CONIX Publication

Large applications like the Chrome web browser are usually composed of several different processes. Web pages are rendered in subprocesses while the main process keeps secret data, like your browser cookies. This design provides important security guarantees: even if an attacker is able to fully control a renderer process, they can’t compromise the main process. However, due to a recently discovered attack called Spectre, it's possible for an attacker to get the main process to unintentionally reveal secret information, such as your cookies. Our key insight is that an attacker only has influence over a small number of entry points to the application. We can perform static taint tracking to find all of these places and scalably and efficiently defend software such as browsers and operating systems using only a small number of defenses.