• English
    • français
  • Help
  •  | 
  • Contact
  •  | 
  • About
  •  | 
  • Login
  • HAL portal
  •  | 
  • Pages Pro
  • EN
  •  / 
  • FR
View Item 
  •   LillOA Home
  • Liste des unités
  • Centre de Recherche en Informatique, Signal et Automatique de Lille (CRIStAL) - UMR 9189
  • View Item
  •   LillOA Home
  • Liste des unités
  • Centre de Recherche en Informatique, Signal et Automatique de Lille (CRIStAL) - UMR 9189
  • View Item
JavaScript is disabled for your browser. Some features of this site may not work without it.

SoK: In Search of Lost Time: A Review of ...
  • BibTeX
  • CSV
  • Excel
  • RIS

Document type :
Communication dans un congrès avec actes
Permalink :
http://hdl.handle.net/20.500.12210/56984
Title :
SoK: In Search of Lost Time: A Review of JavaScript Timers in Browsers
Author(s) :
Rokicki, Thomas [Auteur]
Embedded Security and Cryptography / Sécurité cryptographie embarquée [EMSEC]
Maurice, Clementine [Auteur]
Self-adaptation for distributed services and large software systems [SPIRALS]
Laperdrix, Pierre [Auteur]
Self-adaptation for distributed services and large software systems [SPIRALS]
Conference title :
6th IEEE European Symposium on Security and Privacy (EuroS&P'21)
City :
Vienna
Country :
Autriche
Start date of the conference :
2021-09-06
HAL domain(s) :
Informatique [cs]/Cryptographie et sécurité [cs.CR]
English abstract : [en]
JavaScript-based timing attacks have been greatly explored over the last few years. They rely on subtle timing differences to infer information that should not be available inside of the JavaScript sandbox. In reaction to ...
Show more >
JavaScript-based timing attacks have been greatly explored over the last few years. They rely on subtle timing differences to infer information that should not be available inside of the JavaScript sandbox. In reaction to these attacks, the W3C and browser vendors have implemented several countermeasures, with an important focus on JavaScript timers. However, as these attacks multiplied in the last years, so did the countermeasures, in a cat-and-mouse game fashion. In this paper, we present the evolution and current situation of timing attacks in browsers, as well as statistical tools to characterize available timers. Our goal is to present a clear view of the attack surface and understand: what are the main prerequisites and classes of browser-based timing attacks and what are the main countermeasures. We focus on determining to what extent the changes on timing-based countermeasures impact browser security. In particular, we show that the shift in protecting against transient execution attacks has re-enabled other attacks such as microarchitectural side-channel attacks with a higher bandwidth than what was possible just two years ago.Show less >
Language :
Anglais
Peer reviewed article :
Oui
Audience :
Internationale
Popular science :
Non
ANR Project :
Attaques sur la micro-architecture des systèmes ubiquitaires
Collections :
  • Centre de Recherche en Informatique, Signal et Automatique de Lille (CRIStAL) - UMR 9189
Source :
Harvested from HAL
Submission date :
2021-11-13T02:34:45Z
Files
Thumbnail
  • https://hal.inria.fr/hal-03215569/document
  • Open access
  • Access the document
Université de Lille

Mentions légales
Université de Lille © 2017