Fingerprinting And CPU Attack and Defense Exploration from browser Scripts – FACADES
Along with releases of new web standards in browsers (WebAssembly, WebGPU, WebUSB, etc.), more and more features of connected devices are directly usable from the web. While these specifications hold great promise from a performance perspective, they keep raising significant security concerns. In this project, we aim to analyze the security implications of new features that provide direct or indirect access to low-level hardware features. Building on our previous research, we will (1) investigate the impact of directly mounting native side-channel attacks from the web, (2) develop new methods to efficiently port attacks to browsers to facilitate a faster risk assessment for novel attacks, (3) explore how side-channel attacks can leak secrets or enable user tracking via hardware fingerprints, and (4) lay the foundations for secure low-level web standards by exploring the effectiveness of existing and novel countermeasures (eg. sandboxing) through the lens of hardware/software contracts.
Monsieur Pierre Laperdrix (Centre de Recherche en Informatique, Signal et Automatique de Lille)
The author of this summary is the project coordinator, who is responsible for the content of this summary. The ANR declines any responsibility as for its contents.
CRISTAL Centre de Recherche en Informatique, Signal et Automatique de Lille
CISPA CISPA Helmholtz Center for Information Security
Saarland University Saarland University / Research lab
Help of the ANR 851,881 euros
Beginning and duration of the scientific project: August 2022 - 36 Months