Not So Incognito: Exploiting Resource-Based Side Channels in JavaScript Engines
View/ Open
BOOTH-SENIORTHESIS-2015.pdf (452.9Kb)
Access Status
Full text of the requested work is not available in DASH at this time ("restricted access"). For more information on restricted deposits, see our FAQ.Author
Metadata
Show full item recordCitation
Booth, Jo. 2015. Not So Incognito: Exploiting Resource-Based Side Channels in JavaScript Engines. Bachelor's thesis, Harvard College.Abstract
In this thesis, a resource-based side channel vulnerability is shown to exist in the JavaScript engines deployed in today's front-running internet browsers. A remote attack is constructed to exploit this vulnerability at a distance, and three distinct attacker models leveraging the side channel are presented. The platform independence of this attack is established, and the implications of the attack for web security are discussed. An implementation of the attack utilizing classification via machine learning techniques is presented and evaluated. Several mitigation strategies for eliminating the threat are then proposed.Terms of Use
This article is made available under the terms and conditions applicable to Other Posted Material, as set forth at http://nrs.harvard.edu/urn-3:HUL.InstRepos:dash.current.terms-of-use#LAACitable link to this page
http://nrs.harvard.edu/urn-3:HUL.InstRepos:17417578
Collections
- FAS Theses and Dissertations [6138]
Contact administrator regarding this item (to report mistakes or request changes)