Benchmarking Tools
If you want to generate benchmarking graphs like those that appear in
the paper/talk,
use this.
Note that these tools have only been tested on Linux based x86
systems. They will likely not work on other OS/arch combinations.
Please send your results back!
Current results
Privacy and Security Attacks
All PoCs are no longer functional on current browser versions.
Try them out on previous versions on any x86_64 build of these browsers.
Safari
Our PoC is available here.
Our bug was assigned CVE-2017-7006, and fixed in Safari 10.1.2.
Chrome
Our PoC is available here.
Our bug was assigned CVE-2017-5107, and fixed in Chromium 60.
Firefox
Our PoC is available here.
Our bug was assigned CVE-2017-5407, and fixed in Firefox 52.
Relevant Publications
Floating Point SVG Attacks
"On the effectiveness of mitigations against floating-point timing channels." USENIX Security. August 2017 (Updated Nov 2022, original
"On Subnormal Floating Point and Abnormal Timing." IEEE Security and Privacy (Oakland), May 2015 (Updated June 2017, original)
Defenses
"Trusted Browsers for Uncertain Times." USENIX Security. August 2016