[webkit-dev] Timing attacks on CSS Shaders (was Re:Security problems with CSS shaders)

Chris Marrin cmarrin at apple.com
Thu Dec 8 14:49:58 PST 2011


On Dec 7, 2011, at 7:23 PM, Vincent Hardy wrote:

> Hello,
> 
> @chris
> 
> >> So I take back my statement that CSS Shaders are less dangerous than WebGL. They are more!!!
> 
> It seems to me that the differences are:
> 
> a. It is easier to do the timing portion of a timing attack in WebGL because it all happens in a script and the timing is precise. With CSS shaders, the timing is pretty coarse.
> 
> b. The content that a CSS shader has access to may be more sensitive than the content a WebGL shader has access to because currently, WebGL cannot render HTML (but isn't it possible to render an SVG with a foreignObject containing HTML into a 2D canvas, and then use that as a texture? In that case, wouldn't the risk be the same? Or is the canvas tainted in that case and cannot be used as a texture?).

Yes, if that were possible (it's not today in WebKit) then WebGL shaders would be even more dangerous because of their more precise timing.

-----
~Chris
cmarrin at apple.com




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-dev/attachments/20111208/19d018f8/attachment.html>


More information about the webkit-dev mailing list