trusted browsers for uncertain times
play

Trusted Browsers for Uncertain Times David Kohlbrenner and Hovav - PowerPoint PPT Presentation

May 12, 2023 •521 likes •1.39k views

Trusted Browsers for Uncertain Times David Kohlbrenner and Hovav Shacham UC San Diego Building a browser that can provably mitigate timing attacks Trusted Browsers Time and web browsers Mitigating attacks for A trusted browser

  1. Trusted Browsers for Uncertain Times David Kohlbrenner and Hovav Shacham UC San Diego

  2. Building a browser that can provably mitigate timing attacks

  3. Trusted Browsers Time and web browsers ● Mitigating attacks ● for A trusted browser ● Uncertain Times A (less) trusted browser ●

  4. Time and web browsers ● Mitigating attacks ● Timing attacks A trusted browser ● A (less) trusted browser ●

  5. Browsers and timing attacks Browser has multiple privilege levels ● User secrets ○ ○ System secrets Origin secrets ○ ● Browsers expose detailed information performance.now() ○ getAnimationFrame() ○ Browsers compute and communicate between levels ●

  6. Timing attacks in web browsers SVG Filter cross-origin pixel stealing ● ● JavaScript cache timing attacks Fingerprinting ● ● History Sniffing

  7. What is being done about it? - SVG attack

  8. What is being done about it? - Cache attack

  9. What is being done about it? - Cache attack

  10. Unfortunately, this doesn’t work.

  11. Better clocks Time and web browsers ● Mitigating attacks ● with edges A trusted browser ● A (less) trusted browser ●

  12. Rounding down the clock

  13. Clock-edge technique

  14. Clock-edge technique - performance.now()

  15. Clock-edge technique - performance.now()

  16. Implicit clocks Time and web browsers ● Mitigating attacks ● in the browser A trusted browser ● A (less) trusted browser ●

  17. Implicit clocks - Techniques <video> frames ● Web Speech ● ● <video> played ● setTimeout() CSS Animations ● WebVTT API ● ● XHRs with cooperating server

  18. Implicit clocks - Techniques <video> frames ● Web Speech ● ● <video> played ● setTimeout() CSS Animations ● WebVTT API ● ● XHRs with cooperating server Probably many many more!

  19. Implicit clocks - WebVTT Subtitles for <video> elements ● ● Specified in a .vtt file WEBVTT ○ 00:00:00.000 --> 00:00:00.001 A very short duration subtitle Specifies arbitrary subtitles with 1ms granularity ● track.activeCues returns all displayed subtitles ●

  20. Implicit clocks - WebVTT

  21. Implicit clocks - WebVTT and clock-edge

  22. How to mitigate Time and web browsers ● Mitigating attacks ● timing attacks A trusted browser ● A (less) trusted browser ●

  23. Degrade all clocks available to the attacker.

  24. Fuzzy time for the VAX security kernel “[ A ] collection of techniques that reduces the bandwidths of covert timing ● channels by making all clocks available to a process noisy.” “Reducing Timing Channels with Fuzzy Time” ● ○ Hu at Oakland 1991!

  25. Covert channels Two clocks ● ● Modulated The channel ○ Reference ● Wall clock, etc ○

  26. Fuzzy time for the VAX security kernel VAX VMM ● ○ Single thread per VM Clean VM interface ○ All I/O is asynchronous ●

  27. Fuzzy time - Problem Ineffective countermeasures to disk covert channel ● ○ Cannot be closed Not auditable ○ Added noise impractical ○ No hardware solution ○ ● Plenty of other potential ‘shared buses’

  28. Fuzzy time - Solution “reduce the accuracy and precision of system clocks” ● ● “randomly alter the timings of I/O operations”

  29. Fuzzy time - Solution Explicit clocks ● ○ “make the interval-timer interrupt random”

  30. Fuzzy time - Solution Explicit clocks ● ○ “make the interval-timer interrupt random”

  31. Fuzzy time - Solution Explicit clocks ● ○ “make the interval-timer interrupt random” Implicit clocks ● “[use] random clock ticks … to make fuzzy the clocks derived ○ from I/O operations” “Add new buffers … for all I/O operations” ○

  32. Fuzzy time - Solution guarantees Degraded clocks ● Limit the bandwidth ○ Time granularity ● g ○ Bounded channel bandwidth ● For any timing covert channel ○ ~ ○

  33. Fuzzy time - I/O queuing Response queue Currently queued Active Active Active Next queue Todo

  34. Fuzzy time - I/O queuing Response queue Currently queued Active Active Active Next queue Todo Todo

  35. Fuzzy time - I/O queuing Response queue Currently queued Active Active Active Next queue Todo Todo

  36. Fuzzy time - I/O queuing Response queue Currently queued Done Active Active Todo Next queue Todo Todo

  37. Fuzzy time - I/O queuing Response queue Currently queued Done Done Active Todo Todo Next queue Todo Todo

  38. Fuzzy time - I/O queuing Response queue Currently queued Done Done Active Active Active Todo Todo Next queue Todo Todo

  39. Fuzzy time - I/O queuing Response queue Currently queued Done Done Active Active Active Todo Todo Next queue

  40. Fuzzy time - I/O queuing Response queue Currently queued Done Done Active Active Active Todo Todo Next queue

  41. Fuzzy time - I/O queuing Response queue Currently queued Done Done Active Active Active Next queue

  42. Time and web browsers ● Mitigating attacks ● Fermata A trusted browser ● A (less) trusted browser ●

  43. Fermata - Why adapt fuzzy time? Degrade clocks ● Slow down attacks ○ Verifiability ● ● Browsers are uniquely well suited

  44. Fermata - Fuzzy time for browsers Adapt the VAX fuzzy time model to JS etc! ● ● Put all I/O operations into queues Make all the explicit clocks fuzzy ● h t i w ! ● Prove everything falls into a fuzzy time defense t p t i u r c B S a v a J

  45. Fermata - Fuzzy time for browsers Adapt the VAX fuzzy time model to JS etc! ● ● Put all I/O operations into queues Make all the explicit clocks fuzzy ● h t i w ! ● Prove everything falls into a fuzzy time defense t p t i u r c B S a v Change all DOM accesses to be asynchronous! ● a J

  46. Time and web browsers ● Mitigating attacks ● Fuzzyfox A trusted browser ● Rationale and design A (less) trusted browser ●

  47. Why we didn’t build Fermata 1. We didn’t know if it would work 2. We didn’t know what to start with 3. We want to push mitigations to real browsers

  48. Fuzzyfox Patch set on trunk Mozilla Firefox ● ● Supports multiple clock granularities Tested 0.5ms to 100ms ○ Fully fuzzes explicit clocks ● Breaks main thread into ‘ticks’ ● Delays outgoing HTTP request start ●

  49. Fuzzyfox - Main thread queuing Current queue Next queue

  50. Fuzzyfox - Main thread queuing Current queue Done Done Active Todo Todo Next queue Todo Todo

  51. Fuzzyfox - Main thread queuing Current queue Done Done Active Todo Todo Next queue Todo Todo Todo

  52. Fuzzyfox - Main thread queuing Current queue Done Done Active Todo Todo Next queue Todo Todo Todo

  53. Fuzzyfox - Main thread queuing Current queue Done Done Active Todo Todo Pause Next queue Todo Todo Todo

  54. Fuzzyfox - Main thread queuing Current queue Next queue Done Done Active Todo Todo Pause Todo Todo Todo

  55. Fuzzyfox - Main thread queuing Current queue Done Done Active Todo Todo Pause Todo Todo Todo

  56. Fuzzyfox - Main thread queuing Current queue Done Done Done Active Todo Pause Todo Todo Todo

  57. Fuzzyfox - Main thread queuing Current queue Done Done Done Done Active Pause Todo Todo Todo Todo

  58. Fuzzyfox - Main thread queuing Current queue Done Done Done Done Done Pause Todo Todo Todo Todo

  59. Fuzzyfox - Main thread queuing Current queue Done Done Done Done Done Pause Todo Todo Todo Todo Pause

  60. Fuzzyfox - Main thread queuing Current queue Done Done Done Done Done Pause Active Todo Todo Todo Pause

  61. Fuzzyfox - Main thread queuing Current queue Done Done Done Done Done Pause Done Active Todo Todo Pause Todo

  62. Fuzzyfox - Main thread queuing Queue 1 Done Done Done Done Done Pause Queue 2 Done Active Todo Todo Pause Queue 3 Todo

  63. Fuzzyfox - Main thread queuing Current queue Done Done Done Done Done Pause Done Active Todo Todo Pause Todo Epoch Epoch Epoch

  64. Fuzzyfox - Main thread queuing Current queue Done Done Done Done Done Pause Done Active Todo Todo Pause Todo Epoch Epoch Epoch

  65. Fuzzyfox - Main thread queuing ● Sleep Update clocks ● ● Flush queues Schedule next pause ● Current queue Done Done Done Done Done Pause Done Active Todo Todo Pause Todo Epoch Epoch Epoch

  66. Time and web browsers ● Mitigating attacks ● Fuzzyfox A trusted browser ● Effectiveness A (less) trusted browser ●

  67. Fuzzyfox - Effectiveness - Explicit - performance.now() Firefox Fuzzyfox

  68. Fuzzyfox - Effectiveness - Implicit - WebVTT clock Firefox Fuzzyfox

  69. Time and web browsers ● Mitigating attacks ● Fuzzyfox A trusted browser ● Performance A (less) trusted browser ●

  70. Fuzzyfox - Performance “Micro” performance ● Synthetic microbenchmark page load times ○ ● “Macro” performance Real website load times ○ Interactivity ● User study ○

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

COVID-19 VIRTUAL FORUM STRATEGY IN UNCERTAIN TIMES COVID-19: STRATEGY IN UNCERTAIN TIMES APRIL

COVID-19 VIRTUAL FORUM STRATEGY IN UNCERTAIN TIMES COVID-19: STRATEGY IN UNCERTAIN TIMES APRIL

COVID-19 VIRTUAL FORUM STRATEGY IN UNCERTAIN TIMES COVID-19: STRATEGY IN UNCERTAIN TIMES APRIL 2020 RODNEY WILLIAM DAVID COVID-19: STRATEGY IN UNCERTAIN TIMES APRIL 2020 UNCERTAIN TIMES COVID-19: STRATEGY IN UNCERTAIN TIMES APRIL 2020 WE

1.06k views • 47 slides
New Encryp+on Primi+ves for Uncertain Times Thomas Ristenpart

New Encryp+on Primi+ves for Uncertain Times Thomas Ristenpart

New Encryp+on Primi+ves for Uncertain Times Thomas Ristenpart University of Wisconsin Covering joint work with: Sco@ Coull, Kevin Dyer, Ari Juels,

751 views • 54 slides
New New Amsterdam In these uncertain times, New York is at risk: as a global leader and by the

New New Amsterdam In these uncertain times, New York is at risk: as a global leader and by the

New New Amsterdam In these uncertain times, New York is at risk: as a global leader and by the very real threat of rising seas. Global socio-economic shifts and climate change are deftly eroding the metropolis, once the apotheosis of the

620 views • 31 slides
How sustainable are Scotlands finances? Financial planning in uncertain times Caroline

How sustainable are Scotlands finances? Financial planning in uncertain times Caroline

How sustainable are Scotlands finances? Financial planning in uncertain times Caroline Gardner 12 November 2019 Public sector landscape Decade of austerity Economic uncertainty Increased demand for Ageing population services EU

106 views • 8 slides
Expect the unexpected? Retirement planning in uncertain times For advisers only Not for

Expect the unexpected? Retirement planning in uncertain times For advisers only Not for

Expect the unexpected? Retirement planning in uncertain times For advisers only Not for use with retail customers Learning Objectives To be able to demonstrate an understanding of: Planning The suitability and implications from

631 views • 21 slides
July 27, 2020 An Encouraging Word For Uncertain Seasons God is the Lord of all times and

July 27, 2020 An Encouraging Word For Uncertain Seasons God is the Lord of all times and

July 27, 2020 An Encouraging Word For Uncertain Seasons God is the Lord of all times and seasons in life. Some times are hard, some seasons are dry. Therefore, God is Lord of hard times and dry seasons. I dont know if Charles Swindoll

319 views • 7 slides
Stepping into Our Power in Uncertain Times KIM MENINGER EXECUTIVE COACH SEPTEMBER 16, 2020

Stepping into Our Power in Uncertain Times KIM MENINGER EXECUTIVE COACH SEPTEMBER 16, 2020

BOSTON COLLEGE WORLDWIDE WEBINARS Stepping into Our Power in Uncertain Times KIM MENINGER EXECUTIVE COACH SEPTEMBER 16, 2020 Agenda Current landscape Key Benefits Common Challenges 3-Step Framework Q&amp;A Breakout

353 views • 16 slides
WELLNESS &amp; SELF CARE AN UPDATE Practicing Wellness and Self-Care in Uncertain Times

WELLNESS &amp; SELF CARE AN UPDATE Practicing Wellness and Self-Care in Uncertain Times

WELLNESS &amp; SELF CARE AN UPDATE Practicing Wellness and Self-Care in Uncertain Times Heather Pierucki, LMHC / Counselor &amp;Clinical Consultant Setting Intentions A self-interactive, dynamic discussion of wellness, self care, and

722 views • 21 slides
Managing Stress &amp; Anxiety Managing Stress &amp; Anxiety During Uncertain Times During

Managing Stress &amp; Anxiety Managing Stress &amp; Anxiety During Uncertain Times During

Managing Stress &amp; Anxiety Managing Stress &amp; Anxiety During Uncertain Times During Uncertain Times This webinar begins at 2:00pm. This webinar begins at 2:00pm. Moderator: Moderator: Speaker: Speaker: Jeremiah Dahlen, LPC, CEAP

788 views • 19 slides
Dynamic Adaptation of DAGs with Uncertain Execution Times in Heterogeneous Computing Systems Qin

Dynamic Adaptation of DAGs with Uncertain Execution Times in Heterogeneous Computing Systems Qin

Dynamic Adaptation of DAGs with Uncertain Execution Times in Heterogeneous Computing Systems Qin Zheng Institute of High Performance Computing Agency for Science, Technology and Research (A*Star), Singapore Background on DAG Scheduling

296 views • 16 slides
Budgeting in Uncertain Times Forecasting in Todays Climate and for Tomorrows Unknowns.

Budgeting in Uncertain Times Forecasting in Todays Climate and for Tomorrows Unknowns.

Budgeting in Uncertain Times Forecasting in Todays Climate and for Tomorrows Unknowns. LUNCH AND LEARN Agenda 1. Current Consumer Sentiment and Behavior 2. Historical Context 3. Current Trends 4. Short-term: Re-forecasting Now

819 views • 56 slides
Coping During Uncertain Times In conversation with Dr. John Pompe &amp; Jennifer Carlock, LCSW

Coping During Uncertain Times In conversation with Dr. John Pompe &amp; Jennifer Carlock, LCSW

Coping During Uncertain Times In conversation with Dr. John Pompe &amp; Jennifer Carlock, LCSW Caterpillar Employee Assistance Program (EAP) August 5-6, 2020 Caterpillar: Confidential Green Safety Reminders for Remote Work Emergency Phone

356 views • 18 slides
Dividends Plus: Building Wealth and Growing Income in Uncertain Times Roger S. Conrad Conrads

Dividends Plus: Building Wealth and Growing Income in Uncertain Times Roger S. Conrad Conrads

Dividends Plus: Building Wealth and Growing Income in Uncertain Times Roger S. Conrad Conrads Utility Investor Washington D.C. AAII January 2019 Briefing Objectives Income Investing: Still the Winners Game butThe Rules have

672 views • 35 slides
Weak Investment in Uncertain Times: Causes, Implications, and Policy Responses M. Ayhan Kose,

Weak Investment in Uncertain Times: Causes, Implications, and Policy Responses M. Ayhan Kose,

1/17/2017 Weak Investment in Uncertain Times: Causes, Implications, and Policy Responses M. Ayhan Kose, Franziska Ohnsorge, Lei Sandy Ye, and Ergys Islamaj January 2017 Three Questions 1 What are the main features of the investment slowdown

226 views • 10 slides
Recommended FY 2021 Budget Budgeting in Uncertain Times Presented by: Suzanne Ludlow. City

Recommended FY 2021 Budget Budgeting in Uncertain Times Presented by: Suzanne Ludlow. City

#TogetherTKPK Recommended FY 2021 Budget Budgeting in Uncertain Times Presented by: Suzanne Ludlow. City Manager April 6, 2020 1 Big Picture The proposed FY21 Budget, which was mostly prepared before the Covid-19 emergency was

259 views • 22 slides
Managing money in uncertain times Graeme Krner &amp; Jean Hamann 13 th October 2018 South

Managing money in uncertain times Graeme Krner &amp; Jean Hamann 13 th October 2018 South

Managing money in uncertain times Graeme Krner &amp; Jean Hamann 13 th October 2018 South African Politics Indulge me SA in 2017 SA in 2018so much has changed But it isnt easy.. Challenges remain The ANC is fractured CR

785 views • 57 slides
CS6480: Real-Time and Composition Robbert van Renesse Cornell University Based on Chapters 9

CS6480: Real-Time and Composition Robbert van Renesse Cornell University Based on Chapters 9

CS6480: Real-Time and Composition Robbert van Renesse Cornell University Based on Chapters 9 and 10 of Specifying Systems by Leslie Lamport Recall: HourClock Recall: HourClock Can we create an HourClock that ticks (approximately) once

717 views • 23 slides
Lecture 3: MIPS Instruction Set Todays topic: Wrap-up of performance equations MIPS

Lecture 3: MIPS Instruction Set Todays topic: Wrap-up of performance equations MIPS

Lecture 3: MIPS Instruction Set Todays topic: Wrap-up of performance equations MIPS instructions HW1 is due on Thursday TA office hours posted 1 A Primer on Clocks and Cycles 2 Performance Equation - I CPU execution

1.16k views • 26 slides
recob::Wire Modifications Bruce Baller March 26, 2014 Outline Motivation for changing

recob::Wire Modifications Bruce Baller March 26, 2014 Outline Motivation for changing

recob::Wire Modifications Bruce Baller March 26, 2014 Outline Motivation for changing recob::Wire Regions Of Interest (ROIs) concept Implementation for MicroBooNE Pros and Cons Slides for later discussion Ruminations on

368 views • 17 slides
Scheduling, part 2 Don Porter CSE 506 Logical Diagram Binary Memory Threads Formats

Scheduling, part 2 Don Porter CSE 506 Logical Diagram Binary Memory Threads Formats

Scheduling, part 2 Don Porter CSE 506 Logical Diagram Binary Memory Threads Formats Allocators User Todays Lecture System Calls Switching to CPU Kernel scheduling RCU File System Networking Sync Memory CPU Device Management

455 views • 32 slides
Boosting Simulation Performance with Python Eran Friedman How to use Discrete-Event Simulation

Boosting Simulation Performance with Python Eran Friedman How to use Discrete-Event Simulation

Boosting Simulation Performance with Python Eran Friedman How to use Discrete-Event Simulation to run your system faster than real-time? Background About Me Eran Friedman Team lead @ Fabric Nowadays developing the Ground Robot

652 views • 46 slides
An LLVM based Loop Profiler Shalini Jain * , Kamlesh Kumar + , Suresh Purini $ , Dibyendu Das ,

An LLVM based Loop Profiler Shalini Jain * , Kamlesh Kumar + , Suresh Purini $ , Dibyendu Das ,

An LLVM based Loop Profiler Shalini Jain * , Kamlesh Kumar + , Suresh Purini $ , Dibyendu Das , Ramakrishna Upadrasta * Indian Institute of Technology, Hyderabad * National Institute of Technology, Manipur + International Institute of Information

544 views • 17 slides
Optimising Quantified Expressions in Constraint Models Ian P. Gent, Ian Miguel and Andrea Rendl

Optimising Quantified Expressions in Constraint Models Ian P. Gent, Ian Miguel and Andrea Rendl

Optimising Quantified Expressions Optimising Quantified Expressions in Constraint Models Ian P. Gent, Ian Miguel and Andrea Rendl University of St Andrews, UK AIT Austrian Institute of Technology, Austria September 2010 Workshop on Modelling

1.16k views • 88 slides
CMSIS Real Time Operating System (Based on Free RTOS) References:

CMSIS Real Time Operating System (Based on Free RTOS) References:

CMSIS Real Time Operating System (Based on Free RTOS) References: HTTPS://developer.mbed.org/handbook/CMSIS-RTOS http://www.keil.com/pack/doc/CMSIS/RTOS2/html/index.html uVision5 Books Pane: MDK-ARM Getting Started (PDF), CMSIS-RTOS2

1.34k views • 37 slides

More recommend