From 998e70126aa3fd797b4b20d1683a1e1b3796049f Mon Sep 17 00:00:00 2001 From: terjanq Date: Fri, 4 Dec 2020 22:53:42 +0100 Subject: [PATCH] Modify defense tables (#92) --- content/docs/attacks/browser-features/corb.md | 12 ++++----- content/docs/attacks/browser-features/corp.md | 11 +++++--- content/docs/attacks/error-events.md | 12 +++++---- .../experiments/scroll-to-text-fragment.md | 7 ------ content/docs/attacks/frame-counting.md | 9 +++---- content/docs/attacks/id-attribute.md | 7 +++--- content/docs/attacks/navigations.md | 25 ++++++++++++------- .../attacks/timing-attacks/connection-pool.md | 6 ++--- .../timing-attacks/execution-timing.md | 15 +++++------ .../attacks/timing-attacks/hybrid-timing.md | 6 ++--- .../attacks/timing-attacks/network-timing.md | 17 +++++++------ content/docs/attacks/xs-search.md | 8 +++--- 12 files changed, 73 insertions(+), 62 deletions(-) diff --git a/content/docs/attacks/browser-features/corb.md b/content/docs/attacks/browser-features/corb.md index 0abe340e8..6ca383d50 100644 --- a/content/docs/attacks/browser-features/corb.md +++ b/content/docs/attacks/browser-features/corb.md @@ -17,7 +17,7 @@ menu = "main" weight = 2 +++ -[Cross-Origin Read Blocking]({{< ref "../../defenses/secure-defaults/corb.md" >}}) (CORB) is a web platform security feature aimed at reducing the impact of speculative side-channel attacks such as Spectre. Unfortunately, blocking certain types of requests introduced a new type of XS-Leaks [^1] that allows attackers to detect if CORB was enforced on one request, but wasn't on another. Nevertheless, the introduced XS-Leaks are much less problematic than the issues actively protected by CORB (e.g. Spectre). +[Cross-Origin Read Blocking]({{< ref "/docs/defenses/secure-defaults/corb.md" >}}) (CORB) is a web platform security feature aimed at reducing the impact of speculative side-channel attacks such as Spectre. Unfortunately, blocking certain types of requests introduced a new type of XS-Leaks [^1] that allows attackers to detect if CORB was enforced on one request, but wasn't on another. Nevertheless, the introduced XS-Leaks are much less problematic than the issues actively protected by CORB (e.g. Spectre). {{< hint info >}} @@ -50,14 +50,14 @@ CORB can also allow attackers to detect when the `nosniff` header is present in ## Defense -| [Same-Site Cookies]({{< ref "../../defenses/opt-in/same-site-cookies.md" >}}) | [Fetch Metadata]({{< ref "../../defenses/opt-in/fetch-metadata.md" >}}) | [COOP]({{< ref "../../defenses/opt-in/coop.md" >}}) | [Framing Protections]({{< ref "../../defenses/opt-in/xfo.md" >}}) | -|:------------------:|:---------------:|:-----:|:--------------------:| -| ✔️ | ✔️ | ❌ | ❌ | - +| [SameSite Cookies (Lax)]({{< ref "/docs/defenses/opt-in/same-site-cookies.md" >}}) | [COOP]({{< ref "/docs/defenses/opt-in/coop.md" >}}) | [Framing Protections]({{< ref "/docs/defenses/opt-in/xfo.md" >}}) | [Isolation Policies]({{< ref "/docs/defenses/isolation-policies" >}}) | +| :--------------------------------------------------------------------------------: | :-------------------------------------------------: | :---------------------------------------------------------------: | :-----------------------------------------------------------------------------------------------------------------------------------------------------: | +| ✔️ | ❌ | ❌ | [RIP]({{< ref "/docs/defenses/isolation-policies/resource-isolation" >}}) 🔗 [NIP]({{< ref "/docs/defenses/isolation-policies/navigation-isolation" >}}) | +🔗 – Defense mechanisms must be combined to be effective against different scenarios. {{< hint tip >}} -Developers can deploy [CORP]({{< ref "../../defenses/opt-in/corp.md" >}}) in an application's subresources to force a protection similar to CORB that does not inspect responses to decide when to act. To prevent attackers from abusing this XS-Leak, generic XS-Leaks defense mechanisms are also effective. +Developers can deploy [CORP]({{< ref "/docs/defenses/opt-in/corp.md" >}}) in an application's subresources to force a protection similar to CORB that does not inspect responses to decide when to act. To prevent attackers from abusing this XS-Leak, generic XS-Leaks defense mechanisms are also effective. {{< /hint >}} ## References diff --git a/content/docs/attacks/browser-features/corp.md b/content/docs/attacks/browser-features/corp.md index 830804413..f8cb6f167 100644 --- a/content/docs/attacks/browser-features/corp.md +++ b/content/docs/attacks/browser-features/corp.md @@ -16,7 +16,7 @@ weight = 2 ## Explanation -[Cross-Origin Resource Policy]({{< ref "../../defenses/opt-in/corp.md" >}}) (CORP) is a web platform security feature that allows websites to prevent certain resources from being loaded by other origins. This protection complements [CORB]({{< ref "../../defenses/secure-defaults/corb.md" >}}) since it is an opt-in defense, whereas CORB blocks some cross-origin reads by default. Unfortunately, similar to [CORB]({{< ref "corb.md" >}}), applications can introduce a new XS-Leak if they misconfigure the use of this protection. +[Cross-Origin Resource Policy]({{< ref "/docs/defenses/opt-in/corp.md" >}}) (CORP) is a web platform security feature that allows websites to prevent certain resources from being loaded by other origins. This protection complements [CORB]({{< ref "/docs/defenses/secure-defaults/corb.md" >}}) since it is an opt-in defense, whereas CORB blocks some cross-origin reads by default. Unfortunately, similar to [CORB]({{< ref "corb.md" >}}), applications can introduce a new XS-Leak if they misconfigure the use of this protection. A webpage will introduce an XS-Leak if `CORP` is enforced based on user data. If a page search feature enforces `CORP` when showing results, but doesn't do so when returning no results, an attacker will be able to distinguish the two scenarios. This occurs because a page/resource protected by `CORP` will return an error when fetched cross-origin. @@ -24,6 +24,9 @@ A webpage will introduce an XS-Leak if `CORP` is enforced based on user data. If An application can avoid this XS-Leak if it guarantees `CORP` is deployed in all application resources/endpoints. Moreover, generic security mechanisms that allow the invalidation of cross-site requests will also help prevent this attack. -| [Same-Site Cookies]({{< ref "../../defenses/opt-in/same-site-cookies.md" >}}) | [Fetch Metadata]({{< ref "../../defenses/opt-in/fetch-metadata.md" >}}) | [COOP]({{< ref "../../defenses/opt-in/coop.md" >}}) | [Framing Protections]({{< ref "../../defenses/opt-in/xfo.md" >}}) | -|:------------------:|:---------------:|:-----:|:--------------------:| -| ✔️ | ✔️ | ❌ | ❌ | +| [SameSite Cookies (Lax)]({{< ref "/docs/defenses/opt-in/same-site-cookies.md" >}}) | [COOP]({{< ref "/docs/defenses/opt-in/coop.md" >}}) | [Framing Protections]({{< ref "/docs/defenses/opt-in/xfo.md" >}}) | [Isolation Policies]({{< ref "/docs/defenses/isolation-policies" >}}) | +| :--------------------------------------------------------------------------------: | :-------------------------------------------------: | :---------------------------------------------------------------: | :-----------------------------------------------------------------------------------------------------------------------------------------------------: | +| ✔️ | ❌ | ❌ | [RIP]({{< ref "/docs/defenses/isolation-policies/resource-isolation" >}}) 🔗 [NIP]({{< ref "/docs/defenses/isolation-policies/navigation-isolation" >}}) | + +🔗 – Defense mechanisms must be combined to be effective against different scenarios. + diff --git a/content/docs/attacks/error-events.md b/content/docs/attacks/error-events.md index df5d3d942..0c6e73868 100644 --- a/content/docs/attacks/error-events.md +++ b/content/docs/attacks/error-events.md @@ -48,15 +48,17 @@ probeError('https://google.com/'); ## Defense -The mitigation of this XS-Leak often varies depending on how applications handle certain resources. The general approach is to adopt consistent behaviors whereever possible. In specific scenarios, applications might use [Subresource Protections]({{< ref "../defenses/design-protections/subresource-protections.md" >}}) to prevent attackers from predicting a URL and going forward with an attack. +The mitigation of this XS-Leak often varies depending on how applications handle certain resources. The general approach is to adopt consistent behaviors whereever possible. In specific scenarios, applications might use [Subresource Protections]({{< ref "/docs/defenses/design-protections/subresource-protections.md" >}}) to prevent attackers from predicting a URL and going forward with an attack. Finally, without applying bigger changes in the logic of applications, generic web platform security features can be deployed to mitigate this XS-Leak at a larger scale. -| [Same-Site Cookies]({{< ref "../defenses/opt-in/same-site-cookies.md" >}}) | [Fetch Metadata]({{< ref "../defenses/opt-in/fetch-metadata.md" >}}) | [COOP]({{< ref "../defenses/opt-in/coop.md" >}}) | [Framing Protections]({{< ref "../defenses/opt-in/xfo.md" >}}) | -|:--------------------------:|:---------------:|:-----:|:--------------------:| -| ✔️{{< katex>}}^{🔗}{{< /katex >}} | ✔️ | ❌ | ✔️{{< katex>}}^{🔗}{{< /katex >}} | +| [SameSite Cookies (Lax)]({{< ref "/docs/defenses/opt-in/same-site-cookies.md" >}}) | [COOP]({{< ref "/docs/defenses/opt-in/coop.md" >}}) | [Framing Protections]({{< ref "/docs/defenses/opt-in/xfo.md" >}}) | [Isolation Policies]({{< ref "/docs/defenses/isolation-policies" >}}) | +| :--------------------------------------------------------------------------------: | :-------------------------------------------------: | :---------------------------------------------------------------: | :------------------------------------------------------------------------------------------------------: | +| ✔️ | ❌ | ❌ | [RIP]({{< ref "/docs/defenses/isolation-policies/resource-isolation" >}}) {{< katex>}}^{1}{{< /katex >}} | -🔗 – Defense mechanisms must be combined to be effective against different scenarios. +____ + +1. The resource isolation policy should be enough to prevent error-based cross-site leaks, although in some scenarios without the [Framing Isolation Policy]({{< ref "/docs/defenses/isolation-policies/framing-isolation" >}}), the error events could be leaked through iframes. ## Real World Example diff --git a/content/docs/attacks/experiments/scroll-to-text-fragment.md b/content/docs/attacks/experiments/scroll-to-text-fragment.md index 7ffd4b59e..d6be727bd 100644 --- a/content/docs/attacks/experiments/scroll-to-text-fragment.md +++ b/content/docs/attacks/experiments/scroll-to-text-fragment.md @@ -47,13 +47,6 @@ Attackers can abuse STTF to leak private information about the user that is disp - A user is logged in to their National Health System website, where it is possible to access information about the user's past diseases and health problems. An attacker can lure the user to one of their pages and use STTF to possibly infer the user's health details. For example an attacker would find out if the victim suffers from a disease if they detect a page scroll when searching for that disease name. -## Defense - -| Attack Alternative | [Same-Site Cookies]({{< ref "../../defenses/opt-in/same-site-cookies.md" >}}) | [Fetch Metadata]({{< ref "../../defenses/opt-in/fetch-metadata.md" >}}) | [COOP]({{< ref "../../defenses/opt-in/coop.md" >}}) | [Framing Protections]({{< ref "../../defenses/opt-in/xfo.md" >}}) | -|:-------------------:|:------------------:|:---------------:|:-----:|:--------------------:| -| IntersectionObserver (iframes)| ❌ | ❌ | ❌ | ❌ | -| Lazy Loading | ✔️ | ✔️ | ❌ | ❌ | - ## References [^1]: Privacy concerns with proposal through inducing network requests, [link](https://github.com/WICG/scroll-to-text-fragment/issues/76) diff --git a/content/docs/attacks/frame-counting.md b/content/docs/attacks/frame-counting.md index b24aaf43e..b593f2a3e 100644 --- a/content/docs/attacks/frame-counting.md +++ b/content/docs/attacks/frame-counting.md @@ -68,11 +68,10 @@ Some examples of frame counting attacks are: ## Defense -| Attack Alternative | [Same-Site Cookies]({{< ref "../defenses/opt-in/same-site-cookies.md" >}}) | [Fetch Metadata]({{< ref "../defenses/opt-in/fetch-metadata.md" >}}) | [COOP]({{< ref "../defenses/opt-in/coop.md" >}}) | [Framing Protections]({{< ref "../defenses/opt-in/xfo.md" >}}) | -|:-------------------:|:------------------:|:---------------:|:-----:|:--------------------:| -| iframe | ✔️ | ✔️ | ❌ | ✔️ | -| window.open | ✔️ [(if Strict)]({{< ref "../defenses/opt-in/same-site-cookies.md#lax-vs-strict" >}}) | ✔️ | ✔️ | ❌ | - +| Attack Alternative | [SameSite Cookies (Lax)]({{< ref "/docs/defenses/opt-in/same-site-cookies.md" >}}) | [COOP]({{< ref "/docs/defenses/opt-in/coop.md" >}}) | [Framing Protections]({{< ref "/docs/defenses/opt-in/xfo.md" >}}) | [Isolation Policies]({{< ref "/docs/defenses/isolation-policies" >}}) | +| :----------------: | :--------------------------------------------------------------------------------: | :-------------------------------------------------: | :---------------------------------------------------------------: | :-------------------------------------------------------------------------: | +| iframes | ✔️ | ❌ | ✔️ | [FIP]({{< ref "/docs/defenses/isolation-policies/framing-isolation" >}}) | +| windows | ❌ | ✔️ | ❌ | [NIP]({{< ref "/docs/defenses/isolation-policies/navigation-isolation" >}}) | ## Real World Example diff --git a/content/docs/attacks/id-attribute.md b/content/docs/attacks/id-attribute.md index 1032aead0..d3d731000 100644 --- a/content/docs/attacks/id-attribute.md +++ b/content/docs/attacks/id-attribute.md @@ -52,9 +52,10 @@ Some examples of `id`-attribute-based attacks are: ## Defense -| Attack Alternative | [Same-Site Cookies]({{< ref "../defenses/opt-in/same-site-cookies.md" >}}) | [Fetch Metadata]({{< ref "../defenses/opt-in/fetch-metadata.md" >}}) | [COOP]({{< ref "../defenses/opt-in/coop.md" >}}) | [Framing Protections]({{< ref "../defenses/opt-in/xfo.md" >}}) | -|:-------------------:|:------------------:|:---------------:|:-----:|:--------------------:| -| iframe | ✔️ | ✔️ | ❌ | ✔️ | +| [SameSite Cookies (Lax)]({{< ref "/docs/defenses/opt-in/same-site-cookies.md" >}}) | [COOP]({{< ref "/docs/defenses/opt-in/coop.md" >}}) | [Framing Protections]({{< ref "/docs/defenses/opt-in/xfo.md" >}}) | [Isolation Policies]({{< ref "/docs/defenses/isolation-policies" >}}) | +| :--------------------------------------------------------------------------------: | :-------------------------------------------------: | :---------------------------------------------------------------: | :----------------------------------------------------------------------: | +| ✔️ | ✔️ | ❌ | [FIP]({{< ref "/docs/defenses/isolation-policies/framing-isolation" >}}) | + ## References diff --git a/content/docs/attacks/navigations.md b/content/docs/attacks/navigations.md index 58d3aea7b..40071f256 100644 --- a/content/docs/attacks/navigations.md +++ b/content/docs/attacks/navigations.md @@ -158,15 +158,22 @@ An online bank decides to redirect wealthy users to attractive stock opportuniti ## Defense -| Attack Alternative | [SameSite Cookies]({{< ref "../defenses/opt-in/same-site-cookies.md" >}}) | [Fetch Metadata]({{< ref "../defenses/opt-in/fetch-metadata.md" >}}) | [COOP]({{< ref "../defenses/opt-in/coop.md" >}}) | [Framing Protections]({{< ref "../defenses/opt-in/xfo.md" >}}) | -|:----------------------------------:|:--------------------------:|:---------------:|:-----:|:--------------------:| -| iframe | ✔️ | ✔️ | ❌ | ✔️ | -| `history.length` (iframe) | ✔️ | ✔️ | ❌ | ✔️ | -| `history.length` (window.open) | ✔️ [(if Strict)]({{< ref "../defenses/opt-in/same-site-cookies.md#lax-vs-strict" >}}) | ✔️ | ✔️ | ❌ | -| Download bar | ✔️ | ✔️ | ✔️ | ✔️ | -| Download Navigation (w/ timeout) | ✔️ [(if Strict)]({{< ref "../defenses/opt-in/same-site-cookies.md#lax-vs-strict" >}}) | ✔️ | ❓ | ✔️ | -| Download Navigation (no timeout) | ✔️ | ✔️ | ✔️ | ✔️ | -| CSP Violations | ✔️ | ✔️ | ❌ | ❌ | +| Attack Alternative | [SameSite Cookies (Lax)]({{< ref "/docs/defenses/opt-in/same-site-cookies.md" >}}) | [COOP]({{< ref "/docs/defenses/opt-in/coop.md" >}}) | [Framing Protections]({{< ref "/docs/defenses/opt-in/xfo.md" >}}) | [Isolation Policies]({{< ref "/docs/defenses/isolation-policies" >}}) | +| :-----------------------------: | :--------------------------------------------------------------------------------: | :-------------------------------------------------: | :---------------------------------------------------------------: | :-----------------------------------------------------------------------------------------------------------------------------------------------------: | +| *history.length* (iframes) | ✔️ | ❌ | ✔️ | [FIP]({{< ref "/docs/defenses/isolation-policies/framing-isolation" >}}) | +| *history.length* (windows) | ❌ | ✔️ | ❌ | [NIP]({{< ref "/docs/defenses/isolation-policies/navigation-isolation" >}}) | +| *onload* event inside an iframe | ✔️ | ❌ | ✔️ | [FIP]({{< ref "/docs/defenses/isolation-policies/framing-isolation" >}}) | +| Download bar | ✔️ | ❌ | ❌{{< katex>}}^{1}{{< /katex >}} | [NIP]({{< ref "/docs/defenses/isolation-policies/navigation-isolation" >}}) | +| Download Navigation (iframes) | ✔️ | ❌ | ❌{{< katex>}}^{1}{{< /katex >}} | [FIP]({{< ref "/docs/defenses/isolation-policies/framing-isolation" >}}) | +| Download Navigation (windows) | ❌ | ❌{{< katex>}}^{1}{{< /katex >}} | ❌ | [NIP]({{< ref "/docs/defenses/isolation-policies/navigation-isolation" >}}) | +| Inflation | ✔️ | ❌ | ❌ | [RIP]({{< ref "/docs/defenses/isolation-policies/resource-isolation" >}}) | +| CSP Violations | ✔️ | ❌ | ❌ | [RIP]({{< ref "/docs/defenses/isolation-policies/resource-isolation" >}}) 🔗 [NIP]({{< ref "/docs/defenses/isolation-policies/navigation-isolation" >}}) | + +🔗 – Defense mechanisms must be combined to be effective against different scenarios. + +____ +1. Neither [COOP]({{< ref "/docs/defenses/opt-in/coop.md" >}}) nor [Framing Protections]({{< ref "/docs/defenses/opt-in/xfo.md" >}}) helps with the mitigation of the redirect leaks because when the header `Content-Disposition` is present, other headers are being ignored. +2. SameSite cookies in Lax mode could protect against iframing a website, but won't help with the leaks through window references. ## Real-World Examples diff --git a/content/docs/attacks/timing-attacks/connection-pool.md b/content/docs/attacks/timing-attacks/connection-pool.md index 7d580f44f..7f156ee61 100644 --- a/content/docs/attacks/timing-attacks/connection-pool.md +++ b/content/docs/attacks/timing-attacks/connection-pool.md @@ -24,9 +24,9 @@ To exploit the existence of this limit attackers can: ## Defense -| [Same-Site Cookies]({{< ref "../../defenses/opt-in/same-site-cookies.md" >}}) | [Fetch Metadata]({{< ref "../../defenses/opt-in/fetch-metadata.md" >}}) | [COOP]({{< ref "../../defenses/opt-in/coop.md" >}}) | [Framing Protections]({{< ref "../../defenses/opt-in/xfo.md" >}}) | -|:------------------:|:---------------:|:-----:|:--------------------:| -| ✔️ [(if Strict)]({{< ref "../../defenses/opt-in/same-site-cookies.md#lax-vs-strict" >}}) | ✔️ | ❌ | ❌ | +| [SameSite Cookies (Lax)]({{< ref "/docs/defenses/opt-in/same-site-cookies.md" >}}) | [COOP]({{< ref "/docs/defenses/opt-in/coop.md" >}}) | [Framing Protections]({{< ref "/docs/defenses/opt-in/xfo.md" >}}) | [Isolation Policies]({{< ref "/docs/defenses/isolation-policies" >}}) | +| :--------------------------------------------------------------------------------: | :-------------------------------------------------: | :---------------------------------------------------------------: | :-------------------------------------------------------------------: | +| ❌ | ❌ | ❌ | ❌ | {{< hint info >}} diff --git a/content/docs/attacks/timing-attacks/execution-timing.md b/content/docs/attacks/timing-attacks/execution-timing.md index 9a54e2bd8..e86dfb60c 100644 --- a/content/docs/attacks/timing-attacks/execution-timing.md +++ b/content/docs/attacks/timing-attacks/execution-timing.md @@ -114,13 +114,14 @@ Regular Expression Denial of Service (ReDoS) is a technique which results in a D ## Defense -| Attack Alternative | [Same-Site Cookies]({{< ref "../../defenses/opt-in/same-site-cookies.md" >}}) | [Fetch Metadata]({{< ref "../../defenses/opt-in/fetch-metadata.md" >}}) | [COOP]({{< ref "../../defenses/opt-in/coop.md" >}}) | [Framing Protections]({{< ref "../../defenses/opt-in/xfo.md" >}}) | -|:-------------------:|:------------------:|:---------------:|:-----:|:--------------------:| -| T. Event Loop | ✔️ [(if Strict)]({{< ref "../../defenses/opt-in/same-site-cookies.md#lax-vs-strict" >}}) | ✔️ | ❓ | ❌ | -| Service Workers | ✔️ | ✔️ | ✔️ | ❌ | -| jQuery | ✔️ | ✔️ | ❌ | ❌ | -| ReDoS | ✔️ | ✔️ | ❌ | ❌ | -| Busy Event Loop | ✔️ | ✔️ | ❌ | ❌ | +| Attack Alternative | [SameSite Cookies (Lax)]({{< ref "/docs/defenses/opt-in/same-site-cookies.md" >}}) | [COOP]({{< ref "/docs/defenses/opt-in/coop.md" >}}) | [Framing Protections]({{< ref "/docs/defenses/opt-in/xfo.md" >}}) | [Isolation Policies]({{< ref "/docs/defenses/isolation-policies" >}}) | +| :----------------: | :--------------------------------------------------------------------------------: | :-------------------------------------------------: | :---------------------------------------------------------------: | :-------------------------------------------------------------------------: | +| T. Event Loop | ❌ | ❓ | ❌ | [NIP]({{< ref "/docs/defenses/isolation-policies/navigation-isolation" >}}) | +| Service Workers | ✔️ | ✔️ | ❌ | [NIP]({{< ref "/docs/defenses/isolation-policies/navigation-isolation" >}}) | +| jQuery | ✔️ | ❌ | ❌ | [NIP]({{< ref "/docs/defenses/isolation-policies/navigation-isolation" >}}) | +| ReDoS | ✔️ | ❌ | ❌ | [NIP]({{< ref "/docs/defenses/isolation-policies/navigation-isolation" >}}) | +| Busy Event Loop | ✔️ | ✔️ | ❌ | [NIP]({{< ref "/docs/defenses/isolation-policies/navigation-isolation" >}}) | + ## References diff --git a/content/docs/attacks/timing-attacks/hybrid-timing.md b/content/docs/attacks/timing-attacks/hybrid-timing.md index a0a0d4570..ad8795592 100644 --- a/content/docs/attacks/timing-attacks/hybrid-timing.md +++ b/content/docs/attacks/timing-attacks/hybrid-timing.md @@ -46,6 +46,6 @@ iframe.onload = () => { ## Defense -| Attack Alternative | [Same-Site Cookies]({{< ref "../../defenses/opt-in/same-site-cookies.md" >}}) | [Fetch Metadata]({{< ref "../../defenses/opt-in/fetch-metadata.md" >}}) | [COOP]({{< ref "../../defenses/opt-in/coop.md" >}}) | [Framing Protections]({{< ref "../../defenses/opt-in/xfo.md" >}}) | -|:----------------------:|:------------------:|:---------------:|:-----:|:--------------------:| -| Frame Timing (Hybrid) | ✔️ | ✔️ | ❌ | ✔️ | +| Attack Alternative | [SameSite Cookies (Lax)]({{< ref "/docs/defenses/opt-in/same-site-cookies.md" >}}) | [COOP]({{< ref "/docs/defenses/opt-in/coop.md" >}}) | [Framing Protections]({{< ref "/docs/defenses/opt-in/xfo.md" >}}) | [Isolation Policies]({{< ref "/docs/defenses/isolation-policies" >}}) | +| :-------------------: | :--------------------------------------------------------------------------------: | :-------------------------------------------------: | :---------------------------------------------------------------: | :----------------------------------------------------------------------: | +| Frame Timing (Hybrid) | ✔️ | ❌ | ✔️ | [FIP]({{< ref "/docs/defenses/isolation-policies/framing-isolation" >}}) | diff --git a/content/docs/attacks/timing-attacks/network-timing.md b/content/docs/attacks/timing-attacks/network-timing.md index 9fcab50b3..c12943f1d 100644 --- a/content/docs/attacks/timing-attacks/network-timing.md +++ b/content/docs/attacks/timing-attacks/network-timing.md @@ -148,13 +148,16 @@ This attack is limited to specific versions of HTTP and joint scenarios. It make ## Defense -| Attack Alternative | [Same-Site Cookies]({{< ref "../../defenses/opt-in/same-site-cookies.md" >}}) | [Fetch Metadata]({{< ref "../../defenses/opt-in/fetch-metadata.md" >}}) | [COOP]({{< ref "../../defenses/opt-in/coop.md" >}}) | [Framing Protections]({{< ref "../../defenses/opt-in/xfo.md" >}}) | -|:-------------------:|:------------------:|:---------------:|:-----:|:--------------------:| -| Modern Timing Attacks | ✔️ | ✔️ | ❌ | ❌ | -| Frame Timing (Network) | ✔️ | ✔️ | ❌ | - -| Frame Timing (Sandbox) | ✔️ | ✔️ | ❌ | - -| Cross-window Timing | ✔️ [(if Strict)]({{< ref "../../defenses/opt-in/same-site-cookies.md#lax-vs-strict" >}}) | ✔️ | ❌ | ❌ | -| Timeless Timing | ✔️ | ❓ | ❌ | ❌ | +| Attack Alternative | [SameSite Cookies (Lax)]({{< ref "/docs/defenses/opt-in/same-site-cookies.md" >}}) | [COOP]({{< ref "/docs/defenses/opt-in/coop.md" >}}) | [Framing Protections]({{< ref "/docs/defenses/opt-in/xfo.md" >}}) | [Isolation Policies]({{< ref "/docs/defenses/isolation-policies" >}}) | +| :--------------------: | :--------------------------------------------------------------------------------: | :-------------------------------------------------: | :---------------------------------------------------------------: | :-----------------------------------------------------------------------------------------------------------------------------------------------------: | +| Modern Timing Attacks | ✔️ | ❌ | ❌ | [RIP]({{< ref "/docs/defenses/isolation-policies/resource-isolation" >}}) 🔗 [NIP]({{< ref "/docs/defenses/isolation-policies/navigation-isolation" >}}) | +| Frame Timing (Network) | ✔️ | ❌ | ❌ | [FIP]({{< ref "/docs/defenses/isolation-policies/framing-isolation" >}}) | +| Frame Timing (Sandbox) | ✔️ | ❌ | ❌ | [FIP]({{< ref "/docs/defenses/isolation-policies/framing-isolation" >}}) | +| Cross-window Timing | ❌ | ✔️ | ❌ | [NIP]({{< ref "/docs/defenses/isolation-policies/navigation-isolation" >}}) | +| Timeless Timing | ✔️ | ✔️ | ❌ | ❓ | + +🔗 – Defense mechanisms must be combined to be effective against different scenarios. + ## References diff --git a/content/docs/attacks/xs-search.md b/content/docs/attacks/xs-search.md index 6302b3471..e5497bb80 100644 --- a/content/docs/attacks/xs-search.md +++ b/content/docs/attacks/xs-search.md @@ -46,9 +46,11 @@ If both behaviors above can be distinguished by a more reliable XS-Leak than tim ## Defense -| Attack Alternative | [Same-Site Cookies]({{< ref "../defenses/opt-in/same-site-cookies.md" >}}) | [Fetch Metadata]({{< ref "../defenses/opt-in/fetch-metadata.md" >}}) | [COOP]({{< ref "../defenses/opt-in/coop.md" >}}) | [Framing Protections]({{< ref "../defenses/opt-in/xfo.md" >}}) | -|:----------------------------------:|:--------------------------:|:---------------:|:-----:|:--------------------:| -| XS-Search (Timing) | ✔️ | ✔️ | ❌ | ❌ | +| Attack Alternative | [SameSite Cookies (Lax)]({{< ref "/docs/defenses/opt-in/same-site-cookies.md" >}}) | [COOP]({{< ref "/docs/defenses/opt-in/coop.md" >}}) | [Framing Protections]({{< ref "/docs/defenses/opt-in/xfo.md" >}}) | [Isolation Policies]({{< ref "/docs/defenses/isolation-policies" >}}) | +| :----------------: | :--------------------------------------------------------------------------------: | :-------------------------------------------------: | :---------------------------------------------------------------: | :-----------------------------------------------------------------------------------------------------------------------------------------------------: | +| XS-Search (timing) | ✔️ | ❌ | ❌ | [RIP]({{< ref "/docs/defenses/isolation-policies/resource-isolation" >}}) 🔗 [NIP]({{< ref "/docs/defenses/isolation-policies/navigation-isolation" >}}) | + +🔗 – Defense mechanisms must be combined to be effective against different scenarios. ## References