TY - JOUR ID - 136367 TI - A Study of Timing Side-Channel Attacks and Countermeasures on JavaScript and WebAssembly JO - The ISC International Journal of Information Security JA - ISECURE LA - en SN - 2008-2045 AU - Mazaheri, Mohammad Erfan AU - Bayat Sarmadi, Siavash AU - Taheri Ardakani, Farhad AD - Sharif University of Technology, Department of Computer Engineering, Tehran, Islamic Republic of Iran. Y1 - 2022 PY - 2022 VL - 14 IS - 1 SP - 27 EP - 46 KW - Timing Side-Channel Attacks KW - JavaScript KW - WebAssembly KW - Malicious Code Detection KW - Timers DO - 10.22042/isecure.2021.263565.599 N2 - Side-channel attacks are a group of powerful attacks in hardware security that exploit the deficiencies in the implementation of systems. Timing side-channel attacks are one of the main side-channel attack categories that use the time difference of running an operation in different states. Many powerful attacks can be classified into this type of attack, including cache attacks. The limitation of these attacks is the need to run the spy program on the victim's system. Various studies have tried to overcome this limitation by implementing these attacks remotely on JavaScript and WebAssembly. This paper provides the first comprehensive evaluation of timing side-channel attacks on JavaScript and investigates challenges and countermeasures to overcome these attacks. Moreover, by investigating the countermeasures and their strengths and weaknesses, we introduce a detection-based approach, called Lurking Eyes. Our approach has the least reduction in the performance of JavaScript and WebAssembly. The evaluation results show that the Lurking eyes have an accuracy of 0.998, precision of 0.983, and F-measure of 0.983. Considering these values and no limitations, this method can be introduced as an effective way to counter timing side-channel attacks on JavaScript and WebAssembly. Also, we provide a new accurate timer, named Eagle timer, based on WebAssembly memory for implementing these attacks. UR - https://www.isecure-journal.com/article_136367.html L1 - https://www.isecure-journal.com/article_136367_a3948a522c7c59c65b65fa87571fde7b.pdf ER -