在瀏覽器上面用 JavaScript 進行 Side-channel attack

用 JavaScript 就可以攻擊 L3 cache,進而取得資料:「JavaScript CPU cache snooper tells crooks EVERYTHING you do online」。

論文出自「The Spy in the Sandbox – Practical Cache Attacks in Javascript」(PDF) 這篇。

不需要任何外掛或 exploit,就純粹是利用 cache 反應時間的 side-channel attack。另外由於 AMD 的 cache 架構不同,這次的攻擊實作僅對 Intel 有效:

The Intel cache micro-architecture isinclusive– all elements in the L1 cache must also exist in the L2 and L3 caches. Conversely, if a memory element is evicted fromthe L3 cache, it is also immediately evicted from the L2 and L1 cache. It should be noted that the AMD cachemicro-architecture is exclusive, and thus the attacks described in this report are not immediately applicable tothat platform.

這次的攻擊方法真變態...

This entry was posted in Browser, Computer, Firefox, GoogleChrome, Hardware, IE, Murmuring, Network, Safari, Security, Software, WWW and tagged , , , , , , , , , , , , , . Bookmark the permalink.

One Response to 在瀏覽器上面用 JavaScript 進行 Side-channel attack

  1. Kuon says:

    SCA 問題,想像力才是極限!

Leave a Reply

Your email address will not be published. Required fields are marked *