Title: Towards Hardening Web Browsers Against Microarchitectural Side-channel Threats

(This proposal has been rescheduled from its original date of March 10. Please refer to the updated information below.) 

Date: Monday, March 24, 2025

Time: 9:00 AM – 10:00 AM ET

Location (Hybrid):

• Coda C0915 Atlantic
• https://gatech.zoom.us/j/97716761119?pwd=EbQbAJZBCjeMGzXza3YUCrxFvmtJUw.1
• (Zoom Meeting ID: 977 1676 1119, Passcode: 181639)

Jason Kim

CS Ph.D. Student

School of Cybersecurity and Privacy

College of Computing

Georgia Institute of Technology

Committee:

• Dr. Daniel Genkin (Advisor) – School of Cybersecurity and Privacy, Georgia Institute of Technology
• Dr. Taesoo Kim - School of Cybersecurity and Privacy, Georgia Institute of Technology
• Dr. Saman Zonouz - School of Cybersecurity and Privacy, Georgia Institute of Technology

Abstract:

Improving the performance of modern CPUs faces challenges in frequency, power consumption, and memory systems whose performance has grown considerably slower. In response, architects have devised complex caching, prediction, and prefetching mechanisms, and have implemented deep speculative and out-of-order execution in the pipeline for more performant CPUs despite these limitations. On the other hand, the resulting CPUs have paved the way for an ecosystem of high-performance web applications, leading to users 'living in the browser' for several hours each day. However, browsers have consequently become a central store for secrets, such as passwords and payment information. Addressing this, browsers employ extensive sandboxes for code served from webpages, enforcing that one page cannot read another's data.

Despite sandboxing, secrets in browsers are unfortunately susceptible to side-channel attacks, due to mutually distrusting domains executing on the same underlying hardware. For modern CPUs in particular, the risk of microarchitectural side-channels is exacerbated since they can share caching, prediction, and prefetching state across such domains – causing performance optimizations to backfire and inadvertently become attack vectors. Although these vectors are constantly emerging, they are largely unknown to browser developers because microarchitecture is transparent to software and proprietary to each CPU vendor. Therefore, in this proposal, we aim to understand the adverse interactions of microarchitecture on browser security.

To that aim, we discuss works that reveal two new microarchitectural predictors in the wild. These predictors, present in recent Apple CPUs, speculate past data dependencies on loads to improve instruction-level parallelism. Although we observe constraints in their prediction capabilities, we demonstrate that mispredictions lead to exploitable memory safety violations in the Chrome and Safari browsers by remote adversaries serving a malicious webpage. Furthermore, we discuss work that reveals the shortcomings of browser countermeasures to speculative execution attacks, despite five years of mitigation efforts. We demonstrate corner cases where browsers do not apply process isolation, and we show that the commonly deployed countermeasure of timer degradation is fundamentally flawed due to race conditions – resulting in timer-free attack primitives. Overall, these works highlight that more principled defenses are needed to secure browsers from microarchitectural side-channels.