Publication: Not So Incognito: Exploiting Resource-Based Side Channels in JavaScript Engines
No Thumbnail Available
Date
2015-06-26
Authors
Published Version
Published Version
Journal Title
Journal ISSN
Volume Title
Publisher
The Harvard community has made this article openly available. Please share how this access benefits you.
Citation
Booth, Jo. 2015. Not So Incognito: Exploiting Resource-Based Side Channels in JavaScript Engines. Bachelor's thesis, Harvard College.
Research Data
Abstract
In this thesis, a resource-based side channel vulnerability is shown to exist in the JavaScript engines deployed in today's front-running internet browsers. A remote attack is constructed to exploit this vulnerability at a distance, and three distinct attacker models leveraging the side channel are presented. The platform independence of this attack is established, and the implications of the attack for web security are discussed. An implementation of the attack utilizing classification via machine learning techniques is presented and evaluated. Several mitigation strategies for eliminating the threat are then proposed.
Description
Other Available Sources
Keywords
Computer Science
Terms of Use
This article is made available under the terms and conditions applicable to Other Posted Material (LAA), as set forth at Terms of Service