BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//pretalx//cfp.pass-the-salt.org//pts2021//talk//DPKWYA
BEGIN:VTIMEZONE
TZID:CET
BEGIN:STANDARD
DTSTART:20001029T040000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10
TZNAME:CET
TZOFFSETFROM:+0200
TZOFFSETTO:+0100
END:STANDARD
BEGIN:DAYLIGHT
DTSTART:20000326T030000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=3
TZNAME:CEST
TZOFFSETFROM:+0100
TZOFFSETTO:+0200
END:DAYLIGHT
END:VTIMEZONE
BEGIN:VEVENT
UID:pretalx-pts2021-DPKWYA@cfp.pass-the-salt.org
DTSTART;TZID=CET:20210707T152000
DTEND;TZID=CET:20210707T155500
DESCRIPTION:JavaScript-based timing attacks have been greatly explored over
  the last few years. They rely on subtle timing differences to infer infor
 mation that should not be available inside of the JavaScript sandbox. In r
 eaction to these attacks\, the W3C and browser vendors have implemented se
 veral countermeasures\, with an important focus on JavaScript timers. Howe
 ver\, as these attacks multiplied in the last years\, so did the counterme
 asures\, in a cat-and-mouse game fashion.\n\nIn this presentation\, we pre
 sent the evolution and current situation of timing attacks in browsers\, a
 s well as statistical tools to characterize available timers. Our goal is 
 to present a clear view of the attack surface and understand what are the 
 main prerequisites and classes of browser-based timing attacks and what ar
 e the main countermeasures. We focus on determining to what extent the cha
 nges on timing-based countermeasures impact browser security. In particula
 r\, we show that the shift in protecting against transient execution attac
 ks has re-enabled other attacks such as microarchitectural side-channel at
 tacks with a higher bandwidth than what was possible just two years ago.
DTSTAMP:20260512T151007Z
LOCATION:Zoom room
SUMMARY:In Search of Lost Time: A Review of JavaScript Timers in Browsers -
  Thomas Rokicki
URL:https://cfp.pass-the-salt.org/pts2021/talk/DPKWYA/
END:VEVENT
END:VCALENDAR