[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Public WebGL] CORS and resource provider awareness

Based on this finding I wondered if restricting VS texture access + control flow restrictions would work. I do not think it would work.

Proof attack without VS texture access and without control flow constructs in the shader: http://codeflow.org/issues/timing-attack/cache-coherence.html
Working principle: Texel fetches are cached by the GPU. By adding a random offset to the texel fetch based on the pixel luminance in question the vertex shader can be made to run different lengths of time.

On Mon, Nov 5, 2012 at 1:09 PM, Florian Bösch <pyalot@gmail.com> wrote:
I don't think restrictions on control flow constructs are a reliable way to prevent timing attacks.

Proof attack without control flow constructs in the shader: http://codeflow.org/issues/timing-attack/vs-tex.html
Working principle: A quad is overdrawn on a canvas 128x and the quad size depends on the texel value fetched from texture.