research-article

The Spy in the Sandbox: Practical Cache Attacks in JavaScript and their Implications

Authors:

Vasileios P. Kemerlis,

Simha Sethumadhavan,

Angelos D. KeromytisAuthors Info & Claims

CCS '15: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security

Pages 1406 - 1418

https://doi.org/10.1145/2810103.2813708

Published: 12 October 2015 Publication History

Abstract

We present a micro-architectural side-channel attack that runs entirely in the browser. In contrast to previous work in this genre, our attack does not require the attacker to install software on the victim's machine; to facilitate the attack, the victim needs only to browse to an untrusted webpage that contains attacker-controlled content. This makes our attack model highly scalable, and extremely relevant and practical to today's Web, as most desktop browsers currently used to access the Internet are affected by such side channel threats. Our attack, which is an extension to the last-level cache attacks of Liu et al., allows a remote adversary to recover information belonging to other processes, users, and even virtual machines running on the same physical host with the victim web browser. We describe the fundamentals behind our attack, and evaluate its performance characteristics. In addition, we show how it can be used to compromise user privacy in a common setting, letting an attacker spy after a victim that uses private browsing. Defending against this side channel is possible, but the required countermeasures can exact an impractical cost on benign uses of the browser.

References

[1]

O. Aciiçmez. Yet Another MicroArchitectural Attack: Exploiting I-Cache. In Proc. of ACM CSAW, pages 11--18, 2007.

Digital Library

[2]

G. I. Apecechea, M. S. Inci, T. Eisenbarth, and B. Sunar. Wait a Minute! A fast, Cross-VM Attack on AES. In Proc. of RAID, pages 299--319, 2014.

[3]

D. J. Bernstein. Cache-timing attacks on AES. http://cr.yp.to/papers.html#cachetiming, April 2005. {Online; accessed August-2015}.

[4]

D. Brumley and D. Boneh. Remote Timing Attacks are Practical. In Proc. of USENIX Sec., pages 1--14, 2005.

Digital Library

[5]

Ecma International. Standard ECMA-262: ECMAScript® Language Specification. http://www.ecma-international.org/ecma-262/5.1/index.html, June 2011. {Online; accessed August-2015}.

[6]

T. Eisenbarth, T. Kasper, A. Moradi, C. Paar, M. Salmasizadeh, and M. T. M. Shalmani. On the Power of Power Analysis in the Real World: A Complete Break of thetextttKEELOQ Code Hopping Scheme. In Proc. of CRYPTO, pages 203--220, 2008.

Digital Library

[7]

D. Herman and K. Russell. Typed Array Specification. https://www.khronos.org/registry/typedarray/specs/latest/, July 2013. {Online; accessed August-2015}.

[8]

G. Ho, D. Boneh, L. Ballard, and N. Provos. Tick Tock: Building Browser Red Pills from Timing Side Channels. In Proc. of WOOT, 2014.

Digital Library

[9]

W. Hu. Lattice Scheduling and Covert Channels. In Proc. of IEEE S&P, pages 52--61, 1992.

Digital Library

[10]

R. Hund, C. Willems, and T. Holz. Practical Timing Side Channel Attacks Against Kernel Space ASLR. In Proc. of IEEE S&P, pages 191--205, 2013.

Digital Library

[11]

S. Jana and V. Shmatikov. Memento: Learning Secrets from Process Footprints. In Proc. of IEEE S&P, pages 143--157, 2012.

Digital Library

[12]

V. P. Kemerlis, M. Polychronakis, and A. D. Keromytis. ret2dir: Rethinking Kernel Isolation. In Proc. of USENIX Sec, pages 957--972, 2014.

Digital Library

[13]

P. C. Kocher. Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems. In Proc. of CRYPTO, pages 104--113, 1996.

Digital Library

[14]

F. Liu, Y. Yarom, Q. Ge, G. Heiser, and R. B. Lee. Last-Level Cache Side-Channel Attacks are Practical. In Proc. of IEEE S&P, pages 605--622, 2015.

Digital Library

[15]

S. Mangard, E. Oswald, and T. Popp. Power Analysis Attacks: Revealing the Secrets of Smart Cards. Springer, 2007.

[16]

J. Mann. High Resolution Time. http://www.w3.org/TR/hr-time/, December 2012. {Online; accessed August-2015}.

[17]

C. Maurice, C. Neumann, O. Heen, and A. Francillon. C5: Cross-Cores Cache Covert Channel. In Proc. of DIMVA, pages 46--64, 2015.

Digital Library

[18]

Y. Oren, M. Kirschbaum, T. Popp, and A. Wool. Algebraic side-channel analysis in the presence of errors. In Proc. of CHES, pages 428--442, 2010.

Digital Library

[19]

D. A. Osvik, A. Shamir, and E. Tromer. Cache Attacks and Countermeasures: The Case of AES. In Proc. of CT-RSA, pages 1--20, 2006.

Digital Library

[20]

D. Oswald and C. Paar. Breaking Mifare DESFire MF3ICD40: Power Analysis and Templates in the Real World. In Proc. of CHES, pages 207--222, 2011.

Digital Library

[21]

C. Percival. Cache Missing for Fun and Profit. In Proc. of BSDCan, 2005.

[22]

N. Provos, P. Mavrommatis, M. A. Rajab, and F. Monrose. All Your iFRAMEs Point to Us. In Proc. of USENIX Sec., pages 1--15, 2008.

Digital Library

[23]

M. K. Qureshi, A. Jaleel, Y. N. Patt, S. C. S. Jr., and J. Emer. Adaptive Insertion Policies for High Performance Caching. In Proc. of ISCA, pages 381--391, 2007.

Digital Library

[24]

T. Ristenpart, E. Tromer, H. Shacham, and S. Savage. Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds. In Proc. of CCS, pages 199--212, 2009.

Digital Library

[25]

K. A. Shutemov. pagemap: do not leak physical addresses to non-privileged userspace. https://lwn.net/Articles/642074/, March 2015. {Online; accessed August-2015}.

[26]

StatCounter. GlobalStats. http://gs.statcounter.com, January 2015. {Online; accessed August-2015}.

[27]

W3C. Javascript APIs Current Status. http://www.w3.org/standards/techs/js. {Online; accessed August-2015}.

[28]

Z. Wang, X. Jiang, W. Cui, X. Wang, and M. Grace. ReFormat: Automatic Reverse Engineering of Encrypted Messages. In Proc. of ESORICS, pages 200--215, 2009.

Digital Library

[29]

Y. Zhang, A. Juels, M. K. Reiter, and T. Ristenpart. Cross-VM Side Channels and Their Use to Extract Private Keys. In Proc. of CCS, pages 305--316, 2012.

Digital Library

[30]

Y. Zhang, A. Juels, M. K. Reiter, and T. Ristenpart. Cross-Tenant Side-Channel Attacks in PaaS Clouds. In Proc. of ACM CCS, pages 990--1003, 2014.

Digital Library

Cited By

Gast SJuffinger JMaar LRoyer CKogler AGruss D(2025)Remote Scheduler Contention AttacksFinancial Cryptography and Data Security10.1007/978-3-031-78676-1_21(365-383)Online publication date: 22-Feb-2025
https://doi.org/10.1007/978-3-031-78676-1_21
O'Connell SSour LMagen RGenkin DOren YShacham HYarom YBalzarotti DXu W(2024)Pixel thiefProceedings of the 33rd USENIX Conference on Security Symposium10.5555/3698900.3699087(3331-3348)Online publication date: 14-Aug-2024
https://dl.acm.org/doi/10.5555/3698900.3699087
Wang PPaccagnella RWahby RBrown FBalzarotti DXu W(2024)Bending microarchitectural weird machines towards practicalityProceedings of the 33rd USENIX Conference on Security Symposium10.5555/3698900.3698962(1099-1116)Online publication date: 14-Aug-2024
https://dl.acm.org/doi/10.5555/3698900.3698962
Show More Cited By

Index Terms

The Spy in the Sandbox: Practical Cache Attacks in JavaScript and their Implications
1. Security and privacy
  1. Systems security
    1. Information flow control
    2. Operating systems security

Recommendations

Cache Attacks on Intel SGX
EuroSec'17: Proceedings of the 10th European Workshop on Systems Security

For the first time, we practically demonstrate that Intel SGX enclaves are vulnerable against cache-timing attacks. As a case study, we present an access-driven cache-timing attack on AES when running inside an Intel SGX enclave. Using Neve and Seifert'...
Consecutive S-box Lookups: A Timing Attack on SNOW 3G
Information and Communications Security
Abstract
We present a cache-timing attack on the SNOW 3G stream cipher. The attack has extremely low complexity and we show it is capable of recovering the full cipher state from empirical timing data in a matter of seconds, requiring no known keystream ...
Consecutive S-box lookups: a timing attack on SNOW 3G
ICICS'10: Proceedings of the 12th international conference on Information and communications security

We present a cache-timing attack on the SNOW 3G stream cipher. The attack has extremely low complexity and we show it is capable of recovering the full cipher state from empirical timing data in a matter of seconds, requiring no known keystream and only ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CCS '15: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security

October 2015

1750 pages

ISBN:9781450338325

DOI:10.1145/2810103

General Chair:
Indrajit Ray
Colorado State University, USA
,
Program Chairs:
Ninghui Li
Purdue University, USA
,
Christopher Kruegel
University of California, Santa Barbara, USA

Copyright © 2015 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 12 October 2015

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Office of Naval Research (ONR)

Conference

CCS'15

Sponsor:

SIGSAC

CCS'15: The 22nd ACM Conference on Computer and Communications Security

October 12 - 16, 2015

Colorado, Denver, USA

Acceptance Rates

CCS '15 Paper Acceptance Rate 128 of 660 submissions, 19%;

Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

196
Total Citations
View Citations
1,418
Total Downloads

Downloads (Last 12 months)114
Downloads (Last 6 weeks)9

Reflects downloads up to 28 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Gast SJuffinger JMaar LRoyer CKogler AGruss D(2025)Remote Scheduler Contention AttacksFinancial Cryptography and Data Security10.1007/978-3-031-78676-1_21(365-383)Online publication date: 22-Feb-2025
https://doi.org/10.1007/978-3-031-78676-1_21
O'Connell SSour LMagen RGenkin DOren YShacham HYarom YBalzarotti DXu W(2024)Pixel thiefProceedings of the 33rd USENIX Conference on Security Symposium10.5555/3698900.3699087(3331-3348)Online publication date: 14-Aug-2024
https://dl.acm.org/doi/10.5555/3698900.3699087
Wang PPaccagnella RWahby RBrown FBalzarotti DXu W(2024)Bending microarchitectural weird machines towards practicalityProceedings of the 33rd USENIX Conference on Security Symposium10.5555/3698900.3698962(1099-1116)Online publication date: 14-Aug-2024
https://dl.acm.org/doi/10.5555/3698900.3698962
Ferguson EWilson ANaghibijouybari HQuek TGao DZhou JCardenas A(2024)WebGPU-SPY: Finding Fingerprints in the Sandbox through GPU Cache AttacksProceedings of the 19th ACM Asia Conference on Computer and Communications Security10.1145/3634737.3637648(158-171)Online publication date: 1-Jul-2024
https://dl.acm.org/doi/10.1145/3634737.3637648
Zhao ZMorrison AFletcher CTorrellas JTsafrir DMusuvathi MGupta RAbu-Ghazaleh N(2024)Last-Level Cache Side-Channel Attacks Are Feasible in the Modern Public CloudProceedings of the 29th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, Volume 210.1145/3620665.3640403(582-600)Online publication date: 27-Apr-2024
https://dl.acm.org/doi/10.1145/3620665.3640403
Zhang XWang JCheng YLi QSun KZheng YZhang NLi X(2024)Interface-Based Side Channel in TEE-Assisted Networked ServicesIEEE/ACM Transactions on Networking10.1109/TNET.2023.329401932:1(613-626)Online publication date: Feb-2024
https://doi.org/10.1109/TNET.2023.3294019
Zhang XGong HChang RZhou Y(2024)RECAST: Mitigating Conflict-Based Cache Attacks Through Fine-Grained Dynamic MappingIEEE Transactions on Information Forensics and Security10.1109/TIFS.2024.336886219(3758-3771)Online publication date: 2024
https://doi.org/10.1109/TIFS.2024.3368862
Ge JZhang F(2024)SnapMem: Hardware/Software Cooperative Memory Resistant to Cache-Related Attacks on ARM-FPGA Embedded SoCIEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems10.1109/TCAD.2024.339208243:10(2902-2915)Online publication date: Oct-2024
https://doi.org/10.1109/TCAD.2024.3392082
Wei SHarris AZhu YRamrakhyani PLin CTiwari M(2024)Tail Victims in Termination Timing Channel Defenses Beyond Cryptographic Kernels2024 International Symposium on Secure and Private Execution Environment Design (SEED)10.1109/SEED61283.2024.00012(11-22)Online publication date: 16-May-2024
https://doi.org/10.1109/SEED61283.2024.00012
Miao YZhang YWu DZhang DTan GZhang RKandemir M(2024)Veiled Pathways: Investigating Covert and Side Channels Within GPU Uncore2024 57th IEEE/ACM International Symposium on Microarchitecture (MICRO)10.1109/MICRO61859.2024.00088(1169-1183)Online publication date: 2-Nov-2024
https://doi.org/10.1109/MICRO61859.2024.00088
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten