Dynamic Frequency-Based Fingerprinting Attacks against Modern Sandbox Environments

Published in 2024 IEEE 9th European Symposium on Security and Privacy (EuroS&P), 2024

This paper extends the dynamic frequency side-channel attack (DF-SCA) paradigm to fingerprint executing code within modern sandbox environments. By monitoring CPU frequency fluctuations from an unprivileged context, we demonstrate that an adversary can reliably identify JavaScript workloads running inside V8-based and Cloudflare Workers sandboxes, which are widely used in serverless cloud deployments. Our results expose a fundamental tension between performance-oriented hardware features and the isolation guarantees promised by modern sandboxing frameworks.

Recommended citation: D. R. Dipta, T. Tiemann, B. Gulmezoglu, E. Marin and T. Eisenbarth, "Dynamic Frequency-Based Fingerprinting Attacks against Modern Sandbox Environments," 2024 IEEE 9th European Symposium on Security and Privacy (EuroS&P), pp. 327-344, Vienna, Austria, 2024.
Download Paper

Share on

Bluesky Facebook LinkedIn X (formerly Twitter)

Debopriya Roy Dipta

Share on