[webkit-dev] Timing attacks on CSS Shaders (was Re: Security problems with CSS shaders)

Adam Barth abarth at webkit.org
Sat Dec 3 23:06:51 PST 2011


On Mon, Oct 24, 2011 at 9:51 PM, Adam Barth <abarth at webkit.org> wrote:
> Personally, I don't believe it's possible to implement this feature
> securely, at least not using the approach prototyped by Adobe.
> However, I would love to be proven wrong because this is certainly a
> powerful primitive with many use cases.

I spent some more time looking into timing attacks on CSS Shaders.  I
haven't created a proof-of-concept exploit, but I believe the current
design is vulnerable to timing attacks.  I've written up blog post
explaining the issue:

http://www.schemehostport.com/2011/12/timing-attacks-on-css-shaders.html

Jonas Sicking seems to have a similar concern:

https://twitter.com/#!/SickingJ/status/143161375823380480

It's probably worth addressing this concern sooner rather than later.
Ignoring it certainly won't cause the vulnerability to go away.

Adam


More information about the webkit-dev mailing list