Browser Based Side-Channel Defenses Datasets

The "eternal war in cache" has reached browsers, with multiple cache-based side-channel attacks and countermeasures being suggested. A common approach for countermeasures is to disable or restrict JavaScript features deemed essential for carrying out attacks.To assess the effectiveness of this approach, in this work we seek to identify those JavaScript features which are essential for carrying out a cache-based attack. We develop a sequence of attacks with progressively decreasing dependency on JavaScript features, culminating in the first browser-based side-channel attack which is constructed entirely from Cascading Style Sheets (CSS) and HTML, and works even when script execution is completely blocked. We then show that avoiding JavaScript features makes our techniques architecturally agnostic, resulting in microarchitectural website fingerprinting attacks that work across hardware platforms including Intel Core, AMD Ryzen, Samsung Exynos, and Apple M1 architectures.As a final contribution, we evaluate our techniques in hardened browser environments including the Tor browser, DeterFox (Cao et al., CCS 2017), and Chrome Zero (Schwartz et al., NDSS 2018). We confirm that none of these approaches completely defend against our attacks. We further argue that the protections of Chrome Zero need to be more comprehensively applied, and that the performance and user experience of Chrome Zero will be severely degraded if this approach is taken.

‘缓存之永恒之战’已蔓延至浏览器领域，诸多基于缓存的旁路攻击及其防御策略相继被提出。一种常见的防御手段是禁用或限制执行攻击所必需的JavaScript特性。为了评估此方法的效能，本研究旨在辨识执行基于缓存的攻击所不可或缺的JavaScript特性。我们开发了一系列攻击手段，其依赖JavaScript特性的程度逐渐降低，最终实现了首个完全由层叠样式表（CSS）和HTML构建的、即使在脚本执行完全被阻止的情况下也能运作的基于浏览器的旁路攻击。随后，我们表明避免使用JavaScript特性使得我们的技术具有架构上的中立性，进而导致能够在包括英特尔酷睿、AMD 锐龙、三星 Exynos 以及苹果 M1 架构在内的多个硬件平台上运行的微架构网站指纹识别攻击。作为最后的贡献，我们在强化浏览器环境中评估了我们的技术，包括洋葱路由浏览器、DeterFox（Cao 等，CCS 2017）、以及Chrome Zero（Schwartz 等，NDSS 2018）。我们证实上述方法均无法完全抵御我们的攻击。我们进一步认为，Chrome Zero 的防护措施需要得到更全面的实施，且若采取此策略，Chrome Zero 的性能与用户体验将遭受严重损害。