Re: [compute-pressure] Feature can be abused to create cross-site covert channels (#197)

As discussed in the context of #216 I'd recommend incorporating this proposed cross-site covert channel attack into the Types of privacy and security threats section to ensure this is carefully considered and mitigations improved as appropriate.

@pes10k, PTAL this strawman proposal inspired by your contribution and provide feedback and suggestions for further improvements:

> Cross-site covert channel
>In computer security a covert channel creates a capability to transfer information between processes that are not supposed to be allowed to communicate. In modern multi-process web engines in the generic case each window or tab resides in its own process (documents that have the [same origin]( or sites that have the [same site]( typically share the same process). Using this API it may be possible to create a cross-site covert channel C where a site A on one tab first writes to the channel C after having manipulated the state of the CPU. Next a site B (that is not same site with site A) on another tab reads from the channel C by using this API to learn when the state of the CPU has changed. This process is repeated as long as the scripts run on both the sites A and B.
>This attack is in part mitigated by Rate-limiting change notifications. Implementers are advised to consider additional mitigations for long-running scripts.
>The longer the scripts run the more information can be transmitted using the proposed cross-site covert channel. For example, if a user is on a video conferencing site and another long-running site that allows for more information to be transferred compared to regular browsing scenario.

GitHub Notification of comment by anssiko
Please view or discuss this issue at using your GitHub account

Sent via github-notify-ml as configured in

Received on Monday, 5 June 2023 09:25:35 UTC