Title:

Cache Side Channels in Language Runtimes: Attacks and Mitigations

 

Abstract:

Cache side-channel attacks have proven to be a significant threat to applications that process sensitive information, such as cryptographic keys or personal images. Cache side channels and their mitigations have been widely studied in the context of native applications. However, less attention has been paid to side-channel leakages in modern applications that are written in programming languages such as JavaScript and Python, which execute within managed language runtimes. In this presentation, we explore how language runtimes affect an application’s susceptibility to cache side-channel attacks and present how distinct execution steps can be leveraged to exploit applications written in JavaScript or Python. Furthermore, we present an approach to mitigate cache side-channel leakages in language runtimes by leveraging runtime information of executing programs.

 

Speaker:

Kjell Dankert

University of British Columbia