Conference paper Open Access

Practical Memory Deduplication Attacks in Sandboxed Javascript

Gruss, Daniel; Bidner, David; Mangard, Stefan


DCAT Export

<?xml version='1.0' encoding='utf-8'?>
<rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:adms="http://www.w3.org/ns/adms#" xmlns:cnt="http://www.w3.org/2011/content#" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:dct="http://purl.org/dc/terms/" xmlns:dctype="http://purl.org/dc/dcmitype/" xmlns:dcat="http://www.w3.org/ns/dcat#" xmlns:duv="http://www.w3.org/ns/duv#" xmlns:foaf="http://xmlns.com/foaf/0.1/" xmlns:frapo="http://purl.org/cerif/frapo/" xmlns:geo="http://www.w3.org/2003/01/geo/wgs84_pos#" xmlns:gsp="http://www.opengis.net/ont/geosparql#" xmlns:locn="http://www.w3.org/ns/locn#" xmlns:org="http://www.w3.org/ns/org#" xmlns:owl="http://www.w3.org/2002/07/owl#" xmlns:prov="http://www.w3.org/ns/prov#" xmlns:rdfs="http://www.w3.org/2000/01/rdf-schema#" xmlns:schema="http://schema.org/" xmlns:skos="http://www.w3.org/2004/02/skos/core#" xmlns:vcard="http://www.w3.org/2006/vcard/ns#" xmlns:wdrs="http://www.w3.org/2007/05/powder-s#">
  <rdf:Description rdf:about="https://doi.org/10.5281/zenodo.55453">
    <rdf:type rdf:resource="http://www.w3.org/ns/dcat#Dataset"/>
    <dct:type rdf:resource="http://purl.org/dc/dcmitype/Text"/>
    <dct:identifier rdf:datatype="http://www.w3.org/2001/XMLSchema#anyURI">https://doi.org/10.5281/zenodo.55453</dct:identifier>
    <foaf:page rdf:resource="https://doi.org/10.5281/zenodo.55453"/>
    <dct:creator>
      <rdf:Description>
        <rdf:type rdf:resource="http://xmlns.com/foaf/0.1/Agent"/>
        <foaf:name>Gruss, Daniel</foaf:name>
        <foaf:givenName>Daniel</foaf:givenName>
        <foaf:familyName>Gruss</foaf:familyName>
        <org:memberOf>
          <foaf:Organization>
            <foaf:name>TU Graz</foaf:name>
          </foaf:Organization>
        </org:memberOf>
      </rdf:Description>
    </dct:creator>
    <dct:creator>
      <rdf:Description>
        <rdf:type rdf:resource="http://xmlns.com/foaf/0.1/Agent"/>
        <foaf:name>Bidner, David</foaf:name>
        <foaf:givenName>David</foaf:givenName>
        <foaf:familyName>Bidner</foaf:familyName>
        <org:memberOf>
          <foaf:Organization>
            <foaf:name>TU Graz</foaf:name>
          </foaf:Organization>
        </org:memberOf>
      </rdf:Description>
    </dct:creator>
    <dct:creator>
      <rdf:Description>
        <rdf:type rdf:resource="http://xmlns.com/foaf/0.1/Agent"/>
        <foaf:name>Mangard, Stefan</foaf:name>
        <foaf:givenName>Stefan</foaf:givenName>
        <foaf:familyName>Mangard</foaf:familyName>
        <org:memberOf>
          <foaf:Organization>
            <foaf:name>TU Graz</foaf:name>
          </foaf:Organization>
        </org:memberOf>
      </rdf:Description>
    </dct:creator>
    <dct:title>Practical Memory Deduplication Attacks in Sandboxed Javascript</dct:title>
    <dct:publisher>
      <foaf:Agent>
        <foaf:name>Zenodo</foaf:name>
      </foaf:Agent>
    </dct:publisher>
    <dct:issued rdf:datatype="http://www.w3.org/2001/XMLSchema#gYear">2015</dct:issued>
    <dcat:keyword>Memory deduplication, Side-channel attack, Javascript-based attack, Website fingerprinting</dcat:keyword>
    <dct:issued rdf:datatype="http://www.w3.org/2001/XMLSchema#date">2015-09-21</dct:issued>
    <owl:sameAs rdf:resource="https://zenodo.org/record/55453"/>
    <adms:identifier>
      <adms:Identifier>
        <skos:notation rdf:datatype="http://www.w3.org/2001/XMLSchema#anyURI">https://zenodo.org/record/55453</skos:notation>
      </adms:Identifier>
    </adms:identifier>
    <dct:isPartOf rdf:resource="http://issn.org/resource/ISSN/0302-9743"/>
    <dct:isPartOf rdf:resource="https://doi.org/10.1007/978-3-319-24174-6_6"/>
    <dct:isPartOf rdf:resource="https://zenodo.org/communities/hector"/>
    <dct:description>&lt;p&gt;Page deduplication is a mechanism to reduce the memory footprint of a system. Identical physical pages are identified across borders of virtual machines and programs and merged by the operating system or the hypervisor. However, this enables side-channel information leakage through cache or memory access time. Therefore, it is considered harmful in public clouds today, but it is still considered safe to use in a private environment, i.e., private clouds, personal computers, and smartphones.&lt;/p&gt; &lt;p&gt;We present the first memory-disclosure attack in sandboxed Javascript which exploits page deduplication. Unlike previous attacks, our attack does not require the victim to execute an adversary’s program, but simply to open a website which contains the adversary’s Javascript code. We are not only able to determine which applications are running, but also specific user activities, for instance, whether the user has specific websites currently opened. The attack works on servers, personal computers and smartphones, and across the borders of virtual machines.&lt;/p&gt;</dct:description>
    <dct:description xml:lang="">H2020 644052 / HECTOR</dct:description>
    <dct:accessRights rdf:resource="http://publications.europa.eu/resource/authority/access-right/PUBLIC"/>
    <dct:accessRights>
      <dct:RightsStatement rdf:about="info:eu-repo/semantics/openAccess">
        <rdfs:label>Open Access</rdfs:label>
      </dct:RightsStatement>
    </dct:accessRights>
    <dcat:distribution>
      <dcat:Distribution>
        <dct:rights>
          <dct:RightsStatement rdf:about="https://creativecommons.org/licenses/by-nc-sa/4.0/legalcode">
            <rdfs:label>Creative Commons Attribution Non Commercial Share Alike 4.0 International</rdfs:label>
          </dct:RightsStatement>
        </dct:rights>
        <dcat:accessURL rdf:resource="https://doi.org/10.5281/zenodo.55453"/>
      </dcat:Distribution>
    </dcat:distribution>
  </rdf:Description>
</rdf:RDF>
21
34
views
downloads
All versions This version
Views 2121
Downloads 3434
Data volume 48.6 MB48.6 MB
Unique views 2121
Unique downloads 3232

Share

Cite as