Proceedings of the 29th ACM SIGSOFT International Symposium on Software Testing and Analysis 2020
DOI: 10.1145/3395363.3397365
|View full text |Cite
|
Sign up to set email alerts
|

Feedback-driven side-channel analysis for networked applications

Abstract: Information leakage in software systems is a problem of growing importance. Networked applications can leak sensitive information even when they use encryption. For example, some characteristics of network packets, such as their size, timing and direction, are visible even for encrypted traffic. Patterns in these characteristics can be leveraged as side channels to extract information about secret values accessed by the application. In this paper, we present a new tool called AutoFeed for detecting and quantif… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1

Citation Types

0
3
0

Year Published

2021
2021
2024
2024

Publication Types

Select...
3
1
1

Relationship

0
5

Authors

Journals

citations
Cited by 7 publications
(3 citation statements)
references
References 33 publications
0
3
0
Order By: Relevance
“…Dynamic Analysis for Side Channels. Dynamic analysis has been used for analyzing side channels [16,27,34]. Tizpaz-Niari et al [34] developed a data-driven approach to debug timing side channels.…”
Section: Related Workmentioning
confidence: 99%
See 1 more Smart Citation
“…Dynamic Analysis for Side Channels. Dynamic analysis has been used for analyzing side channels [16,27,34]. Tizpaz-Niari et al [34] developed a data-driven approach to debug timing side channels.…”
Section: Related Workmentioning
confidence: 99%
“…There are known practical side-channel attacks against the RSA algorithm [7], an online health system [10], the Google's Keyczar Library [24], and the Xbox 360 [37]. In the Xbox 360, timing side channels allowed attackers to reduce the maximum number of trials to compromise a 16 byte secret from 256 16 to 256 * 16 due to vulnerable implementations in byte array comparisons. Another example is Spectre [20] that challenged the confidentiality of computer devices via side channels.…”
Section: Introductionmentioning
confidence: 99%
“…Observe that computing p σ is equivalent to the problem of model counting, which seeks to compute the number of solutions of a given formula. Therefore, the exact techniques require O(2 m ) model-counting queries [13,27,39]; therefore, such techniques often do not scale for large values of m. Accordingly, the state of the art often relies on sampling-based techniques that perform well in practice but can only provide lower or upper bounds on the entropy [37,49]. As is often the case, techniques that only guarantee lower or upper bounds can output estimates that can be arbitrarily far from the ground truth.…”
Section: Introductionmentioning
confidence: 99%