Securing Timeout Instructions in Web Applications

Timeout mechanisms are a useful feature for web applications. However, these mechanisms need to be used with care because, if used as-is, they are vulnerable to timing attacks. This paper focuses on internal timing attacks, a particularly dangerous class of timing attacks, where the attacker needs n...

Full description

Saved in:
Bibliographic Details
Published in:2009 22nd IEEE Computer Security Foundations Symposium pp. 92 - 106
Main Authors: Russo, A., Sabelfeld, A.
Format: Conference Proceeding
Language:English
Published: IEEE 01.07.2009
Subjects:
Application software
Clocks
Computer security
Context modeling
Data security
Information security
information-flow
internal timing covert channel
Java
Monitoring
non-interference
Runtime
timeouts
Timing
web security
ISBN:076953712X, 9780769537122
ISSN:1063-6900
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Timeout mechanisms are a useful feature for web applications. However, these mechanisms need to be used with care because, if used as-is, they are vulnerable to timing attacks. This paper focuses on internal timing attacks, a particularly dangerous class of timing attacks, where the attacker needs no access to a clock. In the context of client-side web application security, we present JavaScript-based exploits against the timeout mechanism of the DOM (document object model), supported by the modern browsers. Our experimental findings reveal rather liberal choices for the timeout semantics by different browsers and motivate the need for a general security solution. We propose a foundation for such a solution in the form of a runtime monitor. We illustrate for a simple language that, while being more permissive than a typical static analysis, the monitor enforces termination-insensitive noninterference.
ISBN:076953712X
9780769537122
ISSN:1063-6900
DOI:10.1109/CSF.2009.16