The web has become an essential part of our society and is currently the main medium information delivery. Billions users browse on a daily basis, there are single websites that have reached over one billion user accounts. In this environment, ability to track their online habits can be very lucrative for advertising companies, yet intrusive privacy users. paper, we examine how web-based device fingerprinting works Internet. By analyzing code three popular browser-fingerprinting providers,...

We introduce the key reinstallation attack. This attack abuses design or implementation flaws in cryptographic protocols to reinstall an already-in-use key. resets key's associated parameters such as transmit nonces and receive replay counters. Several types of Wi-Fi handshakes are affected by All protected networks use 4-way handshake generate a fresh session So far, this 14-year-old has remained free from attacks, is even proven secure. However, we show that vulnerable Here, adversary...

JavaScript is used by web developers to enhance the interactivity of their sites, offload work users' browsers and improve sites' responsiveness user-friendliness, making pages feel behave like traditional desktop applications. An important feature JavaScript, ability combine multiple libraries from local remote sources into same page, under namespace. While this enables creation more advanced applications, it also allows for a malicious provider steal data other scripts page itself. Today,...

In the modern web, browser has emerged as vehicle of choice, which users are to trust, customize, and use, access a wealth information online services. However, recent studies show that can also be used invisibly fingerprint user: practice may have serious privacy security implications.

Dynamic frequency and voltage scaling features have been introduced to manage ever-growing heat power consumption in modern processors. Design restrictions ensure are adjusted as a pair, based on the current load, because for each there is only certain range where processor can operate correctly. For this purpose, many processors (including widespread Intel Core series) expose privileged software interfaces dynamically regulate operating voltage.In paper, we demonstrate that these be...

We present several novel techniques to track (unassociated) mobile devices by abusing features of the Wi-Fi standard. This shows that using random MAC addresses, on its own, does not guarantee privacy. First, we show information elements in probe requests can be used fingerprint devices. then combine these fingerprints with incremental sequence numbers, create a tracking algorithm rely unique identifiers such as addresses. Based real-world datasets, demonstrate our correctly much 50% for at...

Meltdown and Spectre enable arbitrary data leakage from memory via various side channels. Short-term software mitigations for are only a temporary solution with significant performance overhead. Due to hardware fixes, these disabled on recent processors. In this paper, we show that Meltdown-like attacks still possible CPUs which not vulnerable Meltdown. We identify two behaviors of the store buffer, microarchitectural resource reduce latency stores, powerful attacks. The first behavior,...

The recent Spectre attack first showed how to inject incorrect branch targets into a victim domain by poisoning microarchitectural prediction history. In this paper, we generalize injection-based methodologies the memory hierarchy directly injecting incorrect, attacker-controlled values victim's transient execution. We propose Load Value Injection (LVI) as an innovative technique reversely exploit Meltdown-type data leakage. LVI abuses that faulting or assisted loads, executed legitimate...

A program is defined to be noninterferent if its outputs cannot influenced by inputs at a higher security level than their own. Various researchers have demonstrated how this property (or closely related properties) can achieved through information flow analysis, using either static analysis (with type system or otherwise), dynamic monitoring system. We propose an alternative approach, based on technique we call secure multi-execution. The main idea execute multiple times, once for each...

Many countermeasures exist that attempt to protect against buffer overflow attacks on applications written in C and C++. The most widely deployed rely artificially introducing randomness the memory image of application. StackGuard similar systems, for instance, will insert a random value before return address stack, Address Space Layout Randomization (ASLR) make location stack and/or heap less predictable an attacker.

Protected module architectures such as Intel SGX hold the promise of protecting sensitive computations from a potentially compromised operating system. Recent research convincingly demonstrated, however, that SGX's strengthened adversary model also gives rise to new class powerful, low-noise side-channel attacks leveraging first-rate control over hardware. These commonly rely on frequent enclave preemptions obtain fine-grained observations. A maximal temporal resolution is achieved when...

We show that low-layer attacks against Wi-Fi can be implemented using user-modifiable firmware. Hence cheap off-the-shelf dongles used carry out advanced attacks. demonstrate this by implementing five open source Atheros The first attack consists of unfair channel usage, giving the user a higher throughput while reducing others. second defeats countermeasures designed to prevent usage. third performs continuous jamming, making unusable for other devices. For fourth we selective jammer,...

Research on transient execution attacks including Spectre and Meltdown showed that exception or branch misprediction events might leave secret-dependent traces in the CPU's microarchitectural state. This observation led to a proliferation of new attack variants even more ad-hoc defenses (e.g., microcode software patches). Both industry academia are now focusing finding effective for known issues. However, we only have limited insight residual surface completeness proposed defenses. In this...

We present FlowFox, the first fully functional web browser that implements a precise and general information flow control mechanism for scripts based on technique of secure multi-execution. demonstrate how FlowFox subsumes many ad-hoc script containment countermeasures developed over last years. also show is compatible with current web, by investigating its behavior Alexa top-500 sites, which make intricate use JavaScript.

Typosquatting is the act of purposefully registering a domain name that mistype popular name.It concept has been known and studied for over 15 years, yet still thoroughly practiced up until this day.While previous typosquatting studies have always taken snapshot landscape or base their longitudinal results only on registration data, we present first contentbased, study typosquatting.We collected data about domains 500 most sites Internet every day, period seven months, use to establish...

A fully abstract compiler prevents security features of the source language from being bypassed by an attacker operating at target level. Unfortunately, developing compilers is very complex, and it even more so when untyped assembly language. To provide a that targets assembly, has been suggested to extend with protected module architecture—an assembly-level isolation mechanism which can be found in next-generation processors. This article provides compilation scheme whose object-oriented,...

This paper analyzes the vulnerability space arising in Trusted Execution Environments (TEEs) when interfacing a trusted enclave application with untrusted, potentially malicious code. Considerable research and industry effort has gone into developing TEE runtime libraries purpose of transparently shielding code from an adversarial environment. However, our analysis reveals that requirements are generally not well-understood real-world implementations. We expose several sanitization...