Mitigate Speculative Side-Channel Attack Techniques

Talk about code development, features, specific bugzilla bugs, enhancements, patches, and other highly technical things.

Moderator: satrow

Forum rules
Please keep everything here strictly on-topic.
This board is meant for Pale Moon source code development related subjects only like code snippets, patches, specific referenced Bugzilla bugs, mercurial, etc.

This is not for tech support! Please do not post tech support questions in the "Development" board!
Please make sure not to use this board for support questions. Most "bug reports" do not belong in this board and should initially be posted in Community Support or other relevant support boards.

Please keep things on-topic as this forum will be used for reference for Pale Moon development. Expect topics that aren't relevant as such to be moved or deleted.
kevopa
Moongazer
Moongazer
Posts: 8
Joined: Thu, 06 Jul 2017, 10:59

Mitigate Speculative Side-Channel Attack Techniques

Unread postby kevopa » Thu, 04 Jan 2018, 15:23

Chrome and Firefox are removing SharedArrayBuffer and limiting the precision of performance.now() to reduce the effect of Meltdown/Spectre:

https://www.chromium.org/Home/chromium-security/ssca
https://blog.mozilla.org/security/2018/ ... ng-attack/

Resources on Meltdown/Spectre:
https://spectreattack.com/spectre.pdf
https://meltdownattack.com/meltdown.pdf
https://googleprojectzero.blogspot.com/ ... -side.html
https://cyber.wtf/2017/07/28/negative-r ... user-mode/

Can the same mitigations be implemented in Pale Moon?

User avatar
[DarKwiN]
Newbie
Newbie
Posts: 5
Joined: Wed, 30 Aug 2017, 08:34

Re: Mitigate Speculative Side-Channel Attack Techniques

Unread postby [DarKwiN] » Thu, 04 Jan 2018, 16:02

And how about first party isolation, too (just in case it isn't already there, or isn't impossible to integrate in PM)?
Thank you!

User avatar
JustOff
Localization Coordinator
Localization Coordinator
Posts: 1579
Joined: Thu, 03 Sep 2015, 19:47
Location: UA
Contact:

Re: Mitigate Speculative Side-Channel Attack Techniques

Unread postby JustOff » Thu, 04 Jan 2018, 16:03

As far as I understand, SharedArrayBuffer implementation in Pale Moon is incomplete, so it is not enabled at all. As for performance.now(), currently it has 10µs resolution, but this can be easily reduced, like it's going to do in other browsers.
Here are the add-ons I made in a spare time. That was fun!

dark_moon

Re: Mitigate Speculative Side-Channel Attack Techniques

Unread postby dark_moon » Thu, 04 Jan 2018, 17:20

Removing SharedArrayBuffer and limiting the precision of performance.now() & first party isolation are importand stuff and need fast implementation

palemon
Moongazer
Moongazer
Posts: 12
Joined: Sun, 16 Oct 2016, 07:48
Location: Germany

Re: Mitigate Speculative Side-Channel Attack Techniques

Unread postby palemon » Sat, 06 Jan 2018, 14:22

Any update on this?

User avatar
Nigaikaze
Keeps coming back
Keeps coming back
Posts: 855
Joined: Sun, 02 Feb 2014, 22:15
Location: Chicago, IL, USA

Re: Mitigate Speculative Side-Channel Attack Techniques

Unread postby Nigaikaze » Sat, 06 Jan 2018, 21:12

palemon wrote:Any update on this?

Yeah, according to yesterday's announcement:

viewtopic.php?f=1&p=131437#p131437

HaroldA
New to the forum
New to the forum
Posts: 1
Joined: Mon, 08 Jan 2018, 21:33

Re: Mitigate Speculative Side-Channel Attack Techniques

Unread postby HaroldA » Mon, 08 Jan 2018, 21:50

Per the abstract of Fantastic Timers and Where to Find Them: High-Resolution Microarchitectural Attacks in JavaScript:
Research showed that microarchitectural attacks like cache attacks can be performed through websites using JavaScript. These timing attacks allow an adversary to spy on users secrets such as their keystrokes, leveraging fine-grained timers. However, the W3C and browser vendors responded to this significant threat by eliminating fine-grained timers from JavaScript. This renders previous high-resolution microarchitectural attacks non-applicable.

We demonstrate the ineffcacy of this mitigation by finding and evaluating a wide range of new sources of timing information. We develop measurement methods that exceed the resolution of official timing sources by 3 to 4 orders of magnitude on all major browsers, and even more on Tor browser. Our timing measurements do not only re-enable previous attacks to their full extent but also allow implementing new attacks. We demonstrate a new DRAM-based covert channel between a website and an unprivileged app in a virtual machine without network hardware. Our results emphasize that quick-fix mitigations can establish a dangerous false sense of security.

3 of the 4 authors of the above paper are also authors of the Meltdown and Spectre papers, the first two of the "Resources on Meltdown/Spectre:" listed by kevopa in the opening comment of this topic.

- Harold

tcaud
New to the forum
New to the forum
Posts: 1
Joined: Mon, 15 Jan 2018, 19:10

Re: Mitigate Speculative Side-Channel Attack Techniques

Unread postby tcaud » Mon, 15 Jan 2018, 19:19

Some years ago canvas tainting was implemented for no other reason than the fact that performance.now could be used to measure the screen draw time and thus could be used to infer the numbers on a virtual bank card. I suggested to Moz staff then that they scrap performance.now or at least decrease its resolution. They resisted because Google. Now we see that it's a liability yet again. Realistically I can't think of a single average consumer necessity for peformance.now.

Since 57.0.4, Firefox Quantum has been crash happy like never before. Mozilla says the entire patch was dedicated to nothing but Spectre and Meltdown.

You may be asking why I'm using Quantum instead of Pale Moon. That's because in latest version of Pale Moon, Facebook and numerous other sites are acting up.

lefty
Moongazer
Moongazer
Posts: 9
Joined: Fri, 24 Mar 2017, 15:57

Re: Mitigate Speculative Side-Channel Attack Techniques

Unread postby lefty » Tue, 16 Jan 2018, 18:16

HaroldA wrote:Per the abstract of Fantastic Timers and Where to Find Them: High-Resolution Microarchitectural Attacks in JavaScript:
Research showed that microarchitectural attacks like cache attacks can be performed through websites using JavaScript. These timing attacks allow an adversary to spy on users secrets such as their keystrokes, leveraging fine-grained timers. However, the W3C and browser vendors responded to this significant threat by eliminating fine-grained timers from JavaScript. This renders previous high-resolution microarchitectural attacks non-applicable.

We demonstrate the ineffcacy of this mitigation by finding and evaluating a wide range of new sources of timing information. We develop measurement methods that exceed the resolution of official timing sources by 3 to 4 orders of magnitude on all major browsers, and even more on Tor browser. Our timing measurements do not only re-enable previous attacks to their full extent but also allow implementing new attacks. We demonstrate a new DRAM-based covert channel between a website and an unprivileged app in a virtual machine without network hardware. Our results emphasize that quick-fix mitigations can establish a dangerous false sense of security.

3 of the 4 authors of the above paper are also authors of the Meltdown and Spectre papers, the first two of the "Resources on Meltdown/Spectre:" listed by kevopa in the opening comment of this topic.

- Harold


So then, since Pale moon relies on making the timer less accurate to defeat meltdown/spectre, does that mean it's still open to attacks?

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 22427
Joined: Sun, 28 Aug 2011, 17:27
Location: 58.5°N 15.5°E
Contact:

Re: Mitigate Speculative Side-Channel Attack Techniques

Unread postby Moonchild » Tue, 16 Jan 2018, 19:18

lefty wrote:So then, since Pale moon relies on making the timer less accurate to defeat meltdown/spectre, does that mean it's still open to attacks?

No, it isn't, and it hasn't been.
If you still need to ask this question at this point then I suggest you go back and read everything once more that has been posted on the matter.
Improving Mozilla code: You know you're on the right track with code changes when you spend the majority of your time deleting code.

"If you want to build a better world for yourself, you have to be willing to build one for everybody." -- Coyote Osborne

dark_moon

Re: Mitigate Speculative Side-Channel Attack Techniques

Unread postby dark_moon » Thu, 18 Jan 2018, 19:32

Did you guys already found this great tool?:
https://www.grc.com/inspectre.htm


Return to “Development (discussion)”

Who is online

Users browsing this forum: No registered users and 4 guests