Not So Incognito: Exploiting Resource-Based Side Channels in JavaScript Engines

In this thesis, a resource-based side channel vulnerability is shown to exist in the JavaScript engines deployed in today's front-running internet browsers. A remote attack is constructed to exploit this vulnerability at a distance, and three distinct attacker models leveraging the side channel...

Full description

Bibliographic Details
Main Author: Booth, Jo
Format: Others
Language:en
Published: Harvard University 2015
Subjects:
Online Access:http://nrs.harvard.edu/urn-3:HUL.InstRepos:17417578
id ndltd-harvard.edu-oai-dash.harvard.edu-1-17417578
record_format oai_dc
spelling ndltd-harvard.edu-oai-dash.harvard.edu-1-174175782017-07-27T15:51:33ZNot So Incognito: Exploiting Resource-Based Side Channels in JavaScript EnginesBooth, JoComputer ScienceIn this thesis, a resource-based side channel vulnerability is shown to exist in the JavaScript engines deployed in today's front-running internet browsers. A remote attack is constructed to exploit this vulnerability at a distance, and three distinct attacker models leveraging the side channel are presented. The platform independence of this attack is established, and the implications of the attack for web security are discussed. An implementation of the attack utilizing classification via machine learning techniques is presented and evaluated. Several mitigation strategies for eliminating the threat are then proposed.Computer Science2015-07-16T16:26:22Z2015-052015-06-262015Thesis or Dissertationtextapplication/pdfBooth, Jo. 2015. Not So Incognito: Exploiting Resource-Based Side Channels in JavaScript Engines. Bachelor's thesis, Harvard College.http://nrs.harvard.edu/urn-3:HUL.InstRepos:17417578enclosed accessHarvard University
collection NDLTD
language en
format Others
sources NDLTD
topic Computer Science
spellingShingle Computer Science
Booth, Jo
Not So Incognito: Exploiting Resource-Based Side Channels in JavaScript Engines
description In this thesis, a resource-based side channel vulnerability is shown to exist in the JavaScript engines deployed in today's front-running internet browsers. A remote attack is constructed to exploit this vulnerability at a distance, and three distinct attacker models leveraging the side channel are presented. The platform independence of this attack is established, and the implications of the attack for web security are discussed. An implementation of the attack utilizing classification via machine learning techniques is presented and evaluated. Several mitigation strategies for eliminating the threat are then proposed. === Computer Science
author Booth, Jo
author_facet Booth, Jo
author_sort Booth, Jo
title Not So Incognito: Exploiting Resource-Based Side Channels in JavaScript Engines
title_short Not So Incognito: Exploiting Resource-Based Side Channels in JavaScript Engines
title_full Not So Incognito: Exploiting Resource-Based Side Channels in JavaScript Engines
title_fullStr Not So Incognito: Exploiting Resource-Based Side Channels in JavaScript Engines
title_full_unstemmed Not So Incognito: Exploiting Resource-Based Side Channels in JavaScript Engines
title_sort not so incognito: exploiting resource-based side channels in javascript engines
publisher Harvard University
publishDate 2015
url http://nrs.harvard.edu/urn-3:HUL.InstRepos:17417578
work_keys_str_mv AT boothjo notsoincognitoexploitingresourcebasedsidechannelsinjavascriptengines
_version_ 1718507032208736256