Prime+Probe 1, JavaScript 0: Overcoming Browser-based Side-Channel Defenses

Figure for Prime+Probe 1, JavaScript 0: Overcoming Browser-based Side-Channel Defenses

Authors: Ayush Agarwal , Sioli O’Connell , Anatoly Shusterman , Daniel Genkin , Yossi Oren , Yuval Yarom

Venue: 30th USENIX Security Symposium, 2021 (to appear)


Abstract

The “eternal war in cache” has reached browsers, with multiple cache-based side-channel attacks and countermeasures being suggested. A common approach for countermeasures is to disable or restrict javaScript features deemed essential for carrying out attacks. A recent proposal following this approach is Chrome Zero, a browser add-on that intercepts and changes the semantics of some JavaScript features, while claiming minimal impact on user experience.

In this work we demonstrate the fallacy of this approach. We show that controlling and disabling JavaScript features may attenuate but does not completely prevent side-channel attacks.

We follow a line of research that perform website fingerprinting attacks. We develop a sequence of attacks with progressively decreasing dependency on JavaScript features, culminating in the first browser-based side-channel attack which is constructed entirely from Cascading Style Sheets (CSS), and therefore works even when script execution is completely blocked.

Download links