Loading…
Back To Schedule
Tuesday, October 13 • 14:15 - 15:00
The Spy in the Sandbox: Practical Cache Attacks in Javascript and their Implications

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Side channel analysis is a remarkably powerful cryptanalytic technique. It allows attackers to extract secret information hidden inside a secure device, by analyzing the physical signals (e.g., power, heat) that the device emits as it performs a secure computation. While the potency of side-channel attacks is established without question, their application to practical settings is debatable. The main limiting factor to the practicality of side-channel attacks is the problematic attack model they assume; with the exception of network-based timing attacks, most side-channel attacks require the attacker be in “close proximity” to the victim.

In this work, we challenge this limiting assumption by presenting a successful side-channel attack that assumes a far more relaxed and practical attacker model. In our model, the victim merely has to *access a website* owned by the attacker using his personal computer. Despite this minimal model, we show how the attacker can still launch a side-channel attack in a practical time frame and extract meaningful information from the system under attack. Defending against this attack is possible, but the required countermeasures can exact an impractical cost on benign uses of the browser.

Joint work with Vasileios P. Kemerlis, Angelos D. Keromytis and Simha Sethumadhavan.


Speakers
avatar for Yossi Oren

Yossi Oren

Senior Lecturer, Ben Gurion University
Hi! I am a senior lecturer at the Department of Information Systems Engineering in Ben Gurion University, and a member of BGU's Cyber Security Research Center. Before joining BGU I was a Post-Doctoral Research Scientist in the Network Security Lab at Columbia University in the City... Read More →


Tuesday October 13, 2015 14:15 - 15:00 IDT
Main Auditorium
  Track 1

Attendees (1)