[webkit-dev] Timing attacks on CSS Shaders (was Re:Security problems with CSS shaders)
Chris Marrin
cmarrin at apple.com
Thu Dec 8 14:49:58 PST 2011
On Dec 7, 2011, at 7:23 PM, Vincent Hardy wrote:
> Hello,
>
> @chris
>
> >> So I take back my statement that CSS Shaders are less dangerous than WebGL. They are more!!!
>
> It seems to me that the differences are:
>
> a. It is easier to do the timing portion of a timing attack in WebGL because it all happens in a script and the timing is precise. With CSS shaders, the timing is pretty coarse.
>
> b. The content that a CSS shader has access to may be more sensitive than the content a WebGL shader has access to because currently, WebGL cannot render HTML (but isn't it possible to render an SVG with a foreignObject containing HTML into a 2D canvas, and then use that as a texture? In that case, wouldn't the risk be the same? Or is the canvas tainted in that case and cannot be used as a texture?).
Yes, if that were possible (it's not today in WebKit) then WebGL shaders would be even more dangerous because of their more precise timing.
-----
~Chris
cmarrin at apple.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-dev/attachments/20111208/19d018f8/attachment.html>
More information about the webkit-dev
mailing list