Tick Tock: Building Browser Red Pills from Timing Side Channels
نویسندگان
چکیده
Red pills allow programs to detect if their execution environment is a CPU emulator or a virtual machine. They are used by digital rights management systems and by malware authors. In this paper we study the possibility of browser-based red pills, namely red pills implemented as Javascript that runs in the browser and attempts to detect if the browser is running inside a virtual machine. These browser red pills can limit the effectiveness of Web malware scanners: scanners that detect drive-by downloads and other malicious content by crawling the Web using a browser in an emulated environment. We present multiple browser red pills that are robust across browser platforms and emulation technology. We also discuss potential mitigations that Web scanners can use to thwart some of these red pills.
منابع مشابه
Trusted Browsers for Uncertain Times
JavaScript in one origin can use timing channels in browsers to learn sensitive information about a user’s interaction with other origins, violating the browser’s compartmentalization guarantees. Browser vendors have attempted to close timing channels by trying to rewrite sensitive code to run in constant time and by reducing the resolution of reference clocks. We argue that these ad-hoc effort...
متن کاملToward Exposing Timing-Based Probing Attacks in Web Applications †
Web applications have become the foundation of many types of systems, ranging from cloud services to Internet of Things (IoT) systems. Due to the large amount of sensitive data processed by web applications, user privacy emerges as a major concern in web security. Existing protection mechanisms in modern browsers, e.g., the same origin policy, prevent the users' browsing information on one webs...
متن کاملGlobal Product Development in Semiconductor industry
This thesis investigates on changes in semiconductor industry's product development methodology by following Intel's product development from year 2000. Intel was challenged by customer's preference change, competitors new enhanced product, internet bubble burst economy, and miss steps in the business strategy. Dynamics of these challenges drove Intel to develop a new product strategy: Tick-Toc...
متن کاملPractical Keystroke Timing Attacks in Sandboxed JavaScript
Keystrokes trigger interrupts which can be detected through software side channels to reconstruct keystroke timings. Keystroke timing attacks use these side channels to infer typed words, passphrases, or create user fingerprints. While keystroke timing attacks are considered harmful, they typically require native code execution to exploit the side channels and, thus, may not be practical in man...
متن کاملThe Tick-Tock of Language: Is Language Processing Sensitive to Circadian Rhythmicity and Elevated Sleep Pressure? Jessica Rosenberg, Kathrin Pusch, Rainer Dietrich, and Christian Cajochen THE TICK-TOCK OF LANGUAGE: IS LANGUAGE PROCESSING SENSITIVE TO CIRCADIAN RHYTHMICITY AND ELEVATED SLEEP PRESSURE?
Q1 No reference provided for Foster & Kreitzmann 2004; please resolve. Q2 No reference provided for Hastings 2003; please resolve. Q3 No reference provided for Akerstedt & Gillberg 1990; please resolve. Q4 No reference provided for Dinges & Kribbs 1991; please resolve. Q5 Reference lists the year for Akerstedt et al. as 2008; please resolve. Q6 If not cited, please cite or delete Curran-Everett...
متن کامل