Prime+Probe 1, JavaScript 0: Overcoming Browser-based Side-Channel Defenses

The “eternal war in cache” has reached browsers, with multiple cache-based side-channel attacks and countermeasures being suggested. A common approach for countermeasures is to disable or restrict JavaScript features deemed essential for carrying out attacks. This talk shows that blocking JavaScript features cannot prevent cache attacks. It presents a sequence of attacks with progressively decreasing dependency on JavaScript features, culminating in the first browser-based side-channel attack which is constructed entirely from CSS and HTML, and works even when script execution is completely blocked.

This is joint work with Ayush Agarwal, Daniel Genkin, Yarden Haskal, Lachlan Kang, Yosef Meltser, Prateek Mittal, Sioli O'Connell, Yossi Oren, and Anatoly Shusterman.   



Yuval Yarom is a senior lecturer at the University of Adelaide.  He is interested in computer security and in cryptography, with a focus on the security implications of the interface between the software and the hardware.  He is the winner of the 2020 CORE Chris Wallace Award for Outstanding Research and is a 2020 Young Tall Poppy.  He has co-authored over 50 peer-reviewed publications winning multiple "best paper" awards.

Date & time

3–4pm 4 Mar 2021


Room:N224 Systems Area


Dr. Yuval Yarom


Updated:  10 August 2021/Responsible Officer:  Dean, CECS/Page Contact:  CECS Marketing