UC San Diego

When software is designed, even with security in mind, assumptions are made about the details of hardware behavior. Unfortunately, the correctness of such assumptions can be critical to the desired security properties. In this dissertation we first demonstrate how incorrect assumptions about the hardware abstraction lead to side-channels that threaten modern software security, and second we propose a principled method of timing channel defense for modern web browsers.

We show how performance variations in floating-point math instructions enable the first demonstrated instruction-data timing side-channel on commodity hardware. We use this side-channel in two case studies to prove its viability. First, we redesign a previous attack on an older version of the Firefox web browser to violate the Same Origin Policy. Second, we break the guarantees of a differentially private database designed to resist timing attacks. We show how the timing side-channel arises from hardware optimization decisions that have been well understood in the architecture, numerical analysis, and game-engine communities, but largely ignored in security.

Using a detailed measurement and analysis of floating-point performance, we examine the progress and potential of defenses against floating-point timing side-channels. We find that all deployed defensive schemes for desktop web browsers were insufficient, and most are still vulnerable. Using the same analysis methods, we show how a proposed defensive scheme makes incorrect assumptions about the hardware features it leverages, negating its guarantees.

As a possible remediation to the problem of floating-point timing side-channels, we present libfixedtimefixedpoint as an alternative to floating-point. It provides a fixed-point implementation of most available floating-point operations and is designed to run in constant time regardless of the input values.

Finally, we discuss structural problems in modern web browser design that make them amenable to all timing attacks. Adapting solutions from parallel problems solved by early trusted operating systems projects, we propose a modified browser architecture providing a provable defensive guarantee against all timing attacks. We then demonstrate the viability of this scheme by prototyping aspects of the architecture in a modified web browser.