Fingerprinting And CPU Attack and Defense Exploration from browser Scripts – FACADES

Along with releases of new web standards in browsers (WebAssembly, WebGPU, WebUSB, etc.), more and more features of connected devices are directly usable from the web. While these specifications hold great promise from a performance perspective, they keep raising significant security concerns. In this project, we aim to analyze the security implications of new features that provide direct or indirect access to low-level hardware features. Building on our previous research, we will (1) investigate the impact of directly mounting native side-channel attacks from the web, (2) develop new methods to efficiently port attacks to browsers to facilitate a faster risk assessment for novel attacks, (3) explore how side-channel attacks can leak secrets or enable user tracking via hardware fingerprints, and (4) lay the foundations for secure low-level web standards by exploring the effectiveness of existing and novel countermeasures (eg. sandboxing) through the lens of hardware/software contracts.