MalloryWorker: Stealthy Computation and Covert Channels Using Web Workers

Conference paper

DOI: 10.1007/978-3-319-46598-2_14

Part of the Lecture Notes in Computer Science book series (LNCS, volume 9871)
Cite this paper as:
Rushanan M., Russell D., Rubin A.D. (2016) MalloryWorker: Stealthy Computation and Covert Channels Using Web Workers. In: Barthe G., Markatos E., Samarati P. (eds) Security and Trust Management. STM 2016. Lecture Notes in Computer Science, vol 9871. Springer, Cham


JavaScript execution and UI rendering are typically single-threaded; thus, the execution of some scripts can block the display of requested content to the browser screen. Web Workers is an API that enables web applications to spawn background workers in parallel to the main page. Despite the usefulness of concurrency, users are unaware of worker execution, intent, and impact on system resources. We show that workers can be used to abuse system resources by implementing a unique denial-of-service attack and resource depletion attack. We also show that workers can be used to perform stealthy computation and create covert channels. We discuss potential mitigations and implement a preliminary solution to increase user awareness of worker execution.


Web security Stealthy computation Covert channel 

Copyright information

© Springer International Publishing AG 2016

Authors and Affiliations

  • Michael Rushanan
    • 1
  • David Russell
    • 1
  • Aviel D. Rubin
    • 1
  1. 1.Department of Computer ScienceJohns Hopkins UniversityBaltimoreUSA

Personalised recommendations