- From: Anssi Kostiainen via GitHub <sysbot+gh@w3.org>
- Date: Mon, 05 Jun 2023 09:25:33 +0000
- To: public-device-apis-log@w3.org
As discussed in the context of #216 I'd recommend incorporating this proposed cross-site covert channel attack into the Types of privacy and security threats section to ensure this is carefully considered and mitigations improved as appropriate. @pes10k, PTAL this strawman proposal inspired by your contribution and provide feedback and suggestions for further improvements: > Cross-site covert channel > >In computer security a covert channel creates a capability to transfer information between processes that are not supposed to be allowed to communicate. In modern multi-process web engines in the generic case each window or tab resides in its own process (documents that have the [same origin](https://html.spec.whatwg.org/#same-origin) or sites that have the [same site](https://html.spec.whatwg.org/#concept-site-same-site) typically share the same process). Using this API it may be possible to create a cross-site covert channel C where a site A on one tab first writes to the channel C after having manipulated the state of the CPU. Next a site B (that is not same site with site A) on another tab reads from the channel C by using this API to learn when the state of the CPU has changed. This process is repeated as long as the scripts run on both the sites A and B. > >This attack is in part mitigated by Rate-limiting change notifications. Implementers are advised to consider additional mitigations for long-running scripts. > >NOTE >The longer the scripts run the more information can be transmitted using the proposed cross-site covert channel. For example, if a user is on a video conferencing site and another long-running site that allows for more information to be transferred compared to regular browsing scenario. -- GitHub Notification of comment by anssiko Please view or discuss this issue at https://github.com/w3c/compute-pressure/issues/197#issuecomment-1576447660 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Monday, 5 June 2023 09:25:35 UTC