Not So Incognito: Exploiting Resource-Based Side Channels in JavaScript Engines
In this thesis, a resource-based side channel vulnerability is shown to exist in the JavaScript engines deployed in today's front-running internet browsers. A remote attack is constructed to exploit this vulnerability at a distance, and three distinct attacker models leveraging the side channel...
Main Author: | |
---|---|
Format: | Others |
Language: | en |
Published: |
Harvard University
2015
|
Subjects: | |
Online Access: | http://nrs.harvard.edu/urn-3:HUL.InstRepos:17417578 |
id |
ndltd-harvard.edu-oai-dash.harvard.edu-1-17417578 |
---|---|
record_format |
oai_dc |
spelling |
ndltd-harvard.edu-oai-dash.harvard.edu-1-174175782017-07-27T15:51:33ZNot So Incognito: Exploiting Resource-Based Side Channels in JavaScript EnginesBooth, JoComputer ScienceIn this thesis, a resource-based side channel vulnerability is shown to exist in the JavaScript engines deployed in today's front-running internet browsers. A remote attack is constructed to exploit this vulnerability at a distance, and three distinct attacker models leveraging the side channel are presented. The platform independence of this attack is established, and the implications of the attack for web security are discussed. An implementation of the attack utilizing classification via machine learning techniques is presented and evaluated. Several mitigation strategies for eliminating the threat are then proposed.Computer Science2015-07-16T16:26:22Z2015-052015-06-262015Thesis or Dissertationtextapplication/pdfBooth, Jo. 2015. Not So Incognito: Exploiting Resource-Based Side Channels in JavaScript Engines. Bachelor's thesis, Harvard College.http://nrs.harvard.edu/urn-3:HUL.InstRepos:17417578enclosed accessHarvard University |
collection |
NDLTD |
language |
en |
format |
Others
|
sources |
NDLTD |
topic |
Computer Science |
spellingShingle |
Computer Science Booth, Jo Not So Incognito: Exploiting Resource-Based Side Channels in JavaScript Engines |
description |
In this thesis, a resource-based side channel vulnerability is shown to exist in the JavaScript engines deployed in today's front-running internet browsers. A remote attack is constructed to exploit this vulnerability at a distance, and three distinct attacker models leveraging the side channel are presented. The platform independence of this attack is established, and the implications of the attack for web security are discussed. An implementation of the attack utilizing classification via machine learning techniques is presented and evaluated. Several mitigation strategies for eliminating the threat are then proposed. === Computer Science |
author |
Booth, Jo |
author_facet |
Booth, Jo |
author_sort |
Booth, Jo |
title |
Not So Incognito: Exploiting Resource-Based Side Channels in JavaScript Engines |
title_short |
Not So Incognito: Exploiting Resource-Based Side Channels in JavaScript Engines |
title_full |
Not So Incognito: Exploiting Resource-Based Side Channels in JavaScript Engines |
title_fullStr |
Not So Incognito: Exploiting Resource-Based Side Channels in JavaScript Engines |
title_full_unstemmed |
Not So Incognito: Exploiting Resource-Based Side Channels in JavaScript Engines |
title_sort |
not so incognito: exploiting resource-based side channels in javascript engines |
publisher |
Harvard University |
publishDate |
2015 |
url |
http://nrs.harvard.edu/urn-3:HUL.InstRepos:17417578 |
work_keys_str_mv |
AT boothjo notsoincognitoexploitingresourcebasedsidechannelsinjavascriptengines |
_version_ |
1718507032208736256 |