Transforming Out Timing Leaks, More or Less
نویسندگان
چکیده
We experimentally evaluate program transformations for removing timing side-channel vulnerabilities wrt. security and overhead. Our study of four well-known transformations confirms that their performance overhead differs substantially. A novelty of our work is the empirical investigation of channel bandwidths, which clarifies that the transformations also differ wrt. how much security they add to a program. Interestingly, we observe such differences even between transformations that have been proven to establish timing-sensitive noninterference. Beyond clarification, our findings provide guidance for choosing a suitable transformation for removing timing side-channel vulnerabilities. Such guidance is needed because there is a trade-off between security and overhead, which makes choosing a suitable transformation non-trivial.
منابع مشابه
Transforming out Timing Leaks in Practice An Experiment in Implementing Programming Language-Based Methods for Con dentiality
When it comes to granting mobile code access to conndential information , great care has to be taken if the code originates from an untrused source and the information is to remain conndential. If the program has access to the Internet during its execution, it has the possibility to leak information in many subtle ways, including through its temporal behaviour. This paper reports on practical e...
متن کاملFilling Out the Gaps: A Padding Algorithm for Transforming Out Timing Leaks
It has been shown that secret information can be leaked to external observers through covert timing channels. In this paper we are concerned with a kind of timing attack that wants to differentiate two processes, presented as probabilistic transition systems, by observing their timing behaviour. Our goal is to make the processes indistinguishable i.e. bisimilar, by adding virtual (dummy) states...
متن کاملEliminating Timing Leaks by Unification
Transforming security type systems [Aga00] go beyond checking whether a given program has secure information flow. Rather than simply rejecting a program with insecure information flow, they construct a program that has secure information flow and whose behavior is similar enough to that of the original program such that it can act as a replacement. In this extended abstract, we sketch ongoing ...
متن کاملUnintentional and Hidden Information Leaks in Networked Software Applications
Side channels are vulnerabilities that can be attacked by observing the behaviour of applications and by inferring sensitive information just from this behaviour. Because side channel vulnerabilities appear in such a large spectrum of contexts, there does not seem to be a generic way to prevent all side channel attacks once and for all. A practical approach is to research for new side channels ...
متن کاملSellar reconstruction algorithm in endoscopic transsphenoidal pituitary surgery: experience with 240 cases
Background: Proposing a strategy for sellar reconstruction in endoscopic transsphenoidal transsellar approach for pituitary adenoma. Methods: 240 patients with pituitary adenoma underwent pure endoscopic endonasal transsphenoidal surgery. Intra-operative CSF leaks were classified as grade 0, no observable leak grade 1, CSF dripping through an arachnoid membrane defect of less than 1 ...
متن کامل