Re: Documenting Timing Attacks in Rendering Engines

On Fri, Dec 9, 2011 at 3:44 PM, Vincent Hardy <vhardy@adobe.com> wrote:
> For the record, here are the points we presented the FX group during the
> last face to face:
>
> - Timing attackes rely on inferring rendered content from the time it takes
> to render it
> - Timing attacks were demonstrated attack in WebGL
> - There are differences between CSS shaders and WebGL (different timing
> mechanisms)
> - Possible solution:
>      - CORS
>      - Mandate that UAs do not give out information on rendered content from
> timing (obfuscate the requestAnimationFrame method)
> ========
>
> We decided to explore CORS at this time,

This doesn't make sense.  cross-origin content is *one* information
leak from shaders.  There are many more that Adam Barth has pointed
out, such as :visited status, the user's spellchecking dictionary, the
user's filesystem structure through the display of <input type=file>
in some browsers, etc.  These latter have nothing to do with CORS.

~TJ

Received on Friday, 9 December 2011 23:57:51 UTC