Re: [compute-pressure] Feature can be abused to create cross-site covert channels (#197)

As discussed in the context of #216 I'd recommend incorporating this proposed cross-site covert channel attack into the Types of privacy and security threats section to ensure this is carefully considered and mitigations improved as appropriate.

@pes10k, PTAL this strawman proposal inspired by your contribution and provide feedback and suggestions for further improvements:

> Cross-site covert channel
>
>In computer security a covert channel creates a capability to transfer information between processes that are not supposed to be allowed to communicate. In modern multi-process web engines in the generic case each window or tab resides in its own process (documents that have the [same origin](https://html.spec.whatwg.org/#same-origin) or sites that have the [same site](https://html.spec.whatwg.org/#concept-site-same-site) typically share the same process). Using this API it may be possible to create a cross-site covert channel C where a site A on one tab first writes to the channel C after having manipulated the state of the CPU. Next a site B (that is not same site with site A) on another tab reads from the channel C by using this API to learn when the state of the CPU has changed. This process is repeated as long as the scripts run on both the sites A and B.
>
>This attack is in part mitigated by Rate-limiting change notifications. Implementers are advised to consider additional mitigations for long-running scripts.
>
>NOTE
>The longer the scripts run the more information can be transmitted using the proposed cross-site covert channel. For example, if a user is on a video conferencing site and another long-running site that allows for more information to be transferred compared to regular browsing scenario.

-- 
GitHub Notification of comment by anssiko
Please view or discuss this issue at https://github.com/w3c/compute-pressure/issues/197#issuecomment-1576447660 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Monday, 5 June 2023 09:25:35 UTC