25th USENIX Security Symposium has ended
Back To Schedule
Thursday, August 11 • 11:30am - 12:00pm
Trusted Browsers for Uncertain Times

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

JavaScript in one origin can use timing channels in browsers to learn sensitive information about a user’s interaction with other origins, violating the browser’s compartmentalization guarantees. Browser vendors have attempted to close timing channels by trying to rewrite sensitive code to run in constant time and by reducing the resolution of reference clocks.

We argue that these ad-hoc efforts are unlikely to succeed. We show techniques that increase the effective resolution of degraded clocks by two orders of magnitude, and we present and evaluate multiple, new implicit clocks: techniques by which JavaScript can time events without consulting an explicit clock at all.

We show how “fuzzy time” ideas in the trusted operating systems literature can be adapted to building trusted browsers, degrading all clocks and reducing the bandwidth of all timing channels. We describe the design of a next-generation browser, called Fermata, in which all timing sources are completely mediated. As a proof of feasibility, we present Fuzzyfox, a fork of the Firefox browser that implements many of the Fermata principles within the constraints of today’s browser architecture. We show that Fuzzyfox achieves sufficient compatibility and performance for deployment today by privacysensitive users.

In summary:

  • We show how an attacker can measure durations in web browsers without querying an explicit clock.
  • We show how the concepts of “fuzzy time” can apply to web browsers to mitigate all clocks.
  • We present a prototype demonstrating the impact of some of these concepts.


David Kohlbrenner

University of California, San Diego

Hovav Shacham

UC San Diego

Thursday August 11, 2016 11:30am - 12:00pm PDT
Zilker Ballroom 2