W3C home > Mailing lists > Public > public-fx@w3.org > October to December 2011

Re: Timing attacks against CSS Shaders

From: Tab Atkins Jr. <jackalmage@gmail.com>
Date: Sun, 4 Dec 2011 10:16:31 -0800
Message-ID: <CAAWBYDC95Qag4y3hbVnonVNSLctQ2CDsnhcdcQ_-MZYN9aBHhA@mail.gmail.com>
To: Rik Cabanier <cabanier@gmail.com>
Cc: Adam Barth <w3c@adambarth.com>, public-fx@w3.org, Dean Jackson <dino@apple.com>, Vincent Hardy <vhardy@adobe.com>, Thomas Roessler <tlr@w3.org>
On Sun, Dec 4, 2011 at 10:04 AM, Rik Cabanier <cabanier@gmail.com> wrote:
> Hi Adam,
>
> I don't know much about timing attacks so I have a question.
> Since the browser directs the GPU to run the shaders and composite their
> output, the end result is invisible to the attacker since there is no
> mechanism to get this bitmap data back.
> The shaders also have no means to communicate through script  since they can
> only manipulate pixels.
>
> In this scenario, how would information ever leak?
> WebGL is different since you have access to the entire OpenGL stack which
> allows you to do more complex operations such as reading back data.

The information is read back through the "timing channel", thus the
name.  This is done by making an operation take more or less time
based on the information you want to extract, so you can read data out
just by watching how long an operation took to complete, even if the
language doesn't offer any way to get the data out normally.
http://en.wikipedia.org/wiki/Timing_attack

~TJ
Received on Sunday, 4 December 2011 18:17:20 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Sunday, 4 December 2011 18:17:20 GMT