• English
    • français
  • Help
  •  | 
  • Contact
  •  | 
  • About
  •  | 
  • Login
  • HAL portal
  •  | 
  • Pages Pro
  • EN
  •  / 
  • FR
View Item 
  •   LillOA Home
  • Liste des unités
  • Centre de Recherche en Informatique, Signal et Automatique de Lille (CRIStAL) - UMR 9189
  • View Item
  •   LillOA Home
  • Liste des unités
  • Centre de Recherche en Informatique, Signal et Automatique de Lille (CRIStAL) - UMR 9189
  • View Item
JavaScript is disabled for your browser. Some features of this site may not work without it.

Port Contention Goes Portable: Port ...
  • BibTeX
  • CSV
  • Excel
  • RIS

Document type :
Communication dans un congrès avec actes
DOI :
10.1145/3488932.3517411
Title :
Port Contention Goes Portable: Port Contention Side Channels in Web Browsers
Author(s) :
Rokicki, Thomas [Auteur]
Security & PrIvaCY [SPICY]
Maurice, Clementine [Auteur]
Self-adaptation for distributed services and large software systems [SPIRALS]
Botvinnik, Marina [Auteur]
Ben-Gurion University of the Negev [BGU]
Oren, Yossi [Auteur]
Ben-Gurion University of the Negev [BGU]
Conference title :
ASIA CCS '22 - ACM Asia Conference on Computer and Communications Security
City :
Nagasaki / Virtual
Country :
Japon
Start date of the conference :
2022-05-30
Publisher :
ACM
Publication date :
2022-05-30
English keyword(s) :
Side Channel
CPU Port Contention
JavaScript
WebAssembly
HAL domain(s) :
Informatique [cs]/Cryptographie et sécurité [cs.CR]
English abstract : [en]
Microarchitectural side-channel attacks can derive secrets from the execution of vulnerable programs. Their implementation in web browsers represents a considerable extension of their attack surface, as a user simply ...
Show more >
Microarchitectural side-channel attacks can derive secrets from the execution of vulnerable programs. Their implementation in web browsers represents a considerable extension of their attack surface, as a user simply browsing a malicious website, or even a malicious third-party advertisement in a benign cross-origin isolated website, can be a victim.In this paper, we present the first port contention side channel running entirely in a web browser, despite a highly challenging environment. Our attack can be used to build a cross-browser covert channel with a bit rate of 200 bit/s, one order of magnitude above the state of the art, and has a spatial resolution of 1024 native instructions in a side-channel attack, a performance on-par with Prime+Probe attacks. We provide a framework to evaluate the port contention caused by WebAssembly instructions on Intel processors, allowing to increase the portability of port contention side channels.We conclude from our work that port contention attacks are not only fast, they are also less susceptible to noise than cache attacks, and are immune to countermeasures implemented in browsers as well as most side channel countermeasures, which target the cache in their vast majority.Show less >
Language :
Anglais
Peer reviewed article :
Oui
Audience :
Internationale
Popular science :
Non
ANR Project :
Attaques sur la micro-architecture des systèmes ubiquitaires
Collections :
  • Centre de Recherche en Informatique, Signal et Automatique de Lille (CRIStAL) - UMR 9189
Source :
Harvested from HAL
Files
Thumbnail
  • https://hal.inria.fr/hal-03708833/document
  • Open access
  • Access the document
Thumbnail
  • https://hal.inria.fr/hal-03708833/document
  • Open access
  • Access the document
Thumbnail
  • https://hal.inria.fr/hal-03708833/document
  • Open access
  • Access the document
Université de Lille

Mentions légales
Université de Lille © 2017