[cairo] Potential Side-channel in Cairo Graphics Library

Daimeng Wang dwang030 at ucr.edu
Tue Feb 19 03:49:18 UTC 2019


Dear Cairo Development Team,

We're a group of researchers from University of California Riverside. We
recently discovered that some functions in Cairo graphics
library take variable amount of time depending on the input character. As a
result, an unprivileged attacker could potentially utilize flush+reload
cache side-channel attack to measure the execution time of said functions
to infer users' text input. We verified this using the Onboard app that
comes with Ubuntu 16.04.

For detailed information please refer to our paper in the link below. We
would be very happy to work with you to address this issue. Please let us
know what you think.

https://www.cs.ucr.edu/~zhiyunq/pub/ndss19_cache_keystrokes.pdf

Sincerely,
Daimeng Wang

-- 
Daimeng Wang
Department of Computer Science & Engineering
University of California, Riverside
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.cairographics.org/archives/cairo/attachments/20190218/f03596ae/attachment.html>


More information about the cairo mailing list