With the release of new Web standards (e.g., WebAssembly, WebGPU, WebUSB), more and more hardware features are directly usable from the web. While these specifications enable modern Web applications and hold great promise from a performance perspective, they raise significant security concerns. In this project, we aim to analyze the security implications of new features in browsers that provide direct or indirect access to low-level hardware features. Building on our previous research, we will (1) investigate the impact of directly mounting native side-channel attacks from the web, (2) develop new methods to efficiently port attacks to browsers to facilitate a faster risk assessment for novel attacks, (3) explore how side-channel attacks can leak secrets or enable user tracking via hardware fingerprints, and (4) lay the foundations for secure low-level web standards by exploring the effectiveness of existing and novel countermeasures (e.g., sandboxing) through the lens of hardware/software contracts.

DFG Programme Research Grants

International Connection France

Cooperation Partners Dr. Pierre Laperdrix; Dr. Clémentine Maurice; Dr. Romain Rouvoy; Dr. Walter Rudametkin