Sciweavers

CCS
2015
ACM

The Spy in the Sandbox: Practical Cache Attacks in JavaScript and their Implications

8 years 7 months ago
The Spy in the Sandbox: Practical Cache Attacks in JavaScript and their Implications
We present a micro-architectural side-channel attack that runs entirely in the browser. In contrast to previous work in this genre, our attack does not require the attacker to install software on the victim’s machine; to facilitate the attack, the victim needs only to browse to an untrusted webpage that contains attacker-controlled content. This makes our attack model highly scalable, and extremely relevant and practical to today’s Web, as most desktop browsers currently used to access the Internet are affected by such side channel threats. Our attack, which is an extension to the last-level cache attacks of Liu et al. [14], allows a remote adversary to recover information belonging to other processes, users, and even virtual machines running on the same physical host with the victim web browser. We describe the fundamentals behind our attack, and evaluate its performance characteristics. In addition, we show how it can be used to compromise user privacy in a common setting, lett...
Yossef Oren, Vasileios P. Kemerlis, Simha Sethumad
Added 17 Apr 2016
Updated 17 Apr 2016
Type Journal
Year 2015
Where CCS
Authors Yossef Oren, Vasileios P. Kemerlis, Simha Sethumadhavan, Angelos D. Keromytis
Comments (0)