Not So Incognito: Exploiting Resource-Based Side Channels in JavaScript Engines
In this thesis, a resource-based side channel vulnerability is shown to exist in the JavaScript engines deployed in today's front-running internet browsers. A remote attack is constructed to exploit this vulnerability at a distance, and three distinct attacker models leveraging the side channel...
| Main Author: | |
|---|---|
| Format: | Others |
| Language: | en |
| Published: |
Harvard University
2015
|
| Subjects: | |
| Online Access: | http://nrs.harvard.edu/urn-3:HUL.InstRepos:17417578 |
| Summary: | In this thesis, a resource-based side channel vulnerability is shown to exist in the JavaScript engines deployed in today's front-running internet browsers. A remote attack is constructed to exploit this vulnerability at a distance, and three distinct attacker models leveraging the side channel are presented. The platform independence of this attack is established, and the implications of the attack for web security are discussed. An implementation of the attack utilizing classification via machine learning techniques is presented and evaluated. Several mitigation strategies for eliminating the threat are then proposed. === Computer Science |
|---|