Skip to content

Commit

Permalink
Update hybrid-timing.md
Browse files Browse the repository at this point in the history
Editorial pass
  • Loading branch information
goedi02 authored Dec 23, 2020
1 parent 591c558 commit 75b5a61
Showing 1 changed file with 3 additions and 3 deletions.
6 changes: 3 additions & 3 deletions content/docs/attacks/timing-attacks/hybrid-timing.md
Original file line number Diff line number Diff line change
Expand Up @@ -15,18 +15,18 @@ menu = "main"
weight = 3
+++

Hybrid Timing Attacks allow attackers to measure the sum of a bunch of factors that influence the final timing measurement. These factors include:
Hybrid Timing Attacks allow attackers to measure the sum of a group of factors that influence the final timing measurement. These factors include:

- [Network delays]({{< ref "network-timing.md" >}})
- Document parsing
- Retrieval and processing of subresources
- [Code execution]({{< ref "execution-timing.md" >}})

Some of the factors differ in value depending on the application. This means that [Network Timing]({{< ref "network-timing.md" >}}) might be more significant in pages with more backend processing while [Execution Timing]({{< ref "execution-timing.md" >}}) can be more significant in applications processing and displaying data within the browser. Attackers can also eliminate some of these factors to obtain more precise measurements. For example, one could preload all the subresources by embedding the page as an `iframe` (forcing the browser to cache the subresources) and do a second measurement which will exclude any delay introduced by the retrieval of those subresources.
Some of the factors differ in value depending on the application. This means that [Network Timing]({{< ref "network-timing.md" >}}) might be more significant for pages with more backend processing, while [Execution Timing]({{< ref "execution-timing.md" >}}) can be more significant in applications processing and displaying data within the browser. Attackers can also eliminate some of these factors to obtain more precise measurements. For example, an attacker could preload all of the subresources by embedding the page as an `iframe` (forcing the browser to cache the subresources) and then perform a second measurement, which excludes any delay introduced by the retrieval of those subresources.

## Frame Timing Attacks (Hybrid)

If a page does not set [Framing Protections]({{< ref "../../defenses/opt-in/xfo.md" >}}), an attacker can obtain a hybrid measurement that considers all the factors. This attack is similar to the [Network-based Attack]({{< ref "network-timing.md#frame-timing-attacks-network" >}}), but when the resource is retrieved the page is rendered and executed by the browser (subresources fetched and JavaScript executed). In this scenario, the `onload` event only triggers once the page fully loads (including subresources and script execution).
If a page does not set [Framing Protections]({{< ref "../../defenses/opt-in/xfo.md" >}}), an attacker can obtain a hybrid measurement that considers all of the factors. This attack is similar to a [Network-based Attack]({{< ref "network-timing.md#frame-timing-attacks-network" >}}), but when the resource is retrieved, the page is rendered and executed by the browser (subresources fetched and JavaScript executed). In this scenario, the `onload` event only triggers once the page fully loads (including subresources and script execution).

```javascript
var iframe = document.createElement('iframe');
Expand Down

0 comments on commit 75b5a61

Please sign in to comment.