Trusted Browsers for Uncertain Times
David Kohlbrenner and Hovav Shacham, University of California, San Diego
JavaScript in one origin can use timing channels in browsers to learn sensitive information about a user’s interaction with other origins, violating the browser’s compartmentalization guarantees. Browser vendors have attempted to close timing channels by trying to rewrite sensitive code to run in constant time and by reducing the resolution of reference clocks.
We argue that these ad-hoc efforts are unlikely to succeed. We show techniques that increase the effective resolution of degraded clocks by two orders of magnitude, and we present and evaluate multiple, new implicit clocks: techniques by which JavaScript can time events without consulting an explicit clock at all.
We show how “fuzzy time” ideas in the trusted operating systems literature can be adapted to building trusted browsers, degrading all clocks and reducing the bandwidth of all timing channels. We describe the design of a next-generation browser, called Fermata, in which all timing sources are completely mediated. As a proof of feasibility, we present Fuzzyfox, a fork of the Firefox browser that implements many of the Fermata principles within the constraints of today’s browser architecture. We show that Fuzzyfox achieves sufficient compatibility and performance for deployment today by privacysensitive users.
In summary:
- We show how an attacker can measure durations in web browsers without querying an explicit clock.
- We show how the concepts of “fuzzy time” can apply to web browsers to mitigate all clocks.
- We present a prototype demonstrating the impact of some of these concepts.
Open Access Media
USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.
author = {David Kohlbrenner and Hovav Shacham},
title = {Trusted Browsers for Uncertain Times},
booktitle = {25th USENIX Security Symposium (USENIX Security 16)},
year = {2016},
isbn = {978-1-931971-32-4},
address = {Austin, TX},
pages = {463--480},
url = {https://www.usenix.org/conference/usenixsecurity16/technical-sessions/presentation/kohlbrenner},
publisher = {USENIX Association},
month = aug
}
connect with us