Microarchitectural Attacks and Defenses in JavaScript

Similar documents
Meltdown & Spectre. Side-channels considered harmful. Qualcomm Mobile Security Summit May, San Diego, CA. Moritz Lipp

Software-based Microarchitectural Attacks

Improving Loop-Gain Performance In Digital Power Supplies With Latest- Generation DSCs

Using Variable-MHz Microprocessors to Efficiently Handle Uncertainty in Real-Time Systems

How different FPGA firmware options enable digitizer platforms to address and facilitate multiple applications

Hello, and welcome to this presentation of the STM32 Digital Filter for Sigma-Delta modulators interface. The features of this interface, which

Optimal Clock Synchronization in Networks. Christoph Lenzen Philipp Sommer Roger Wattenhofer

The Nanokernel. David L. Mills University of Delaware 2-Aug-04 1

Transient Execution Attacks

Project 5: Optimizer Jason Ansel

Architectural Core Salvaging in a Multi-Core Processor for Hard-Error Tolerance

JS Lab 5 Due Thurs, Nov 30 (After Thanksgiving)

Game Architecture. 4/8/16: Multiprocessor Game Loops

icwaves Inspector Data Sheet

A fully digital clock and data recovery with fast frequency offset acquisition technique for MIPI LLI applications

Final Project: NOTE: The final project will be due on the last day of class, Friday, Dec 9 at midnight.

Data acquisition and Trigger (with emphasis on LHC)

Performance Evaluation of Recently Proposed Cache Replacement Policies

Design of Embedded Systems - Advanced Course Project

SV2C 28 Gbps, 8 Lane SerDes Tester

WAFTL: A Workload Adaptive Flash Translation Layer with Data Partition

Course Introduction. Content 20 pages 3 questions. Learning Time 30 minutes

Models 2601B, 2602B and 2604B

LV-Link 3.0 Software Interface for LabVIEW

DEEJAM: Defeating Energy-Efficient Jamming in IEEE based Wireless Networks

Wireless Sensor Networks

CiA Draft Standard Proposal 402. CANopen. Device Profile Drives and Motion Control. This draft standard proposal is not recommended for implementation

Enhancing System Architecture by Modelling the Flash Translation Layer

Models 2634B, 2635B and 2636B

Track and Vertex Reconstruction on GPUs for the Mu3e Experiment

The Xbox One System on a Chip and Kinect Sensor

Model 2651A Specifications

Microprocessor & Interfacing Lecture Programmable Interval Timer

ΕΠΛ 605: Προχωρημένη Αρχιτεκτονική

Data acquisition and Trigger (with emphasis on LHC)

GFT1504 4/8/10 channel Delay Generator

IVI STEP TYPES. Contents

Advances in Antenna Measurement Instrumentation and Systems

CS649 Sensor Networks IP Lecture 9: Synchronization

Nyquist filter FIFO. Amplifier. Impedance matching. 40 MHz sampling ADC. DACs for gain and offset FPGA. clock distribution (not yet implemented)

CS 354R: Computer Game Technology

Killzone Shadow Fall: Threading the Entity Update on PS4. Jorrit Rouwé Lead Game Tech, Guerrilla Games

Game Programming Paradigms. Michael Chung

Ramon Canal NCD Master MIRI. NCD Master MIRI 1

Table of Contents HOL ADV

Keysight Technologies PNA-X Series Microwave Network Analyzers

Designing with STM32F3x

GFT1012 2/4 Channel Precise Slave Generator

Using Signaling Rate and Transfer Rate

Fall 2015 COMP Operating Systems. Lab #7

2601 System SourceMeter 2602 Multi-Channel I-V Test Solutions

RANA: Towards Efficient Neural Acceleration with Refresh-Optimized Embedded DRAM

Product type designation. General information. Supply voltage

V-edge: Fast Self-constructive Power Modeling of Smartphones Based on Battery Voltage Dynamics

Digital Systems Design

Measuring Distance Using Sound

Supporting x86-64 Address Translation for 100s of GPU Lanes. Jason Power, Mark D. Hill, David A. Wood

dspic30f Quadrature Encoder Interface Module

Model 2635A/2636A System SourceMeter Specifications

Camera Test Protocol. Introduction TABLE OF CONTENTS. Camera Test Protocol Technical Note Technical Note

Evolution of DSP Processors. Kartik Kariya EE, IIT Bombay

Stress Testing the OpenSimulator Virtual World Server

Spartan Tetris. Sources. Concept. Design. Plan. Jeff Heckey ECE /12/13.

Traditional analog QDC chain and Digital Pulse Processing [1]

An Arduino-based DCC Accessory Decoder for Model Railroad Turnouts. Eric Thorstenson 11/1/17

Understanding OpenGL

Increasing Broadcast Reliability for Vehicular Ad Hoc Networks. Nathan Balon and Jinhua Guo University of Michigan - Dearborn

Lecture Topics. Announcements. Today: Memory Management (Stallings, chapter ) Next: continued. Self-Study Exercise #6. Project #4 (due 10/11)

ESM Calibration and Testing Using the Giga-tronics 2500B Series Microwave Signal Generators

AN EFFICIENT ALGORITHM FOR THE REMOVAL OF IMPULSE NOISE IN IMAGES USING BLACKFIN PROCESSOR

High Performance Imaging Using Large Camera Arrays

Live Agent for Administrators

NI 951x C Series Modules Object Dictionary

Analogue Interfacing. What is a signal? Continuous vs. Discrete Time. Continuous time signals

CAMAC products. CAEN Short Form Catalog Function Model Description Page

Wireless Sensor Network based Shooter Localization

Pulse Shape Analysis for a New Pixel Readout Chip

FIFO WITH OFFSETS HIGH SCHEDULABILITY WITH LOW OVERHEADS. RTAS 18 April 13, Björn Brandenburg

Introduction to Game Design. Truong Tuan Anh CSE-HCMUT

PACSystems* RX3i IC695MDL765

Hello, and welcome to this presentation of the FlexTimer or FTM module for Kinetis K series MCUs. In this session, you ll learn about the FTM, its

VR-Plugin. for Autodesk Maya.

Introduction to Real-Time Systems

VersaMax Mixed Discrete / High-Speed Counter Module

Time Synchronization in Acoustic Localization for

Reverse Auction Addon

Programming an Othello AI Michael An (man4), Evan Liang (liange)

Final Report: DBmbench

Contents. 2 qutag Manual

INTERFACING WITH INTERRUPTS AND SYNCHRONIZATION TECHNIQUES

Application Note Model 765 Pulse Generator for Semiconductor Applications

Extending and Using GNU Radio Performance Counters

Image Processing Architectures (and their future requirements)

Frequency Hopping Pattern Recognition Algorithms for Wireless Sensor Networks

QuickBuilder PID Reference

Live Agent for Administrators

products PC Control

UTILIZATION OF AN IEEE 1588 TIMING REFERENCE SOURCE IN THE inet RF TRANSCEIVER

Hardware - Software Interface

TAPR TICC Timestamping Counter Operation Manual. Introduction

Transcription:

Microarchitectural Attacks and Defenses in JavaScript Michael Schwarz, Daniel Gruss, Moritz Lipp 25.01.2018 www.iaik.tugraz.at 1 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Microarchitecture Microarchitecture... is not defined on the architectural state 2 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Microarchitecture Microarchitecture... is not defined on the architectural state should not be visible to software 2 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Microarchitecture Microarchitecture... is not defined on the architectural state should not be visible to software is hardware specific and not fully documented 2 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Microarchitecture Microarchitecture... is not defined on the architectural state should not be visible to software is hardware specific and not fully documented changes to some extend with new processor generations 2 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Microarchitectural Attacks Microarchitectural states can be used for attacks Cache state data access 3 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Microarchitectural Attacks Microarchitectural states can be used for attacks Cache state data access DRAM buffers data access 3 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Microarchitectural Attacks Microarchitectural states can be used for attacks Cache state data access DRAM buffers data access Interrupts keystrokes 3 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Microarchitectural Attacks Microarchitectural states can be used for attacks Cache state data access DRAM buffers data access Interrupts keystrokes Branch predictors program flow 3 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Microarchitectural Attacks Microarchitectural states can be used for attacks Cache state data access DRAM buffers data access Interrupts keystrokes Branch predictors program flow Timings data values 3 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Side-Channel Attacks Side-channel attacks exploit side effects of operations Microarchitectural attacks are usually side-channel attacks 4 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Side-Channel Attacks Side-channel attacks exploit side effects of operations Microarchitectural attacks are usually side-channel attacks Sensors user activity 4 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Side-Channel Attacks Side-channel attacks exploit side effects of operations Microarchitectural attacks are usually side-channel attacks Sensors user activity Timings data values, activity 4 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

One Important Component A core component of many such attacks: Timers 5 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

One Important Component A core component of many such attacks: Timers Side-channel attacks often require high-resolution timers 5 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

One Important Component A core component of many such attacks: Timers Side-channel attacks often require high-resolution timers Differences to measure are often in the range of nanoseconds or microseconds 5 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

One Important Component A core component of many such attacks: Timers Side-channel attacks often require high-resolution timers Differences to measure are often in the range of nanoseconds or microseconds Microarchitectural attacks usually require highest precision 5 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Attacks in JavaScript

First Side-Channel Attack First side-channel attack in JavaScript Stone et al. (2013): Pixel perfect timing attacks with HTML5 6 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

First Side-Channel Attack First side-channel attack in JavaScript Stone et al. (2013): Pixel perfect timing attacks with HTML5 Timing of various redraw events (e.g., visited state of links) 6 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

First Side-Channel Attack First side-channel attack in JavaScript Stone et al. (2013): Pixel perfect timing attacks with HTML5 Timing of various redraw events (e.g., visited state of links) SVG filter timing to extract individual pixels (already 2011) 6 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

First Side-Channel Attack First side-channel attack in JavaScript Stone et al. (2013): Pixel perfect timing attacks with HTML5 Timing of various redraw events (e.g., visited state of links) SVG filter timing to extract individual pixels (already 2011) High-resolution timer was available in browser 6 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

First Microarchitectural Attack First microarchitectural attack in JavaScript Oren et al. (2015): The Spy in the Sandbox 7 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

First Microarchitectural Attack First microarchitectural attack in JavaScript Oren et al. (2015): The Spy in the Sandbox Timing of memory accesses 7 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

First Microarchitectural Attack First microarchitectural attack in JavaScript Oren et al. (2015): The Spy in the Sandbox Timing of memory accesses Allows to determine whether data is cached or uncached 7 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

First Microarchitectural Attack First microarchitectural attack in JavaScript Oren et al. (2015): The Spy in the Sandbox Timing of memory accesses Allows to determine whether data is cached or uncached Possibility to infer info about other programs from browser 7 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

8 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Timers in JavaScript We need a high-resolution timer to measure such small differences 9 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Timers in JavaScript We need a high-resolution timer to measure such small differences Native: rdtsc - timestamp in CPU cycles 9 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Timers in JavaScript We need a high-resolution timer to measure such small differences Native: rdtsc - timestamp in CPU cycles JavaScript: performance.now() has the highest resolution 9 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Timers in JavaScript We need a high-resolution timer to measure such small differences Native: rdtsc - timestamp in CPU cycles JavaScript: performance.now() has the highest resolution performance.now() [...] represent times as floating-point numbers with up to microsecond precision. Mozilla Developer Network 9 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

...up to microsecond precision? 0 0 5 5 1 Firefox 36 10 1 10 3 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

...up to microsecond precision? 0 0 5 5 1 Edge 38 Firefox 36 10 1 10 3 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

...up to microsecond precision? 0 0 5 5 W3C standard 1 Edge 38 Firefox 36 10 1 10 3 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

...up to microsecond precision? 0 0 Firefox 37/Chrome/Safari 5 W3C standard 5 1 Edge 38 Firefox 36 10 1 10 3 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

...up to microsecond precision? 0 Tor 0 Firefox 37/Chrome/Safari 5 W3C standard 5 Edge 38 1 Firefox 36 10 1 105 1 10 3 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

...up to microsecond precision? Fuzzyfox 0 1 105 Tor 0 1 105 Firefox 37/Chrome/Safari 5 W3C standard 5 Edge 38 1 Firefox 36 10 1 10 3 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

New timer

We require a higher resolution Current precision is not sufficient to measure cycle differences 11 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

We require a higher resolution Current precision is not sufficient to measure cycle differences We have two possibilities 11 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

We require a higher resolution Current precision is not sufficient to measure cycle differences We have two possibilities Recover a higher resolution from the available timer 11 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

We require a higher resolution Current precision is not sufficient to measure cycle differences We have two possibilities Recover a higher resolution from the available timer Build our own high-resolution timer 11 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Recovering resolution - Clock interpolation Measure how often we can increment a variable between two timer ticks 12 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Recovering resolution - Clock interpolation Measure how often we can increment a variable between two timer ticks Average number of increments is the interpolation step 12 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Recovering resolution - Clock interpolation Measure how often we can increment a variable between two timer ticks Average number of increments is the interpolation step To measure with high resolution: 12 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Recovering resolution - Clock interpolation Measure how often we can increment a variable between two timer ticks Average number of increments is the interpolation step To measure with high resolution: Start measurement at clock edge 12 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Recovering resolution - Clock interpolation Measure how often we can increment a variable between two timer ticks Average number of increments is the interpolation step To measure with high resolution: Start measurement at clock edge Increment a variable until next clock edge 12 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Recovering resolution - Clock interpolation Measure how often we can increment a variable between two timer ticks Average number of increments is the interpolation step To measure with high resolution: Start measurement at clock edge Increment a variable until next clock edge Highly accurate: 500 ns (Firefox/Chrome), 15 µs (Tor) 12 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Recovering resolution - Edge thresholding We can get a higher resolution for a classifier only 13 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Recovering resolution - Edge thresholding We can get a higher resolution for a classifier only Often sufficient to see which of two functions takes longer 13 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Recovering resolution - Edge thresholding We can get a higher resolution for a classifier only Often sufficient to see which of two functions takes longer f slow f fast 13 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Recovering resolution - Edge thresholding We can get a higher resolution for a classifier only Often sufficient to see which of two functions takes longer f slow f fast Padding Padding Edge thresholding: apply padding such that the slow function crosses one more clock edge than the fast function. 13 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Recovering resolution - Edge thresholding percentage 100 50 0 87 100 82 13 18 0 0 0 0 unaligned aligned padded both correct f slow misclassified f fast misclassified 14 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Recovering resolution - Edge thresholding percentage 100 50 0 87 100 82 13 18 0 0 0 0 unaligned aligned padded both correct f slow misclassified f fast misclassified Yields nanosecond resolution 14 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Recovering resolution - Edge thresholding percentage 100 50 0 87 100 82 13 18 0 0 0 0 unaligned aligned padded both correct f slow misclassified f fast misclassified Yields nanosecond resolution Firefox/Tor (2 ns), Edge (10 ns), Chrome (15 ns) 14 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Building a timer Goal: counter that does not block main thread 15 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Building a timer Goal: counter that does not block main thread Baseline settimeout: 4 ms (except Edge: 2 ms) 15 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Building a timer Goal: counter that does not block main thread Baseline settimeout: 4 ms (except Edge: 2 ms) CSS animation: increase width of element as fast as possible 15 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Building a timer Goal: counter that does not block main thread Baseline settimeout: 4 ms (except Edge: 2 ms) CSS animation: increase width of element as fast as possible Width of element is timestamp 15 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Building a timer Goal: counter that does not block main thread Baseline settimeout: 4 ms (except Edge: 2 ms) CSS animation: increase width of element as fast as possible Width of element is timestamp However, animation is limited to 60 fps 16 ms 15 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Building a timer - Web worker JavaScript can spawn new threads called web worker 16 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Building a timer - Web worker JavaScript can spawn new threads called web worker Web worker communicate using message passing 16 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Building a timer - Web worker JavaScript can spawn new threads called web worker Web worker communicate using message passing Let worker count and request timestamp in main thread 16 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Building a timer - Web worker JavaScript can spawn new threads called web worker Web worker communicate using message passing Let worker count and request timestamp in main thread Multiple possibilities: postmessage, MessageChannel or BroadcastChannel 16 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Building a timer - Web worker JavaScript can spawn new threads called web worker Web worker communicate using message passing Let worker count and request timestamp in main thread Multiple possibilities: postmessage, MessageChannel or BroadcastChannel Yields microsecond resolution (even on Tor and Fuzzyfox) 16 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Building a timer - Web worker Experimental feature to share data: SharedArrayBuffer 17 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Building a timer - Web worker Experimental feature to share data: SharedArrayBuffer Web worker can simultaneously read/write data 17 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Building a timer - Web worker Experimental feature to share data: SharedArrayBuffer Web worker can simultaneously read/write data No message passing overhead 17 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Building a timer - Web worker Experimental feature to share data: SharedArrayBuffer Web worker can simultaneously read/write data No message passing overhead One dedicated worker for incrementing the shared variable 17 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Building a timer - Web worker Experimental feature to share data: SharedArrayBuffer Web worker can simultaneously read/write data No message passing overhead One dedicated worker for incrementing the shared variable Firefox/Fuzzyfox: 2 ns, Chrome: 15 ns 17 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Building a timer - Web worker Experimental feature to share data: SharedArrayBuffer Web worker can simultaneously read/write data No message passing overhead One dedicated worker for incrementing the shared variable Firefox/Fuzzyfox: 2 ns, Chrome: 15 ns Sufficient for microarchitectural attacks 17 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Timer evaluation Number of cases 300 200 100 cache hit cache miss 300 350 400 450 500 550 600 650 700 750 Access time [SharedArrayBuffer increments] 18 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Attack Requirements

Attack requirements Timers were always the main focus 19 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Attack requirements Timers were always the main focus Reducing timer resolution is not sufficient 19 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Attack requirements Timers were always the main focus Reducing timer resolution is not sufficient Timers can (always) be built 19 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Attack requirements Timers were always the main focus Reducing timer resolution is not sufficient Timers can (always) be built Some attacks do not require timers at all 19 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Attack requirements Timers were always the main focus Reducing timer resolution is not sufficient Timers can (always) be built Some attacks do not require timers at all Important to understand requirements before designing countermeasures 19 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Identify requirements Currently 11 microarchitectural and side-channel attacks in JavaScript 20 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Identify requirements Currently 11 microarchitectural and side-channel attacks in JavaScript Analyse requirements for every attack 20 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Identify requirements Currently 11 microarchitectural and side-channel attacks in JavaScript Analyse requirements for every attack Results in 5 categories 20 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Identify requirements Currently 11 microarchitectural and side-channel attacks in JavaScript Analyse requirements for every attack Results in 5 categories Memory addresses Accurate timing Multithreading Shared data Sensor API 20 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Identify requirements Currently 11 microarchitectural and side-channel attacks in JavaScript Analyse requirements for every attack Results in 5 categories Memory addresses Accurate timing Multithreading Shared data Sensor API Every attack is in at least one category 20 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Attacks and Categories Memory addresses Accurate timing Multithreading Shared data Sensor API Rowhammer.js Practical Memory Deduplication Attacks in Sandboxed Javascript Fantastic Timers and Where to Find Them ASLR on the Line The spy in the sandbox Loophole Pixel perfect timing attacks with HTML5 The clock is still ticking Practical Keystroke Timing Attacks in Sandboxed JavaScript TouchSignatures Stealing sensitive browser data with the W3C Ambient Light Sensor API If accurate timing is not available, it can be approximated using a combination of multithreading and shared data. 21 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Memory Addresses Language does not provide addresses to programmer 22 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Memory Addresses Language does not provide addresses to programmer Closest to virtual address: array indices 22 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Memory Addresses Language does not provide addresses to programmer Closest to virtual address: array indices ArrayBuffer is page aligned, leaks 12 bits of address 22 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Memory Addresses Language does not provide addresses to programmer Closest to virtual address: array indices ArrayBuffer is page aligned, leaks 12 bits of address If 2 MB backing pages are used, 21 bits of address known 22 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Memory Addresses Language does not provide addresses to programmer Closest to virtual address: array indices ArrayBuffer is page aligned, leaks 12 bits of address If 2 MB backing pages are used, 21 bits of address known If not page aligned: detect page faults through timing 22 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Accurate Timing Nearly all attacks require accurate timing 23 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Accurate Timing Nearly all attacks require accurate timing No absolute timestamps required, only time differences 23 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Accurate Timing Nearly all attacks require accurate timing No absolute timestamps required, only time differences Required accuracy varies between milliseconds and nanoseconds 23 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Accurate Timing Nearly all attacks require accurate timing No absolute timestamps required, only time differences Required accuracy varies between milliseconds and nanoseconds Such timers can be built if not available (e.g., message passing) 23 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Accurate Timing Nearly all attacks require accurate timing No absolute timestamps required, only time differences Required accuracy varies between milliseconds and nanoseconds Such timers can be built if not available (e.g., message passing) If attack is repeatable, less accurate timing can be sufficient 23 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Multithreading JavaScript introduced multi threading with web workers 24 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Multithreading JavaScript introduced multi threading with web workers Enables new side-channel attacks 24 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Multithreading JavaScript introduced multi threading with web workers Enables new side-channel attacks Dispatch latency of event queue allows to infer activity of other tabs 24 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Multithreading JavaScript introduced multi threading with web workers Enables new side-channel attacks Dispatch latency of event queue allows to infer activity of other tabs Endless loop in worker allows to detect hardware interrupts 24 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Shared Data Usually no shared data between threads due to synchronization issues 25 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Shared Data Usually no shared data between threads due to synchronization issues Exception: SharedArrayBuffer 25 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Shared Data Usually no shared data between threads due to synchronization issues Exception: SharedArrayBuffer Only useful in combination with web workers 25 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Shared Data Usually no shared data between threads due to synchronization issues Exception: SharedArrayBuffer Only useful in combination with web workers Allows to build timers with extremely high resolution (up to 1 ns) 25 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Shared Data Usually no shared data between threads due to synchronization issues Exception: SharedArrayBuffer Only useful in combination with web workers Allows to build timers with extremely high resolution (up to 1 ns) Not enabled by default 25 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Sensor API Some side-channel attacks only require access to sensors 26 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Sensor API Some side-channel attacks only require access to sensors Several sensors are available in JavaScript 26 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Sensor API Some side-channel attacks only require access to sensors Several sensors are available in JavaScript Some require user consent, e.g., microphone 26 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Sensor API Some side-channel attacks only require access to sensors Several sensors are available in JavaScript Some require user consent, e.g., microphone Other can be used without user consent, e.g., ambient light 26 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Sensor API Some side-channel attacks only require access to sensors Several sensors are available in JavaScript Some require user consent, e.g., microphone Other can be used without user consent, e.g., ambient light There are attacks with these sensors 26 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Defenses

Countermeasures Countermeasures have to address all categories 27 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Countermeasures Countermeasures have to address all categories Should not be visible to the programmer 27 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Countermeasures Countermeasures have to address all categories Should not be visible to the programmer Implementation is on the microarchitectural level of JavaScript 27 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Countermeasures Countermeasures have to address all categories Should not be visible to the programmer Implementation is on the microarchitectural level of JavaScript If no category is usable for attacks anymore, future attacks are hard 27 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Memory Addresses #1: Buffer ASLR 28 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Memory Addresses #1: Buffer ASLR Ensure arrays are not page aligned 28 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Memory Addresses #1: Buffer ASLR Ensure arrays are not page aligned Attacker cannot assume that least significant 12 bits are 0 28 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Memory Addresses #1: Buffer ASLR Ensure arrays are not page aligned Attacker cannot assume that least significant 12 bits are 0 Only works for the first page 28 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Memory Addresses #1: Buffer ASLR Ensure arrays are not page aligned Attacker cannot assume that least significant 12 bits are 0 Only works for the first page Consecutive page borders can be detected through page faults 28 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Memory Addresses #2: Preloading Instead of lazy initialization for arrays, ensure that they are always memory backed 29 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Memory Addresses #2: Preloading Instead of lazy initialization for arrays, ensure that they are always memory backed Attacker cannot detect page borders through page faults anymore 29 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Memory Addresses #2: Preloading Instead of lazy initialization for arrays, ensure that they are always memory backed Attacker cannot detect page borders through page faults anymore Does not work if swapping or page deduplication is enabled 29 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Memory Addresses #2: Preloading Instead of lazy initialization for arrays, ensure that they are always memory backed Attacker cannot detect page borders through page faults anymore Does not work if swapping or page deduplication is enabled Has to be combined with Buffer ASLR 29 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Memory Addresses #3: Non-determinism For every array access, add another random access 30 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Memory Addresses #3: Non-determinism For every array access, add another random access Makes page border detection infeasible without requiring significantly more memory 30 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Memory Addresses #3: Non-determinism For every array access, add another random access Makes page border detection infeasible without requiring significantly more memory Attacker always times two accesses 30 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Memory Addresses #3: Non-determinism For every array access, add another random access Makes page border detection infeasible without requiring significantly more memory Attacker always times two accesses Distinguishing cached from non-cached addresses is hard 30 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Memory Addresses #4: Array Index Randomization Ensures arrays are not linear 31 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Memory Addresses #4: Array Index Randomization Ensures arrays are not linear Use a random linear function to map array index to underlying buffer 31 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Memory Addresses #4: Array Index Randomization Ensures arrays are not linear Use a random linear function to map array index to underlying buffer Index x maps to f (x) = ax + b mod n, where n is array length and a and b are randomly chosen 31 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Memory Addresses #4: Array Index Randomization Ensures arrays are not linear Use a random linear function to map array index to underlying buffer Index x maps to f (x) = ax + b mod n, where n is array length and a and b are randomly chosen Has to be combined with Buffer ASLR and either Preloading or Non-determinism 31 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Memory Addresses The four defenses prevent attackers from getting virtual and physical addresses 32 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Memory Addresses The four defenses prevent attackers from getting virtual and physical addresses Prevents many microarchitectural attacks 32 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Memory Addresses The four defenses prevent attackers from getting virtual and physical addresses Prevents many microarchitectural attacks Have to be combined for maximum security 32 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Memory Addresses The four defenses prevent attackers from getting virtual and physical addresses Prevents many microarchitectural attacks Have to be combined for maximum security Side effect: make exploits harder where addresses are required 32 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Accurate Timing Reducing the resolution of performance.now() is a first step 33 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Accurate Timing Reducing the resolution of performance.now() is a first step Only rounding the timestamps is not sufficient 33 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Accurate Timing Reducing the resolution of performance.now() is a first step Only rounding the timestamps is not sufficient Fuzzy time (Vattikonda et al.) adds random jitter 33 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Accurate Timing Reducing the resolution of performance.now() is a first step Only rounding the timestamps is not sufficient Fuzzy time (Vattikonda et al.) adds random jitter Timestamps are still monotonic, but clock edges are randomized 33 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Multithreading Only real solution is to prevent multithreading 34 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Multithreading Only real solution is to prevent multithreading We used a polyfill to not completely break websites 34 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Multithreading Only real solution is to prevent multithreading We used a polyfill to not completely break websites Some attacks can be prevented by adding random delays to postmessage 34 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Multithreading Only real solution is to prevent multithreading We used a polyfill to not completely break websites Some attacks can be prevented by adding random delays to postmessage Prevents certain timing primitives and attacks on the event-queue latency 34 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Shared Data Best countermeasures: do not allow shared data 35 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Shared Data Best countermeasures: do not allow shared data Many attacks are impossible without SharedArrayBuffer 35 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Shared Data Best countermeasures: do not allow shared data Many attacks are impossible without SharedArrayBuffer Alternative: delay access to buffer 35 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Shared Data Best countermeasures: do not allow shared data Many attacks are impossible without SharedArrayBuffer Alternative: delay access to buffer Still faster than message passing 35 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Shared Data Best countermeasures: do not allow shared data Many attacks are impossible without SharedArrayBuffer Alternative: delay access to buffer Still faster than message passing Degrades resolution of timing primitive to microseconds 35 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Sensor API Reduce resolution and update frequency of sensors 36 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Sensor API Reduce resolution and update frequency of sensors Sensor APIs should always ask user for permission 36 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Sensor API Reduce resolution and update frequency of sensors Sensor APIs should always ask user for permission Every sensor is usable for attacks, even ambient light sensor 36 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Sensor API Reduce resolution and update frequency of sensors Sensor APIs should always ask user for permission Every sensor is usable for attacks, even ambient light sensor To not break existing applications, sensors return constant value 36 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Implementation

Designing the Countermeasure Best solution is to implement defenses in the browser core 37 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Designing the Countermeasure Best solution is to implement defenses in the browser core Maintaining a browser fork is hard work 37 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Designing the Countermeasure Best solution is to implement defenses in the browser core Maintaining a browser fork is hard work We want a generic solution for multiple browsers 37 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Designing the Countermeasure Best solution is to implement defenses in the browser core Maintaining a browser fork is hard work We want a generic solution for multiple browsers Parsing JavaScript is hard 37 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Designing the Countermeasure Best solution is to implement defenses in the browser core Maintaining a browser fork is hard work We want a generic solution for multiple browsers Parsing JavaScript is hard Implementation in JavaScript Virtual machine layering 37 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Designing the Countermeasure Best solution is to implement defenses in the browser core Maintaining a browser fork is hard work We want a generic solution for multiple browsers Parsing JavaScript is hard Implementation in JavaScript Virtual machine layering Proof-of-concept is implemented as browser extension 37 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

User Experience Some defenses might impair user experience, e.g., disable multithreading 38 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

User Experience Some defenses might impair user experience, e.g., disable multithreading The user can choose one of several pre-defined protection levels 38 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

User Experience Some defenses might impair user experience, e.g., disable multithreading The user can choose one of several pre-defined protection levels Protection levels apply different combinations of defenses 38 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

User Experience Some defenses might impair user experience, e.g., disable multithreading The user can choose one of several pre-defined protection levels Protection levels apply different combinations of defenses Each defense can either be disabled, enabled, or require user permission 38 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Virtual Machine Layering Functions and properties are replaced by wrappers Page Context Script Extension Context Return Call Wrapper Call Filtered value Default value Allowed? Yes Original Function No 39 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Virtual Machine Layering Functions can be re-defined in JavaScript var o r i g i n a l r e f e r e n c e = window. performance. now ; window. performance. now = function ( ) { return 0 ; } ; 40 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Virtual Machine Layering Functions can be re-defined in JavaScript var o r i g i n a l r e f e r e n c e = window. performance. now ; window. performance. now = function ( ) { return 0 ; } ; // call the new function (via function name) a l e r t ( window. performance. now ( ) ) ; // == alert(0) 40 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Virtual Machine Layering Functions can be re-defined in JavaScript var o r i g i n a l r e f e r e n c e = window. performance. now ; window. performance. now = function ( ) { return 0 ; } ; // call the new function (via function name) a l e r t ( window. performance. now ( ) ) ; // == alert(0) // call the original function (only via reference) a l e r t ( o r i g i n a l r e f e r e n c e. c a l l ( window. performance ) ) ; 40 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Virtual Machine Layering Functions can be re-defined in JavaScript var o r i g i n a l r e f e r e n c e = window. performance. now ; window. performance. now = function ( ) { return 0 ; } ; // call the new function (via function name) a l e r t ( window. performance. now ( ) ) ; // == alert(0) // call the original function (only via reference) a l e r t ( o r i g i n a l r e f e r e n c e. c a l l ( window. performance ) ) ; Properties can be replaced by accessor properties 40 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Virtual Machine Layering for Objects Objects are proxied new Object Methods Script Proxy(Object) Filter Methods Object 41 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Virtual Machine Layering for Objects Objects are proxied new Object Methods Script Proxy(Object) Filter Methods Object All properties and functions are handled by the original object 41 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Virtual Machine Layering for Objects Objects are proxied new Object Methods Script Proxy(Object) Filter Methods Object All properties and functions are handled by the original object Functions and properties can be overwritten in the proxy object 41 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Self Protection Attacker tries to circumvent JavaScript Zero 42 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Self Protection Attacker tries to circumvent JavaScript Zero Self protection is necessary if implemented in JavaScript 42 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Self Protection Attacker tries to circumvent JavaScript Zero Self protection is necessary if implemented in JavaScript Use closures to hide all references to original functions ( function ( ) { // original is only accessible in this scope var o r i g i n a l = window. performance. now ; window. performance. now =... } ) ( ) ; 42 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Self Protection Attacker tries to circumvent JavaScript Zero Self protection is necessary if implemented in JavaScript Use closures to hide all references to original functions ( function ( ) { // original is only accessible in this scope var o r i g i n a l = window. performance. now ; window. performance. now =... } ) ( ) ; Prevent objects from being modified: Object.freeze 42 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Evaluation

Page Border Detection Border of pages leak 12 or 21 bits (depending on page size) 43 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Page Border Detection Border of pages leak 12 or 21 bits (depending on page size) Create huge array 43 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Page Border Detection Border of pages leak 12 or 21 bits (depending on page size) Create huge array Iterate over array, measure access time 43 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Page Border Detection Border of pages leak 12 or 21 bits (depending on page size) Create huge array Iterate over array, measure access time Page border raise pagefault, taking significantly longer to access 43 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Page Border Detection Access time [cycles] 1 105 0.5 0 0 0.2 0.4 0.6 0.8 1 1.2 Array offset [KB] 10 4 44 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Page Border Detection with Random Access Access time [cycles] 1 105 0.5 0 0 1,000 2,000 3,000 4,000 5,000 Array offset [KB] 45 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Prime+Probe Find addresses (= array indices) that fall into same cache set 46 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Prime+Probe Find addresses (= array indices) that fall into same cache set Physical address defines in which cache set the data is cached 46 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Prime+Probe Find addresses (= array indices) that fall into same cache set Physical address defines in which cache set the data is cached Enough addresses in one set evicts the set (Prime) 46 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Prime+Probe Find addresses (= array indices) that fall into same cache set Physical address defines in which cache set the data is cached Enough addresses in one set evicts the set (Prime) Iterate again over addresses (Probe) 46 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Prime+Probe Find addresses (= array indices) that fall into same cache set Physical address defines in which cache set the data is cached Enough addresses in one set evicts the set (Prime) Iterate again over addresses (Probe) If it is fast, they are still cached 46 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Prime+Probe Find addresses (= array indices) that fall into same cache set Physical address defines in which cache set the data is cached Enough addresses in one set evicts the set (Prime) Iterate again over addresses (Probe) If it is fast, they are still cached If it is slow, someone used this cache set and evicted our addresses 46 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Prime+Probe 47 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Prime+Probe with Random Access 48 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Interrupt Detection Multithreading allows to detect interrupts 49 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Interrupt Detection Multithreading allows to detect interrupts Endless loop which counts number of increments in time window 49 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Interrupt Detection Multithreading allows to detect interrupts Endless loop which counts number of increments in time window Different number of increments indicate interrupt 49 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Interrupt Detection Multithreading allows to detect interrupts Endless loop which counts number of increments in time window Different number of increments indicate interrupt Fuzzy time prevents deterministic equally-sized time window 49 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Interrupt Detection Delta [counter] 1,850 1,800 1,750 tap tap tap tap 1,700 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1 Runtime [s] 50 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Interrupt Detection with Fuzzy Time Delta [counter] 900 800 700 tap tap tap tap 600 0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 Runtime [s] 51 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Event Queue Spying Messages between web workers are handled in the event queue 52 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Event Queue Spying Messages between web workers are handled in the event queue User activity is also handled in the event queue 52 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Event Queue Spying Messages between web workers are handled in the event queue User activity is also handled in the event queue Posting many messages allows to measure latency 52 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Event Queue Spying Messages between web workers are handled in the event queue User activity is also handled in the event queue Posting many messages allows to measure latency Latency indicates user input 52 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Event Queue Spying Delta [ms] 1.5 2 0.5 1 0 2,560 2,570 2,580 2,590 2,600 2,610 2,620 2,630 2,640 Runtime [ms] 53 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Event Queue Spying with Message Delay Delta [ms] 3 2 1 0 2,860 2,870 2,880 2,890 2,900 2,910 2,920 2,930 2,940 Runtime [ms] 54 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

SharedArrayBuffer Timing Primitive SharedArrayBuffer allows to build a timing primitive with the highest resolution 55 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

SharedArrayBuffer Timing Primitive SharedArrayBuffer allows to build a timing primitive with the highest resolution One web worker continuously increments variable in the shared array 55 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

SharedArrayBuffer Timing Primitive SharedArrayBuffer allows to build a timing primitive with the highest resolution One web worker continuously increments variable in the shared array Other worker uses this as a timestamp 55 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

SharedArrayBuffer Timing Primitive SharedArrayBuffer allows to build a timing primitive with the highest resolution One web worker continuously increments variable in the shared array Other worker uses this as a timestamp Adding random delay to access degrades resolution 55 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

SharedArrayBuffer 56 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

SharedArrayBuffer with Random Delay 57 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Defense Prevents Rowham- Page Dedu- DRAM Covert Anti- Cache Keystroke Browser mer.js plication Channel ASLR Eviction Timing Buffer ASLR Array preloading Non-deterministic array Array index randomization Low-resolution timestamp Fuzzy time * * * * WebWorker polyfill Message delay Slow SharedArrayBuffer No SharedArrayBuffer * * * * Summary Symbols indicate whether a policy fully prevents an attack, ( ), partly prevents and attack by making it more difficult ( ), or does not prevent an attack ( ). A star (*) indicates that all policies marked with a star must be combined to prevent an attack. 58 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

User Experience 59 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Conclusion Just rounding timers is not sufficient 60 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Conclusion Just rounding timers is not sufficient Multithreading and shared data allow to build new timers 60 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Conclusion Just rounding timers is not sufficient Multithreading and shared data allow to build new timers Microarchitectural attacks in the browser are possible at the moment 60 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Conclusion Just rounding timers is not sufficient Multithreading and shared data allow to build new timers Microarchitectural attacks in the browser are possible at the moment Efficient countermeasures can be implemented in browsers 60 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

Conclusion Just rounding timers is not sufficient Multithreading and shared data allow to build new timers Microarchitectural attacks in the browser are possible at the moment Efficient countermeasures can be implemented in browsers More microarchitectural attacks in JavaScript will appear 60 Michael Schwarz, Daniel Gruss, Moritz Lipp www.iaik.tugraz.at

2024 © hobbydocbox.com Privacy Policy | Terms of Service | Feedback