Mohammad Erfan Mazaheri, Farhad Taheri, Siavash Bayat Sarmadi
{"title":"潜伏的眼睛:一种检测JavaScript和WebAssembly侧通道攻击的方法","authors":"Mohammad Erfan Mazaheri, Farhad Taheri, Siavash Bayat Sarmadi","doi":"10.1109/ISCISC51277.2020.9261920","DOIUrl":null,"url":null,"abstract":"Side-channel attacks are a group of powerful attacks in hardware security that exploit the deficiencies in the implementation of systems. Timing side-channel attacks are one of the main categories that employ the time difference of running an operation in different states. In recent years, many types of timing side-channel analysis are proposed under the name of cache attacks. The limitation of such attacks is the requirement of running a spy program locally on the targeted device. Various studies have tried to overcome this limitation by implementing timing side-channel attacks, specially cache attacks, remotely on JavaScript and WebAssembly. There are some countermeasures proposed by previous works at three levels of hardware, operating system, and software. The main approach in most of previous works is to prevent timing side-channel attacks by disabling the essential features of JavaScript. In this paper, we weight the pros and cons of the previous countermeasures and propose a novel detection-based approach, namely Lurking Eyes. The proposed approach has the least performance reduction in JavaScript and WebAssembly. The evaluation results show that the Lurking Eyes has an accuracy of 0.998, precision of 0.983, and F-measure of 0.983. Considering the evaluation results and fewer limitations compared to previous works, Lurking Eyes method can be introduced as an effective way to counter timing side-channel attacks on JavaScript and WebAssembly.","PeriodicalId":206256,"journal":{"name":"2020 17th International ISC Conference on Information Security and Cryptology (ISCISC)","volume":"44 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-09-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"Lurking Eyes: A Method to Detect Side-Channel Attacks on JavaScript and WebAssembly\",\"authors\":\"Mohammad Erfan Mazaheri, Farhad Taheri, Siavash Bayat Sarmadi\",\"doi\":\"10.1109/ISCISC51277.2020.9261920\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Side-channel attacks are a group of powerful attacks in hardware security that exploit the deficiencies in the implementation of systems. Timing side-channel attacks are one of the main categories that employ the time difference of running an operation in different states. In recent years, many types of timing side-channel analysis are proposed under the name of cache attacks. The limitation of such attacks is the requirement of running a spy program locally on the targeted device. Various studies have tried to overcome this limitation by implementing timing side-channel attacks, specially cache attacks, remotely on JavaScript and WebAssembly. There are some countermeasures proposed by previous works at three levels of hardware, operating system, and software. The main approach in most of previous works is to prevent timing side-channel attacks by disabling the essential features of JavaScript. In this paper, we weight the pros and cons of the previous countermeasures and propose a novel detection-based approach, namely Lurking Eyes. The proposed approach has the least performance reduction in JavaScript and WebAssembly. The evaluation results show that the Lurking Eyes has an accuracy of 0.998, precision of 0.983, and F-measure of 0.983. Considering the evaluation results and fewer limitations compared to previous works, Lurking Eyes method can be introduced as an effective way to counter timing side-channel attacks on JavaScript and WebAssembly.\",\"PeriodicalId\":206256,\"journal\":{\"name\":\"2020 17th International ISC Conference on Information Security and Cryptology (ISCISC)\",\"volume\":\"44 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2020-09-09\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2020 17th International ISC Conference on Information Security and Cryptology (ISCISC)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ISCISC51277.2020.9261920\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2020 17th International ISC Conference on Information Security and Cryptology (ISCISC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ISCISC51277.2020.9261920","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Lurking Eyes: A Method to Detect Side-Channel Attacks on JavaScript and WebAssembly
Side-channel attacks are a group of powerful attacks in hardware security that exploit the deficiencies in the implementation of systems. Timing side-channel attacks are one of the main categories that employ the time difference of running an operation in different states. In recent years, many types of timing side-channel analysis are proposed under the name of cache attacks. The limitation of such attacks is the requirement of running a spy program locally on the targeted device. Various studies have tried to overcome this limitation by implementing timing side-channel attacks, specially cache attacks, remotely on JavaScript and WebAssembly. There are some countermeasures proposed by previous works at three levels of hardware, operating system, and software. The main approach in most of previous works is to prevent timing side-channel attacks by disabling the essential features of JavaScript. In this paper, we weight the pros and cons of the previous countermeasures and propose a novel detection-based approach, namely Lurking Eyes. The proposed approach has the least performance reduction in JavaScript and WebAssembly. The evaluation results show that the Lurking Eyes has an accuracy of 0.998, precision of 0.983, and F-measure of 0.983. Considering the evaluation results and fewer limitations compared to previous works, Lurking Eyes method can be introduced as an effective way to counter timing side-channel attacks on JavaScript and WebAssembly.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
