邏輯優化的灰色面:針對網頁應用的時序攻擊 (2018臺灣資安大會: 軟體安全論壇)

邏輯優化的灰色面:針對網頁應用的時序攻擊 (2018臺灣資安大會: 軟體安全論壇)

一般人對於應用程式的撰寫邏輯與順序,只考量正確性及效能面。但是從灰色的視角切入時,時序或時間差所透露的資訊往往比我們想像中來得多。本議程將針對網頁應用上的時序攻擊,探討邏輯優化可能帶來的安全問題。

Ffe61c981651f09952d858fea7eaccd3?s=128

Yi-Feng Tzeng

March 29, 2018
Tweet

Transcript

  1. 9.

    9/74 Ref: Front-End Performance The Dark Side @ ColdFront Conference

    2016 A000000 B000000 … E000000 EA00000 …
  2. 12.

    12/74 Premature optimization is the root of all evil (

    過早最佳化是萬惡的根源 ) ~ Donald Knuth ~ a little bit
  3. 14.
  4. 16.
  5. 19.
  6. 24.
  7. 29.

    29/74 Login Admin User 100 ms 2500 ms 1500 ms

    Validate user 100 ms ~1000 ms
  8. 30.
  9. 34.
  10. 40.

    40/74 Login Admin User Gender Age VIP 100 ms 2500

    ms 1500 ms 1000 ms 1000 ms 1200 ms …... …... Validate user 100 ms
  11. 43.
  12. 44.
  13. 47.

    47/74 Login Admin User Gender Age VIP 100 ms 2500

    ms 1500 ms 1000 ms 1000 ms 1200 ms …... …... Validate user 100 ms
  14. 50.
  15. 51.

    51/74 Login Admin User Gender Age VIP 100 ms 2500

    ms 1500 ms 1000 ms 1000 ms 1200 ms …... …... Validate user 100 ms 302 / 404 80 ms 1200 ms
  16. 52.
  17. 53.
  18. 54.
  19. 55.
  20. 56.
  21. 57.
  22. 61.

    61/74 Login Admin User Gender Age VIP 100 ms 2500

    ms 1500 ms 1000 ms 1000 ms 1200 ms …... …... Validate user 100 ms 302 / 404 80 ms 1200 ms
  23. 62.

    62/74 SuperUser Login Admin User Gender Age VIP 100 ms

    100 ms 2500 ms 1500 ms 1000 ms 1000 ms 1200 ms Backdoor …... …... 400 ms Validate user 100 ms 302 / 404 80 ms 1200 ms
  24. 63.
  25. 67.

    67/74 Attack Modes Post-auth Administrator Permissions Hidden page* Pre-auth Hidden

    page* Validate user Backdoor Active attacks Passive attacks
  26. 70.

    70/74 Attack Modes Post-auth Administrator Permissions Hidden page* Pre-auth Hidden

    page* Validate user Backdoor Active attacks Passive attacks