th USENIX Security Symposium, 2021, pp.2863-2880 | |
| dc.identifier.isbn | 9781939133243 | |
| dc.identifier.orcid | Yarom, Y. [0000-0003-0401-4197] | |
| dc.identifier.uri | https://hdl.handle.net/2440/134256 | |
| dc.language.iso | en | |
| dc.publisher | USENIX Association | |
| dc.publisher.place | Berkeley, California, USA | |
| dc.relation.grant | http://purl.org/au-research/grants/arc/DE200101577 | |
| dc.relation.grant | http://purl.org/au-research/grants/arc/DP210102670 | |
| dc.rights | USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access. | |
| dc.source.uri | https://www.usenix.org/conference/usenixsecurity21/presentation/shusterman | |
| dc.title | Prime+Probe 1, JavaScript 0: Overcoming browser-based side-channel defenses | |
| dc.type | Conference paper | |
| pubs.publication-status | Published |
Files
Original bundle
1 - 1 of 1
No Thumbnail Available
- Name:
- hdl_134256.pdf
- Size:
- 830.77 KB
- Format:
- Adobe Portable Document Format
- Description:
- Published version