A Study of Timing Side-Channel Attacks and Countermeasures on JavaScript and WebAssembly

Mohammad Erfan Mazaheri, Siavash Bayat Sarmadi, Farhad Taheri Ardakani
{"title":"A Study of Timing Side-Channel Attacks and Countermeasures on JavaScript and WebAssembly","authors":"Mohammad Erfan Mazaheri, Siavash Bayat Sarmadi, Farhad Taheri Ardakani","doi":"10.22042/ISECURE.2021.263565.599","DOIUrl":null,"url":null,"abstract":"Side-channel attacks are a group of powerful attacks in hardware security that exploit the deficiencies in the implementation of systems. Timing side-channel attacks are one of the main side-channel attack categories that use the time difference of running an operation in different states. Many powerful attacks can be classified into this type of attack, including cache attacks. The limitation of these attacks is the need to run the spy program on the victim's system. Various studies have tried to overcome this limitation by implementing these attacks remotely on JavaScript and WebAssembly. This paper provides the first comprehensive evaluation of timing side-channel attacks on JavaScript and investigates challenges and countermeasures to overcome these attacks. Moreover, by investigating the countermeasures and their strengths and weaknesses, we introduce a detection-based approach, called Lurking Eyes. Our approach has the least reduction in the performance of JavaScript and WebAssembly. The evaluation results show that the Lurking eyes have an accuracy of 0.998, precision of 0.983, and F-measure of 0.983. Considering these values and no limitations, this method can be introduced as an effective way to counter timing side-channel attacks on JavaScript and WebAssembly. Also, we provide a new accurate timer, named Eagle timer, based on WebAssembly memory for implementing these attacks.","PeriodicalId":436674,"journal":{"name":"ISC Int. J. Inf. Secur.","volume":"48 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-09-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"ISC Int. J. Inf. Secur.","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.22042/ISECURE.2021.263565.599","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 2

Abstract

Side-channel attacks are a group of powerful attacks in hardware security that exploit the deficiencies in the implementation of systems. Timing side-channel attacks are one of the main side-channel attack categories that use the time difference of running an operation in different states. Many powerful attacks can be classified into this type of attack, including cache attacks. The limitation of these attacks is the need to run the spy program on the victim's system. Various studies have tried to overcome this limitation by implementing these attacks remotely on JavaScript and WebAssembly. This paper provides the first comprehensive evaluation of timing side-channel attacks on JavaScript and investigates challenges and countermeasures to overcome these attacks. Moreover, by investigating the countermeasures and their strengths and weaknesses, we introduce a detection-based approach, called Lurking Eyes. Our approach has the least reduction in the performance of JavaScript and WebAssembly. The evaluation results show that the Lurking eyes have an accuracy of 0.998, precision of 0.983, and F-measure of 0.983. Considering these values and no limitations, this method can be introduced as an effective way to counter timing side-channel attacks on JavaScript and WebAssembly. Also, we provide a new accurate timer, named Eagle timer, based on WebAssembly memory for implementing these attacks.
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
基于JavaScript和WebAssembly的定时侧信道攻击及对策研究
侧信道攻击是一组利用系统实现缺陷的强大的硬件安全攻击。定时侧信道攻击是利用操作在不同状态下运行的时间差进行攻击的主要侧信道攻击类型之一。许多强大的攻击都可以归类为这种类型的攻击,包括缓存攻击。这些攻击的限制是需要在受害者的系统上运行间谍程序。各种各样的研究试图通过在JavaScript和WebAssembly上远程实现这些攻击来克服这一限制。本文首次全面评估了JavaScript的定时侧信道攻击,并研究了克服这些攻击的挑战和对策。此外,通过研究对策及其优缺点,我们引入了一种基于检测的方法,称为潜伏的眼睛。我们的方法对JavaScript和WebAssembly的性能降低最小。评价结果表明,“潜伏眼”的准确度为0.998,精密度为0.983,F-measure为0.983。考虑到这些值并且没有限制,该方法可以作为对抗JavaScript和WebAssembly上的定时侧通道攻击的有效方法引入。此外,我们还提供了一个新的精确计时器,名为Eagle计时器,它基于WebAssembly内存来实现这些攻击。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
自引率
0.00%
发文量
0
期刊最新文献
One-Shot Achievable Secrecy Rate Regions for Quantum Interference Wiretap Channel Quantum Multiple Access Wiretap Channel: On the One-Shot Achievable Secrecy Rate Regions Towards a Formal Approach for Detection of Vulnerabilities in the Android Permissions System Towards event aggregation for reducing the volume of logged events during IKC stages of APT attacks A Time Randomization-Based Countermeasure Against the Template Side-Channel Attack
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1