A Study of Timing Side-Channel Attacks and Countermeasures on JavaScript and WebAssembly

Mohammad Erfan Mazaheri, Siavash Bayat Sarmadi, Farhad Taheri Ardakani
{"title":"A Study of Timing Side-Channel Attacks and Countermeasures on JavaScript and WebAssembly","authors":"Mohammad Erfan Mazaheri, Siavash Bayat Sarmadi, Farhad Taheri Ardakani","doi":"10.22042/ISECURE.2021.263565.599","DOIUrl":null,"url":null,"abstract":"Side-channel attacks are a group of powerful attacks in hardware security that exploit the deficiencies in the implementation of systems. Timing side-channel attacks are one of the main side-channel attack categories that use the time difference of running an operation in different states. Many powerful attacks can be classified into this type of attack, including cache attacks. The limitation of these attacks is the need to run the spy program on the victim's system. Various studies have tried to overcome this limitation by implementing these attacks remotely on JavaScript and WebAssembly. This paper provides the first comprehensive evaluation of timing side-channel attacks on JavaScript and investigates challenges and countermeasures to overcome these attacks. Moreover, by investigating the countermeasures and their strengths and weaknesses, we introduce a detection-based approach, called Lurking Eyes. Our approach has the least reduction in the performance of JavaScript and WebAssembly. The evaluation results show that the Lurking eyes have an accuracy of 0.998, precision of 0.983, and F-measure of 0.983. Considering these values and no limitations, this method can be introduced as an effective way to counter timing side-channel attacks on JavaScript and WebAssembly. Also, we provide a new accurate timer, named Eagle timer, based on WebAssembly memory for implementing these attacks.","PeriodicalId":436674,"journal":{"name":"ISC Int. J. Inf. Secur.","volume":"48 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-09-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"ISC Int. J. Inf. Secur.","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.22042/ISECURE.2021.263565.599","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 2

Abstract

Side-channel attacks are a group of powerful attacks in hardware security that exploit the deficiencies in the implementation of systems. Timing side-channel attacks are one of the main side-channel attack categories that use the time difference of running an operation in different states. Many powerful attacks can be classified into this type of attack, including cache attacks. The limitation of these attacks is the need to run the spy program on the victim's system. Various studies have tried to overcome this limitation by implementing these attacks remotely on JavaScript and WebAssembly. This paper provides the first comprehensive evaluation of timing side-channel attacks on JavaScript and investigates challenges and countermeasures to overcome these attacks. Moreover, by investigating the countermeasures and their strengths and weaknesses, we introduce a detection-based approach, called Lurking Eyes. Our approach has the least reduction in the performance of JavaScript and WebAssembly. The evaluation results show that the Lurking eyes have an accuracy of 0.998, precision of 0.983, and F-measure of 0.983. Considering these values and no limitations, this method can be introduced as an effective way to counter timing side-channel attacks on JavaScript and WebAssembly. Also, we provide a new accurate timer, named Eagle timer, based on WebAssembly memory for implementing these attacks.
基于JavaScript和WebAssembly的定时侧信道攻击及对策研究
侧信道攻击是一组利用系统实现缺陷的强大的硬件安全攻击。定时侧信道攻击是利用操作在不同状态下运行的时间差进行攻击的主要侧信道攻击类型之一。许多强大的攻击都可以归类为这种类型的攻击,包括缓存攻击。这些攻击的限制是需要在受害者的系统上运行间谍程序。各种各样的研究试图通过在JavaScript和WebAssembly上远程实现这些攻击来克服这一限制。本文首次全面评估了JavaScript的定时侧信道攻击,并研究了克服这些攻击的挑战和对策。此外,通过研究对策及其优缺点,我们引入了一种基于检测的方法,称为潜伏的眼睛。我们的方法对JavaScript和WebAssembly的性能降低最小。评价结果表明,“潜伏眼”的准确度为0.998,精密度为0.983,F-measure为0.983。考虑到这些值并且没有限制,该方法可以作为对抗JavaScript和WebAssembly上的定时侧通道攻击的有效方法引入。此外,我们还提供了一个新的精确计时器,名为Eagle计时器,它基于WebAssembly内存来实现这些攻击。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信