nach oben

Erschienen in:

2015 | OriginalPaper | Buchkapitel

Practical Memory Deduplication Attacks in Sandboxed Javascript

verfasst von : Daniel Gruss, David Bidner, Stefan Mangard

Erschienen in: Computer Security -- ESORICS 2015

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Page deduplication is a mechanism to reduce the memory footprint of a system. Identical physical pages are identified across borders of virtual machines and programs and merged by the operating system or the hypervisor. However, this enables side-channel information leakage through cache or memory access time. Therefore, it is considered harmful in public clouds today, but it is still considered safe to use in a private environment, i.e., private clouds, personal computers, and smartphones.

We present the first memory-disclosure attack in sandboxed Javascript which exploits page deduplication. Unlike previous attacks, our attack does not require the victim to execute an adversary’s program, but simply to open a website which contains the adversary’s Javascript code. We are not only able to determine which applications are running, but also specific user activities, for instance, whether the user has specific websites currently opened. The attack works on servers, personal computers and smartphones, and across the borders of virtual machines.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel Trustworthy Prevention of Code Injection in Linux on Embedded Devices

Nächstes Kapitel Computational Soundness for Interactive Primitives

Alexa Internet Inc: The top 500 sites on the web, March 2015. http://www.alexa.com/topsites

Bortz, A., Boneh, D.: Exposing private information by timing web applications. In: Williamson, C.L., Zurko, M.E., Patel-Schneider, P.F., Shenoy, P.J. (eds.) Proceedings of the 16th International Conference on World Wide Web, WWW 2007, Banff, Alberta, Canada, May 8–12, 2007. pp. 621–628. ACM (2007). http://doi.acm.org/10.1145/1242572.1242656

Felten, E.W., Schneider, M.A.: Timing attacks on web privacy. In: Gritzalis, D., Jajodia, S., Samarati, P. (eds.) CCS 2000, Proceedings of the 7th ACM Conference on Computer and Communications Security, Athens, Greece, November 1–4, 2000, pp. 25–32. ACM (2000). http://doi.acm.org/10.1145/352600.352606

Google Inc.: Android 4.4 platform optimizations. https://source.android.com/devices/tech/low-ram.html (Feb 2015)

Gullasch, D., Bangerter, E., Krenn, S.: Cache Games - Bringing Access-Based Cache Attacks on AES to Practice. In: IEEE Symposium on Security and Privacy - S&P, pp. 490–505. IEEE Computer Society (2011). http://dx.doi.org/10.1109/SP.2011.22

International Data Corporation: Android and iOS Squeeze the Competition, February 2015. http://www.idc.com/getdoc.jsp?containerId=prUS25450615

Irazoqui, G., Eisenbarth, T., Sunar, B.: Jackpot - Stealing Information From Large Caches via Huge Pages. IACR Cryptology, p. 970, ePrint Archive 2014 (2014). http://eprint.iacr.org/2014/970

Irazoqui, G., Inci, M.S., Eisenbarth, T., Sunar, B.: Fine grain Cross-VM Attacks on Xen and VMware are possible! IACR Cryptology, p. 248, ePrint Archive 2014 (2014). http://eprint.iacr.org/2014/248

Irazoqui, G., Inci, M.S., Eisenbarth, T., Sunar, B.: Wait a minute! a fast, cross-VM attack on AES. In: Stavrou, A., Bos, H., Portokalidis, G. (eds.) RAID 2014. LNCS, vol. 8688, pp. 299–319. Springer, Heidelberg (2014) CrossRef

10.

Karagounis, B., Sinofsky, S.: Reducing runtime memory in Windows 8, October 2011. http://blogs.msdn.com/b/b8/archive/2011/10/07/reducing-runtime-memory-in-windows-8.aspx

11.

Net Applications.com: Desktop Operating System Market Share, February 2015. http://www.netmarketshare.com/operating-system-market-share.aspx

12.

Oren, Y., Kemerlis, V.P., Sethumadhavan, S., Keromytis, A.D.: The Spy in the Sandbox - Practical Cache Attacks in Javascript. ArXiv e-prints, February 2015

13.

Osvik, D.A., Shamir, A., Tromer, E.: Cache attacks and countermeasures: the case of AES. In: Pointcheval, D. (ed.) CT-RSA 2006. LNCS, vol. 3860, pp. 1–20. Springer, Heidelberg (2006) CrossRef

14.

Owens, R., Wang, W.: Non-Interactive OS Fingerprinting Through Memory De-Duplication Technique in Virtual Machines. In: International Performance Computing and Communications Conference - IPCCC, pp. 1–8. IEEE (2011). http://dx.doi.org/10.1109/PCCC.2011.6108094

15.

Stone, P.: Pixel Perfect Timing Attacks with HTML5. Technical report, Context Information Security, June 2013. http://www.contextis.com/files/Browser_Timing_Attacks.pdf

16.

Suzaki, K., Iijima, K., Yagi, T., Artho, C.: Memory Deduplication as a Threat to the Guest OS. In: European Workshop on System Security - EUROSEC, pp. 1–6. ACM (2011). http://doi.acm.org/10.1145/1972551.1972552

17.

Warner, A., Li, Q., Keefe, T.F., Pal, S.: The impact of multilevel security on database buffer management. In: Martella, G., Kurth, H., Montolivo, E., Bertino, Elisa (eds.) ESORICS 1996. LNCS, vol. 1146. Springer, Heidelberg (1996). http://dx.doi.org/10.1007/978-3-319-11379-1_15

18.

Xiao, J., Xu, Z., Huang, H., Wang, H.: A covert channel construction in a virtualized environment. In: Yu, T., Danezis, G., Gligor, V.D. (eds.) the ACM Conference on Computer and Communications Security, CCS 2012, Raleigh, NC, USA, October 16–18, 2012, pp. 1040–1042. ACM (2012). http://doi.acm.org/10.1145/2382196.2382318

19.

Xiao, J., Xu, Z., Huang, H., Wang, H.: Security implications of memory deduplication in a virtualized environment. In: 2013 43rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), Budapest, Hungary, June 24–27, 2013, pp. 1–12. IEEE (2013). http://doi.ieeecomputersociety.org/10.1109/DSN.2013.6575349

20.

Yarom, Y., Falkner, K.: FLUSH+RELOAD: A High Resolution, Low Noise, L3 Cache Side-Channel Attack. In: USENIX Security Symposium, pp. 719–732. USENIX Association (2014). https://www.usenix.org/conference/usenixsecurity14/technical-sessions/presentation/yarom

Titel: Practical Memory Deduplication Attacks in Sandboxed Javascript
verfasst von: Daniel Gruss
David Bidner
Stefan Mangard
Verlag: Springer International Publishing
Buch: Computer Security -- ESORICS 2015
Print ISBN: 978-3-319-24173-9

Electronic ISBN: 978-3-319-24174-6

Copyright-Jahr: 2015
DOI: https://doi.org/10.1007/978-3-319-24174-6_6

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"