| Title | JSKernel: Fortifying JavaScript against Web Concurrency Attacks via a Kernel-Like Structure |
| Publication Type | Conference Paper |
| Year of Publication | 2020 |
| Authors | Chen, Zhanhao, Cao, Yinzhi |
| Conference Name | 2020 50th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN) |
| Date Published | jun |
| Keywords | Browsers, Clocks, composability, Concurrency, Concurrent computing, Instruction sets, JavaScript, Kernel, Metrics, pubcrawl, Reactive power, resilience, Resiliency, security, side channel attacks, Web Concurrency Attacks |
| Abstract | As portals to the Internet, web browsers constitute prominent targets for attacks. Existing defenses that redefine web APIs typically capture information related to a single JavaScript function. Thus, they fail to defend against the so-called web concurrency attacks that use multiple interleaved functions to trigger a browser vulnerability. In this paper, we propose JSKernel, the first generic framework that introduces a kernel concept into JavaScript to defend against web concurrency attacks. The JavaScript kernel, inspired from operating system concepts, enforces the execution order of JavaScript events and threads to fortify security. We implement a prototype of JSKernel deployable as add-on extensions to three widely used web browsers, namely Google Chrome, Mozilla Firefox, and Microsoft Edge. These open-source extensions are available at (https://github.com/jskernel2019/jskernel) along with a usability demo at (https://jskernel2019.github.io/). Our evaluation shows the prototype to be robust to web concurrency attacks, fast, and backward compatible with legacy websites. |
| DOI | 10.1109/DSN48063.2020.00026 |
| Citation Key | chen_jskernel_2020 |
JSKernel: Fortifying JavaScript against Web Concurrency Attacks via a Kernel-Like Structure