loophole timing attacks on shared event loops in chrome
play

Loophole: Timing Attacks on Shared Event Loops in Chrome Pepe Vila - PowerPoint PPT Presentation

Nov 30, 2023 •553 likes •1.2k views

Loophole: Timing Attacks on Shared Event Loops in Chrome Pepe Vila and Boris Kpf vwzq.net @cgvwzq github.com/cgvwzq EVENT DRIVEN PROGRAMMING SO HOT RIGHT NOW EVENT DRIVEN PROGRAMMING SO HOT RIGHT NOW Source:

  1. Loophole: Timing Attacks on Shared Event Loops in Chrome Pepe Vila and Boris Köpf vwzq.net @cgvwzq github.com/cgvwzq

  2. EVENT DRIVEN PROGRAMMING SO HOT RIGHT NOW

  3. EVENT DRIVEN PROGRAMMING SO HOT RIGHT NOW

  4. Source: http://berb.github.io/diploma-thesis/original/042_serverarch.html

  5. We exploit 2 different shared Event Loops in Chrome:

  6. We exploit 2 different shared Event Loops in Chrome: I/O’s of the Host Process Main thread’s of Renderers

  7. We exploit 2 different shared Event Loops in Chrome: I/O’s of the Host Process Main thread’s of Renderers And implement 3 different attacks:

  8. We exploit 2 different shared Event Loops in Chrome: I/O’s of the Host Process Main thread’s of Renderers And implement 3 different attacks: Page Identification

  9. We exploit 2 different shared Event Loops in Chrome: I/O’s of the Host Process Main thread’s of Renderers And implement 3 different attacks: Page Identification Inter-keystroke Timing 10.00 4.00 2.00 1.00 0.40 0.20 0.10 0.06 0.04 0.02 19780.000 19785.000 19790.000 19795.000 19800.000

  10. We exploit 2 different shared Event Loops in Chrome: I/O’s of the Host Process Main thread’s of Renderers And implement 3 different attacks: Page Identification Covert Channel Inter-keystroke Timing 10.00 4.00 2.00 1.00 0.40 0.20 0.10 0.06 0.04 0.02 19780.000 19785.000 19790.000 19795.000 19800.000

  12. Shared Event Loop FIFO queue Dispatcher time

  13. Shared Event Loop FIFO queue e 0 Dispatcher time

  14. Shared Event Loop FIFO queue Dispatcher time e 0

  15. Shared Event Loop FIFO queue e 1 Dispatcher time e 0

  16. Shared Event Loop FIFO queue e 1 e 0 Dispatcher time

  17. Shared Event Loop FIFO queue e 0 Dispatcher time e 1

  18. Shared Event Loop FIFO queue e 2 e 0 Dispatcher time e 1

  19. Shared Event Loop FIFO queue e 2 e 0 e 1 Dispatcher time

  20. Shared Event Loop FIFO queue e 2 e 0 e 1 Dispatcher time

  21. Shared Event Loop FIFO queue e 0 e 1 Dispatcher time e 2

  22. Shared Event Loop FIFO queue e 0 e 1 Dispatcher time e 2

  23. Shared Event Loop FIFO queue e 3 e 0 e 1 Dispatcher time e 2

  24. Shared Event Loop FIFO queue e 3 e 0 e 1 e 2 Dispatcher time

  25. Shared Event Loop FIFO queue e 3 e 0 e 1 e 2 Dispatcher time

  26. Shared Event Loop FIFO queue e 3 e 0 e 1 e 2 Dispatcher time

  27. Shared Event Loop FIFO queue e 0 e 1 e 2 Dispatcher time e 3

  28. Shared Event Loop FIFO queue e 4 e 0 e 1 e 2 Dispatcher time e 3

  29. Shared Event Loop FIFO queue e 4 e 0 e 1 e 2 e 3 Dispatcher time

  30. Shared Event Loop FIFO queue e 0 e 1 e 2 e 3 Dispatcher time e 4

  31. Shared Event Loop FIFO queue e 0 e 1 e 2 e 3 e 4 Dispatcher time

  32. Shared Event Loop FIFO queue d 0 d 1 d 2 d 3 e 0 e 1 e 2 e 3 e 4 Dispatcher time

  33. Shared Event Loop Event-delay trace FIFO queue d 0 d 1 d 2 d 3 e 0 e 1 e 2 e 3 e 4 Dispatcher time

  34. SYSTEM/INTERNET

  35. SYSTEM/INTERNET HOST PROCESS

  36. SYSTEM/INTERNET • NETWORK REQUESTS HOST PROCESS • IPC COMMUNICATION • DISPATCHES USER ACTIONS

  37. SYSTEM/INTERNET • NETWORK REQUESTS HOST PROCESS • IPC COMMUNICATION • DISPATCHES USER ACTIONS SHARED BETWEEN ALL RENDERERS

  38. SYSTEM/INTERNET HOST PROCESS RENDERER 1 RENDERER N tab1 | trusted.com tab 2 |

  39. SYSTEM/INTERNET HOST PROCESS SANDBOXED 
 PROCESSES RENDERER 1 RENDERER N tab1 | trusted.com tab 2 |

  40. SYSTEM/INTERNET HOST PROCESS RENDERER 1 RENDERER N tab1 | trusted.com tab 2 | evil.com

  41. Spying on the Host <script> 
 function loop () { save(performance.now()); fetch( new Request("http://0/")) . catch (loop); } loop(); </script> Timing resolution of ~500 μ s

  42. Spying on the Host <script> 
 function loop () { save(performance.now()); fetch( new Request("http://0/")) . catch (loop); } loop(); </script> Timing resolution of ~500 μ s With some smarter techniques we obtain <100 μ s 
 (see the paper)

  43. SYSTEM/INTERNET HOST PROCESS RENDERER 1 tab1 | trusted.com

  44. SYSTEM/INTERNET HOST PROCESS RENDERER 1 tab1 | trusted.com • JAVASCRIPT EXECUTION • RESOURCE PARSING • LAYOUT & RENDERING

  45. SYSTEM/INTERNET HOST PROCESS RENDERER 1 tab1 | trusted.com SHARED BETWEEN IFRAMES, POPUPS, iframe | MAX #RENDERER EXCEEDED…

  46. SYSTEM/INTERNET HOST PROCESS RENDERER 1 tab1 | trusted.com iframe | evil.co

  47. Spying on the Renderer <script> 
 function loop() { save(performance.now()); self.postMessage(0, "*"); } self.onmessage = loop; loop(); </script> Timing resolution of <25 μ s

  48. 
 
 Duration of Events μ -arch Mouse GC JS event events ? loop() movement scavenge handlers <5 μ s … 25 μ s 100 μ s <1 ms >2 ms

  49. 
 
 Duration of Events μ -arch Mouse GC JS event events ? loop() movement scavenge handlers <5 μ s … 25 μ s 100 μ s <1 ms >2 ms Good vs. badly coded web pages

  50. Web Page Identification & Inter-keystroke Timing

  51. Web Page Identification Monitor the EventLoop while page loading

  52. Dynamic Time Warping DTW is resistant to delays in the occurrence of events

  53. Dynamic Time Warping DTW is resistant to delays in the occurrence of events 2-4 seconds of measuring

  54. Dynamic Time Warping DTW is resistant to delays in the occurrence of events 2-4 seconds of One trace for measuring training

  55. Web Page Identification 500 pages x 30 traces x 3 machines x 2 event loops 75% Renderer’s main thread: (Linux desktop) 23% Host’s I/O thread: (Macbook Pro) (recognition rates below 5% across machines) R-library and datasets: 
 https://github.com/cgvwzq/rlang-loophole

  56. Inter-keystroke Timing 10.00 4.00 2.00 1.00 0.40 0.20 0.10 0.06 0.04 0.02 19780.000 19785.000 19790.000 19795.000 19800.000 19805.000 We obtain the password length and 
 time between consecutive pressed keys

  57. Inter-keystroke Timing 10.000 passwords 90% accuracy precision: σ = 6.1 ms

  58. Inter-keystroke Timing 10.000 passwords 90% accuracy precision: σ = 6.1 ms More precision than network based attacks. Less noise than in micro-architectural attacks. No privileges. No training.

  59. Countermeasures • Reduce clock resolution • Site Isolation Project • CPU Throttling

  60. Countermeasures • Reduce clock resolution • Site Isolation Project • CPU Throttling

  61. Conclusions • Shared event loops in Chrome are vulnerable to timing side-channels • We systematically study how this channel can be used for different attacks • Fundamental design issues that need to be addressed

  62. Thank you! :) Questions? 62

  63. You can visualise the congestion of event loops with our LoopScan tool https://github.com/cgvwzq/loopscan

Recommend

Loophole: Timing Attacks on Shared Event Loops in Chrome Pepe Vila &amp; Boris Kpf IMDEA

Loophole: Timing Attacks on Shared Event Loops in Chrome Pepe Vila &amp; Boris Kpf IMDEA

Loophole: Timing Attacks on Shared Event Loops in Chrome Pepe Vila &amp; Boris Kpf IMDEA Software Institute About me Im Pepe @cgvwzq http://vwzq.net/ Some notes about Chrome Chrome was a blackbox for me. Its code base is immense.

622 views • 38 slides
Loophole Timing Attacks on Shared Event Loops in Chrome Pepe Vila November 22, 2016 Pepe Vila

Loophole Timing Attacks on Shared Event Loops in Chrome Pepe Vila November 22, 2016 Pepe Vila

Loophole Timing Attacks on Shared Event Loops in Chrome Pepe Vila November 22, 2016 Pepe Vila Loophole November 22, 2016 1 / 22 Introduction Event-driven programming Event loops A timing side-channel on event loops Pepe Vila Loophole

996 views • 51 slides
Loophole: Timing Attacks on Shared Event Loops in Chrome Pepe Vila and Boris Kpf vwzq.net

Loophole: Timing Attacks on Shared Event Loops in Chrome Pepe Vila and Boris Kpf vwzq.net

Loophole: Timing Attacks on Shared Event Loops in Chrome Pepe Vila and Boris Kpf vwzq.net @cgvwzq github.com/cgvwzq DISCLAIMER: CRYPTACUS DISCLAIMER: CRYPTACUS DISCLAIMER: CRYPTACUS (its funny because its very ubiquitous)

1.05k views • 62 slides
5. Note two things, the box now says, Added to Chrome. Notice the Blue box with an S (for Snagit)

5. Note two things, the box now says, Added to Chrome. Notice the Blue box with an S (for Snagit)

Snagit for Google Chrome: Instructions IMPORTANT. You will need to be in Chrome and Not on Chrome for this app to work. (go to Chrome first, then go to whatever site you plan to screencast.) 1. Open Chrome, Type in Snagit for Chrome.

184 views • 3 slides
Discussion: Remote Timing Attacks are Practical 600.624 2/11/05 Outline Why are timing

Discussion: Remote Timing Attacks are Practical 600.624 2/11/05 Outline Why are timing

Discussion: Remote Timing Attacks are Practical 600.624 2/11/05 Outline Why are timing attacks important? Clarifications Zero-One Gap / Neighborhood Size etc. Problems Questions Extensions Contribution Discussion

645 views • 26 slides
The Clock is Still Ticking: Timing Attacks in the Modern Web Tom Van Goethem, Wouter Joosen,

The Clock is Still Ticking: Timing Attacks in the Modern Web Tom Van Goethem, Wouter Joosen,

The Clock is Still Ticking: Timing Attacks in the Modern Web Tom Van Goethem, Wouter Joosen, Nick Nikiforakis Background: Timing attacks Introduced by Felten et al. in 2000. A side-channel attack analyzing the time that it takes to a

642 views • 21 slides
To view this event we advise you to use the following browsers. DESKTOP: we support Chrome,

To view this event we advise you to use the following browsers. DESKTOP: we support Chrome,

To view this event we advise you to use the following browsers. DESKTOP: we support Chrome, Firefox, Safari and Edge. Here are the minimum version requirements for each browser: Chrome 55+, Firefox 53+, Safari 12.1+, Edge 42 MOBILE: we have native

882 views • 51 slides
Event Loops in Practice July 19, 2017 Review Quiz Which of these is not a common method for

Event Loops in Practice July 19, 2017 Review Quiz Which of these is not a common method for

Event Loops in Practice July 19, 2017 Review Quiz Which of these is not a common method for speeding up an application? A. Threading B. Forking / Subprocesses C. Compression / Gzipping D. Event Loops / Async programming What is a benefit

352 views • 21 slides
Improving the QEMU Event Loop Fam Zheng Red Hat KVM Forum 2015 Agenda The event loops in

Improving the QEMU Event Loop Fam Zheng Red Hat KVM Forum 2015 Agenda The event loops in

Improving the QEMU Event Loop Fam Zheng Red Hat KVM Forum 2015 Agenda The event loops in QEMU Challenges Consistency Scalability Correctness The event loops in QEMU QEMU from a mile away Main loop from 10 meters The

523 views • 35 slides
Remote Timing Attacks are Practical by David Brumley and Dan Boneh Presented by Seny Kamara in

Remote Timing Attacks are Practical by David Brumley and Dan Boneh Presented by Seny Kamara in

Remote Timing Attacks are Practical by David Brumley and Dan Boneh Presented by Seny Kamara in Advanced Topics in Network Security (600/650.624) Outline Traditional threat model in cryptography Side-channel attacks Kochers

1.19k views • 77 slides
Remote Timing Attacks on TPMs, AKA TPM-Fail Daniel Moghimi About Me Daniel Moghimi

Remote Timing Attacks on TPMs, AKA TPM-Fail Daniel Moghimi About Me Daniel Moghimi

Remote Timing Attacks on TPMs, AKA TPM-Fail Daniel Moghimi About Me Daniel Moghimi @danielmgmi https://moghimi.org Security Researcher PhD Candidate @ WPI Microarchitectural Attacks Side Channels Breaking Crypto

1.2k views • 71 slides
On the Stability and Robustness of Non-Synchronous Circuits with Timing Loops Matthias Fgger,

On the Stability and Robustness of Non-Synchronous Circuits with Timing Loops Matthias Fgger,

On the Stability and Robustness of Non-Synchronous Circuits with Timing Loops Matthias Fgger, Gottfried Fuchs, Ulrich Schmid and Andreas Steininger Vienna University of Technology Embedded Computing Systems Group {fuegger, fuchs, schmid,

603 views • 19 slides
Remote Timing Attacks are Still Practical Billy Brumley Nicola Tuveri Aalto University School of

Remote Timing Attacks are Still Practical Billy Brumley Nicola Tuveri Aalto University School of

Remote Timing Attacks are Still Practical Billy Brumley Nicola Tuveri Aalto University School of Science, Finland {bbrumley,ntuveri}@tcs.hut.fi Synopsis New remote timing attack vulnerability in OpenSSLs implementation of Montgomerys

487 views • 25 slides
Cache-Timing Attacks Matteo BOCCHI System Research &amp; Applications STMicroelectronics S.r.l.

Cache-Timing Attacks Matteo BOCCHI System Research &amp; Applications STMicroelectronics S.r.l.

Cache-Timing Attacks Matteo BOCCHI System Research &amp; Applications STMicroelectronics S.r.l. 2018/12/06 Agenda 2 STM32 Nucleo Boards STM32 Firewall Cache-Timing Attack Evict&amp;Time vs. MbedTLS AES on STM32

477 views • 20 slides
Worst-Case Analysis of Digital Control Loops with Uncertain Input/Output Timing (Benchmark

Worst-Case Analysis of Digital Control Loops with Uncertain Input/Output Timing (Benchmark

Worst-Case Analysis of Digital Control Loops with Uncertain Input/Output Timing (Benchmark Proposal) Maximilian Gaukler and Peter Ulbrich Friedrich-Alexander-Universitt Erlangen-Nrnberg (FAU) ARCH19, Montral, Canada April 15, 2019 M.

601 views • 29 slides
Shared Spanning Trees GOAL Continue operating without loops in any physical connection

Shared Spanning Trees GOAL Continue operating without loops in any physical connection

Shared Spanning Trees GOAL Continue operating without loops in any physical connection topology including shared spanning tree switches, 802.1Q mono spanning tree switches, and others. Shared Spanning Trees January 27, 1999 1/11 IEEE

126 views • 11 slides
No Pardon for the Interruption: New Inference Attacks on Android Through Interrupt Timing

No Pardon for the Interruption: New Inference Attacks on Android Through Interrupt Timing

IEEE S&amp;P 2016 No Pardon for the Interruption: New Inference Attacks on Android Through Interrupt Timing Analysis May 24, 2016 Wenrui Diao , Xiangyu Liu, Zhou Li, and Kehuan Zhang 2/18 Motivation -- Hardware and Kernel Mobile platform

700 views • 21 slides
Determinating Timing Channels in Compute Clouds Amittai Aviram, Sen Hu, Bryan Ford Yale

Determinating Timing Channels in Compute Clouds Amittai Aviram, Sen Hu, Bryan Ford Yale

Determinating Timing Channels in Compute Clouds Amittai Aviram, Sen Hu, Bryan Ford Yale University http://dedis.cs.yale.edu/ Ramakrishna Gummadi University of Massechusetts Amherst CCSW, October 8, 2010 Timing Attacks Cooperative attacks

471 views • 30 slides
Exclusive Exponent Blinding May Not Suffice Attacks on RSA to Prevent Timing Attacks on RSA

Exclusive Exponent Blinding May Not Suffice Attacks on RSA to Prevent Timing Attacks on RSA

Exclusive Exponent Blinding May Not Suffice to Prevent Timing Exclusive Exponent Blinding May Not Suffice Attacks on RSA to Prevent Timing Attacks on RSA Werner Schindler Bundesamt f ur Sicherheit in der Werner Schindler

553 views • 23 slides
Plugging Side-Channel Leaks with Timing Information Flow Control Bryan Ford Yale University

Plugging Side-Channel Leaks with Timing Information Flow Control Bryan Ford Yale University

Plugging Side-Channel Leaks with Timing Information Flow Control Bryan Ford Yale University http://dedis.cs.yale.edu/ USENIX HotCloud, June 13, 2012 The Long History of Timing Attacks Cooperative attacks apply to: Mandatory Access

359 views • 21 slides
Running Android in a Container How the play store runs on Chrome OS How Android Runs On Chrome

Running Android in a Container How the play store runs on Chrome OS How Android Runs On Chrome

Running Android in a Container How the play store runs on Chrome OS How Android Runs On Chrome OS Chrome Graphics Buffer (Prime FD) Android IPC IPC Chrome IPC Binder System Bridge Bridge (*/init*) Input Events network config, GL,

296 views • 10 slides
CACHE-TIMING ATTACKS ON RSA KEY GENERATION Conference on Cryptographic Hardware and Embedded

CACHE-TIMING ATTACKS ON RSA KEY GENERATION Conference on Cryptographic Hardware and Embedded

CACHE-TIMING ATTACKS ON RSA KEY GENERATION Conference on Cryptographic Hardware and Embedded Systems (CHES) 2019 Alejandro Cabrera Aldaya 1 , Cesar Pereida Garca 2 , Luis Manuel Alvarez Tapia 1 , Billy Bob Brumley 2 , {aldaya,

371 views • 21 slides
Cache-timing attacks http://cr.yp.to/papers.html #cachetiming , 2005: D. J. Bernstein This

Cache-timing attacks http://cr.yp.to/papers.html #cachetiming , 2005: D. J. Bernstein This

Cache-timing attacks http://cr.yp.to/papers.html #cachetiming , 2005: D. J. Bernstein This paper reports successful Thanks to: extraction of a complete AES key University of Illinois at Chicago from a network server NSF CCR9983950 on

1.28k views • 91 slides
Revisiting the Chrome Extension Permissions Model Pranav Prakash, Chester Leung 1 Courtesy of

Revisiting the Chrome Extension Permissions Model Pranav Prakash, Chester Leung 1 Courtesy of

Revisiting the Chrome Extension Permissions Model Pranav Prakash, Chester Leung 1 Courtesy of W3Counter 2 Courtesy of W3Counter 3 Chrome has ~190,000 Google Chrome extensions released 2010 2020 2008 2019 Chrome adds Chrome removes

1.07k views • 105 slides

More recommend