Mitigate Speculative Side-Channel Attack Techniques

Talk about code development, features, specific bugzilla bugs, enhancements, patches, and other highly technical things.

Moderator: satrow

Forum rules
Please keep everything here strictly on-topic.
This board is meant for Pale Moon source code development related subjects only like code snippets, patches, specific referenced Bugzilla bugs, mercurial, etc.

This is not for tech support! Please do not post tech support questions in the "Development" board!
Please make sure not to use this board for support questions. Most "bug reports" do not belong in this board and should initially be posted in Community Support or other relevant support boards.

Please keep things on-topic as this forum will be used for reference for Pale Moon development. Expect topics that aren't relevant as such to be moved or deleted.
kevopa
Moongazer
Moongazer
Posts: 8
Joined: 2017-07-06, 10:59

Mitigate Speculative Side-Channel Attack Techniques

Unread post by kevopa » 2018-01-04, 15:23

Chrome and Firefox are removing SharedArrayBuffer and limiting the precision of performance.now() to reduce the effect of Meltdown/Spectre:

https://www.chromium.org/Home/chromium-security/ssca
https://blog.mozilla.org/security/2018/ ... ng-attack/

Resources on Meltdown/Spectre:
https://spectreattack.com/spectre.pdf
https://meltdownattack.com/meltdown.pdf
https://googleprojectzero.blogspot.com/ ... -side.html
https://cyber.wtf/2017/07/28/negative-r ... user-mode/

Can the same mitigations be implemented in Pale Moon?

User avatar
[DarKwiN]
Newbie
Newbie
Posts: 5
Joined: 2017-08-30, 08:34

Re: Mitigate Speculative Side-Channel Attack Techniques

Unread post by [DarKwiN] » 2018-01-04, 16:02

And how about first party isolation, too (just in case it isn't already there, or isn't impossible to integrate in PM)?
Thank you!

User avatar
JustOff
Localization Coordinator
Localization Coordinator
Posts: 1759
Joined: 2015-09-03, 19:47
Location: UA
Contact:

Re: Mitigate Speculative Side-Channel Attack Techniques

Unread post by JustOff » 2018-01-04, 16:03

As far as I understand, SharedArrayBuffer implementation in Pale Moon is incomplete, so it is not enabled at all. As for performance.now(), currently it has 10µs resolution, but this can be easily reduced, like it's going to do in other browsers.
Here are the add-ons I made in a spare time. That was fun!

dark_moon

Re: Mitigate Speculative Side-Channel Attack Techniques

Unread post by dark_moon » 2018-01-04, 17:20

Removing SharedArrayBuffer and limiting the precision of performance.now() & first party isolation are importand stuff and need fast implementation

palemon
Moongazer
Moongazer
Posts: 14
Joined: 2016-10-16, 07:48
Location: Germany

Re: Mitigate Speculative Side-Channel Attack Techniques

Unread post by palemon » 2018-01-06, 14:22

Any update on this?

User avatar
Nigaikaze
Board Warrior
Board Warrior
Posts: 1072
Joined: 2014-02-02, 22:15
Location: Chicago, IL, USA

Re: Mitigate Speculative Side-Channel Attack Techniques

Unread post by Nigaikaze » 2018-01-06, 21:12

palemon wrote:Any update on this?
Yeah, according to yesterday's announcement:

https://forum.palemoon.org/viewtopic.ph ... 37#p131437
Nichi nichi kore ko jitsu = Every day is a good day.

HaroldA
New to the forum
New to the forum
Posts: 1
Joined: 2018-01-08, 21:33

Re: Mitigate Speculative Side-Channel Attack Techniques

Unread post by HaroldA » 2018-01-08, 21:50

Per the abstract of Fantastic Timers and Where to Find Them: High-Resolution Microarchitectural Attacks in JavaScript:
Research showed that microarchitectural attacks like cache attacks can be performed through websites using JavaScript. These timing attacks allow an adversary to spy on users secrets such as their keystrokes, leveraging fine-grained timers. However, the W3C and browser vendors responded to this significant threat by eliminating fine-grained timers from JavaScript. This renders previous high-resolution microarchitectural attacks non-applicable.

We demonstrate the ineffcacy of this mitigation by finding and evaluating a wide range of new sources of timing information. We develop measurement methods that exceed the resolution of official timing sources by 3 to 4 orders of magnitude on all major browsers, and even more on Tor browser. Our timing measurements do not only re-enable previous attacks to their full extent but also allow implementing new attacks. We demonstrate a new DRAM-based covert channel between a website and an unprivileged app in a virtual machine without network hardware. Our results emphasize that quick-fix mitigations can establish a dangerous false sense of security.
3 of the 4 authors of the above paper are also authors of the Meltdown and Spectre papers, the first two of the "Resources on Meltdown/Spectre:" listed by kevopa in the opening comment of this topic.

- Harold

tcaud
Moongazer
Moongazer
Posts: 7
Joined: 2018-01-15, 19:10

Re: Mitigate Speculative Side-Channel Attack Techniques

Unread post by tcaud » 2018-01-15, 19:19

Some years ago canvas tainting was implemented for no other reason than the fact that performance.now could be used to measure the screen draw time and thus could be used to infer the numbers on a virtual bank card. I suggested to Moz staff then that they scrap performance.now or at least decrease its resolution. They resisted because Google. Now we see that it's a liability yet again. Realistically I can't think of a single average consumer necessity for peformance.now.

Since 57.0.4, Firefox Quantum has been crash happy like never before. Mozilla says the entire patch was dedicated to nothing but Spectre and Meltdown.

You may be asking why I'm using Quantum instead of Pale Moon. That's because in latest version of Pale Moon, Facebook and numerous other sites are acting up.

lefty
Moongazer
Moongazer
Posts: 9
Joined: 2017-03-24, 15:57

Re: Mitigate Speculative Side-Channel Attack Techniques

Unread post by lefty » 2018-01-16, 18:16

HaroldA wrote:Per the abstract of Fantastic Timers and Where to Find Them: High-Resolution Microarchitectural Attacks in JavaScript:
Research showed that microarchitectural attacks like cache attacks can be performed through websites using JavaScript. These timing attacks allow an adversary to spy on users secrets such as their keystrokes, leveraging fine-grained timers. However, the W3C and browser vendors responded to this significant threat by eliminating fine-grained timers from JavaScript. This renders previous high-resolution microarchitectural attacks non-applicable.

We demonstrate the ineffcacy of this mitigation by finding and evaluating a wide range of new sources of timing information. We develop measurement methods that exceed the resolution of official timing sources by 3 to 4 orders of magnitude on all major browsers, and even more on Tor browser. Our timing measurements do not only re-enable previous attacks to their full extent but also allow implementing new attacks. We demonstrate a new DRAM-based covert channel between a website and an unprivileged app in a virtual machine without network hardware. Our results emphasize that quick-fix mitigations can establish a dangerous false sense of security.
3 of the 4 authors of the above paper are also authors of the Meltdown and Spectre papers, the first two of the "Resources on Meltdown/Spectre:" listed by kevopa in the opening comment of this topic.

- Harold
So then, since Pale moon relies on making the timer less accurate to defeat meltdown/spectre, does that mean it's still open to attacks?

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 23640
Joined: 2011-08-28, 17:27
Location: 58°2'16"N 14°58'31"E
Contact:

Re: Mitigate Speculative Side-Channel Attack Techniques

Unread post by Moonchild » 2018-01-16, 19:18

lefty wrote:So then, since Pale moon relies on making the timer less accurate to defeat meltdown/spectre, does that mean it's still open to attacks?
No, it isn't, and it hasn't been.
If you still need to ask this question at this point then I suggest you go back and read everything once more that has been posted on the matter.
Improving Mozilla code: You know you're on the right track with code changes when you spend the majority of your time deleting code.

"If you want to build a better world for yourself, you have to be willing to build one for everybody." -- Coyote Osborne
"I'm afraid you have me mistaken for someone who can be shamed by a child." -- Quillspawn

dark_moon

Re: Mitigate Speculative Side-Channel Attack Techniques

Unread post by dark_moon » 2018-01-18, 19:32

Did you guys already found this great tool?:
https://www.grc.com/inspectre.htm

Locked