- From: Ralph Thomas <ralpht@gmail.com>
- Date: Sun, 4 Dec 2011 10:51:34 -0800
- To: "Tab Atkins Jr." <jackalmage@gmail.com>
- Cc: Rik Cabanier <cabanier@gmail.com>, Adam Barth <w3c@adambarth.com>, public-fx@w3.org, Dean Jackson <dino@apple.com>, Vincent Hardy <vhardy@adobe.com>, Thomas Roessler <tlr@w3.org>
Would it be possible to disable CSS shaders on a page which uses them and takes too long to composite? The goal of CSS shaders is visually rich _interactive_ experiences, so you could probably make the threshold low enough (100ms?) that timing attacks would be much harder -- especially if rAF is rounded to the vblank interval... Depending on where rendering takes place, the attacker might still have one full iteration of the slow shader to measure though. You might also want this feature so that folks using low-end GPUs don't get non-responsive pages where very complex shaders are employed -- better to have a plain responsive page than a beautiful but unresponsive one. Ralph On Sun, Dec 4, 2011 at 10:16 AM, Tab Atkins Jr. <jackalmage@gmail.com> wrote: > On Sun, Dec 4, 2011 at 10:04 AM, Rik Cabanier <cabanier@gmail.com> wrote: >> Hi Adam, >> >> I don't know much about timing attacks so I have a question. >> Since the browser directs the GPU to run the shaders and composite their >> output, the end result is invisible to the attacker since there is no >> mechanism to get this bitmap data back. >> The shaders also have no means to communicate through script since they can >> only manipulate pixels. >> >> In this scenario, how would information ever leak? >> WebGL is different since you have access to the entire OpenGL stack which >> allows you to do more complex operations such as reading back data. > > The information is read back through the "timing channel", thus the > name. This is done by making an operation take more or less time > based on the information you want to extract, so you can read data out > just by watching how long an operation took to complete, even if the > language doesn't offer any way to get the data out normally. > http://en.wikipedia.org/wiki/Timing_attack > > ~TJ >
Received on Sunday, 4 December 2011 18:52:03 UTC