More Web Proxy on the site http://driver.im/

research-article

Predictive black-box mitigation of timing channels

Authors:

Andrew C. MyersAuthors Info & Claims

CCS '10: Proceedings of the 17th ACM conference on Computer and communications security

Pages 297 - 307

https://doi.org/10.1145/1866307.1866341

Published: 04 October 2010 Publication History

Abstract

We investigate techniques for general black-box mitigation of timing channels. The source of events is wrapped by a timing mitigator that delays output events so that they contain only a bounded amount of information. We introduce a general class of timing mitigators that can achieve any given bound on timing channel leakage, with a tradeoff in system performance. We show these mitigators compose well with other mechanisms for information flow control, and demonstrate they are effective against some known timing attacks.

References

[1]

}}J. Agat. Transforming out timing leaks. In Proc. 27th ACM Symp. on Principles of Programming Languages (POPL), pages 40--53, Boston, MA, Jan. 2000.

Digital Library

[2]

}}A. Bortz and D. Boneh. Exposing private information by timing web applications. In Proc. 16th Int 'l World-Wide Web Conf., May 2007.

Digital Library

[3]

}}R. Browne. Mode security: An infrastructure for covert channel suppression. In IEEE Symposium on Research in Security and Privacy, pages 39--55, May 1994.

Digital Library

[4]

}}D. Brumley and D. Boneh. Remote timing attacks are practical. Computer Networks, Jan. 2005.

Digital Library

[5]

}}D. Chaum. Blind signatures for untraceable payments. In CRYPTO, pages 199--203, 1982.

[6]

}}M. R. Clarkson, A. C. Myers, and F. B. Schneider. Quantifying information flow with beliefs. Journal of Computer Security, 17(5):655--701, 2009.

Digital Library

[7]

}}B. Coppens, I. Verbauwhede, K. D. Bosschere, and B. D. Sutter. Practical mitigations for timing-based side-channel attacks on modern x86 processors. IEEE Symposium on Security and Privacy, pages 45--60, 2009.

Digital Library

[8]

}}D. Coppersmith. Small solutions to polynomial equations, and low exponent RSA vulnerabilities. Journal of Cryptology, 10(4), Dec. 1997.

Digital Library

[9]

}}R. G. Gallagher. Basic limits on protocol information in data communication networks. IEEE Transactions on Information Theory, 22(4), July 1976.

[10]

}}S. Gianvecchio and H. Wang. Detecting covert timing channels: an entropy-based approach. In CCS '07, Oct. 2007.

Digital Library

[11]

}}J. Giles and B. Hajek. An information-theoretic and game-theoretic study of timing channels. IEEE Transactions on Information Theory, 48(9):2455--2477, 2002.

Digital Library

[12]

}}J. A. Goguen and J. Meseguer. Security policies and security models. In Proc. IEEE Symposium on Security and Privacy, pages 11--20, Apr. 1982.

[13]

}}D. M. Goldschlag. Several secure store and forward devices. In CCS '96, pages 129--137, Mar. 1996.

Digital Library

[14]

}}W.-M. Hu. Reducing timing channels with fuzzy time. In IEEE Symposium on Security and Privacy, pages 8 -- 20, 1991.

[15]

}}M. H. Kang and I. S. Moskowitz. A pump for rapid, reliable, secure communication. In CCS '93, pages 119--129, Nov. 1993.

Digital Library

[16]

}}M. H. Kang, I. S. Moskowitz, and S. Chincheck. The pump: A decade of covert fun. In ACSAC '05, pages 352--360, 2005.

Digital Library

[17]

}}P. Kocher. Timing attacks on implementations of Diffie--Hellman, RSA, DSS, and other systems. In Advances in Cryptology--CRYPTO '96, Aug. 1996.

Digital Library

[18]

}}B. K öpf and M. D ürmuth. A provably secure and efficient countermeasure against timing attacks. In 2009 IEEE Computer Security Foundations, July 2009.

[19]

}}B. K öpf and G. Smith. Vulnerability bounds and leakage resilience of blinded cryptography under timing attacks. In 2010 IEEE Computer Security Foundations, July 2010.

[20]

}}B. W. Lampson. A note on the confinement problem. Comm. of the ACM, 16(10):613--615, Oct. 1973.

Digital Library

[21]

}}Y. Liu, D. Ghosal, F. Armknecht, A. Sadeghi, and S. Schulz. Hide and seek in time--robust covert timing channels. In ESORICS, 2009.

Digital Library

[22]

}}Y. Liu, D. Ghosal, F. Armknecht, A. Sadeghi, S. Schulz, and S. Katzenbeisser. Robust and undetectable steganographic timing channels for i.i.d. traffic. In Information Hiding 2010, June 2010.

Digital Library

[23]

}}G. Lowe. Quantifying information flow. Proc. IEEE Computer Security Foundations Workshop, June 2002.

Digital Library

[24]

}}J. K. Millen. Covert channel capacity. In Proc. IEEE Symposium on Security and Privacy, Oakland, CA, 1987.

[25]

}}M. A. Olson, K. Bostic, and M. Seltzer. Berkeley DB. In Proc. USENIX Annual Technical Conference, 1999.

Digital Library

[26]

}}D. Osvik, A. Shamir, and E. Tromer. Cache attacks and countermeasures: the case of AES. Topics in Cryptology--CT-RSA 2006, Jan. 2006.

Digital Library

[27]

}}M. Padlipsky, D. Snow, and P. Karger. Limitations of end-to-end encryption in secure computer networks. Technical Report ESD TR-78--158, Mitre Corp., 1978.

[28]

}}A. D. Pierro, C. Hankin, and H. Wiklicky. Quantifying timing leaks and cost optimisation. Information and Communications Security, 2010.

Digital Library

[29]

}}A. Russo, J. Hughes, D. Naumann, and A. Sabelfeld. Closing internal timing channels by transformation. In Proc. 11th Annual Asian Computing Science Conference (ASIAN), 2006.

Digital Library

[30]

}}G. Shah, A. Molina, and M. Blaze. Keyboards and covert channels. Proc. 15th USENIX Security Symp., Aug. 2006.

Digital Library

[31]

}}P. Shroff and S. F. Smith. Securing timing channels at runtime. Technical report, The John Hopkins University, July 2008.

[32]

}}J. C. Wray. An analysis of covert timing channels. In IEEE Symposium on Security and Privacy, pages 2--7, 1991.

[33]

}}S. Zdancewic and A. C. Myers. Observational determinism for concurrent program security. In Proc. 16th IEEE Computer Security Foundations Workshop, pages 29--43, Pacific Grove, California, June 2003.

Cited By

Wei SHarris AZhu YRamrakhyani PLin CTiwari M(2024)Tail Victims in Termination Timing Channel Defenses Beyond Cryptographic Kernels2024 International Symposium on Secure and Private Execution Environment Design (SEED)10.1109/SEED61283.2024.00012(11-22)Online publication date: 16-May-2024
https://doi.org/10.1109/SEED61283.2024.00012
Nelson BPagnin EAskarov A(2024)Metadata Privacy Beyond Tunneling for Instant Messaging2024 IEEE 9th European Symposium on Security and Privacy (EuroS&P)10.1109/EuroSP60621.2024.00044(697-723)Online publication date: 8-Jul-2024
https://doi.org/10.1109/EuroSP60621.2024.00044
Avoine GFerreira L(2024)Decrypting Without Keys: The Case of the GlobalPlatform SCP02 ProtocolJournal of Cryptology10.1007/s00145-024-09528-z38:1Online publication date: 5-Dec-2024
https://doi.org/10.1007/s00145-024-09528-z
Show More Cited By

Index Terms

Predictive black-box mitigation of timing channels
1. Security and privacy
  1. Network security

Recommendations

Language-based control and mitigation of timing channels
PLDI '12: Proceedings of the 33rd ACM SIGPLAN Conference on Programming Language Design and Implementation

We propose a new language-based approach to mitigating timing channels. In this language, well-typed programs provably leak only a bounded amount of information over time through external timing channels. By incorporating mechanisms for predictive ...
Predictive mitigation of timing channels in interactive systems
CCS '11: Proceedings of the 18th ACM conference on Computer and communications security

Timing channels remain a difficult and important problem for information security. Recent work introduced predictive mitigation, a new way to mitigating leakage through timing channels; this mechanism works by predicting timing from past behavior, and ...
Language-based control and mitigation of timing channels
PLDI '12

We propose a new language-based approach to mitigating timing channels. In this language, well-typed programs provably leak only a bounded amount of information over time through external timing channels. By incorporating mechanisms for predictive ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

CCS '10: Proceedings of the 17th ACM conference on Computer and communications security

October 2010

782 pages

ISBN:9781450302456

DOI:10.1145/1866307

General Chair:
Ehab Al-Shaer
University of North Carolina, Charlotte, USA
,
Program Chairs:
Angelos D. Keromytis
Columbia University, USA
,
Vitaly Shmatikov
University of Texas at Austin, USA

Copyright © 2010 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 04 October 2010

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

CCS '10

Sponsor:

SIGSAC

CCS '10: 17th ACM Conference on Computer and Communications Security 2010

October 4 - 8, 2010

Illinois, Chicago, USA

Acceptance Rates

CCS '10 Paper Acceptance Rate 55 of 325 submissions, 17%;

Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

118
Total Citations
View Citations
764
Total Downloads

Downloads (Last 12 months)8
Downloads (Last 6 weeks)1

Reflects downloads up to 03 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Wei SHarris AZhu YRamrakhyani PLin CTiwari M(2024)Tail Victims in Termination Timing Channel Defenses Beyond Cryptographic Kernels2024 International Symposium on Secure and Private Execution Environment Design (SEED)10.1109/SEED61283.2024.00012(11-22)Online publication date: 16-May-2024
https://doi.org/10.1109/SEED61283.2024.00012
Nelson BPagnin EAskarov A(2024)Metadata Privacy Beyond Tunneling for Instant Messaging2024 IEEE 9th European Symposium on Security and Privacy (EuroS&P)10.1109/EuroSP60621.2024.00044(697-723)Online publication date: 8-Jul-2024
https://doi.org/10.1109/EuroSP60621.2024.00044
Avoine GFerreira L(2024)Decrypting Without Keys: The Case of the GlobalPlatform SCP02 ProtocolJournal of Cryptology10.1007/s00145-024-09528-z38:1Online publication date: 5-Dec-2024
https://doi.org/10.1007/s00145-024-09528-z
Althebeiti HGedawy RAlghuried ANyang DMohaisen D(2024)Defending AirType Against Inference Attacks Using 3D In-Air Keyboard Layouts: Design and EvaluationInformation Security Applications10.1007/978-981-99-8024-6_13(159-174)Online publication date: 11-Jan-2024
https://doi.org/10.1007/978-981-99-8024-6_13
Zhao ZMorrison AFletcher CTorrellas JAamodt TJerger NSwift M(2023)Untangle: A Principled Framework to Design Low-Leakage, High-Performance Dynamic Partitioning SchemesProceedings of the 28th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, Volume 310.1145/3582016.3582033(771-788)Online publication date: 25-Mar-2023
https://dl.acm.org/doi/10.1145/3582016.3582033
Blaabjerg JAskarov A(2023)OblivIO: Securing Reactive Programs by Oblivious Execution with Bounded Traffic Overheads2023 IEEE 36th Computer Security Foundations Symposium (CSF)10.1109/CSF57540.2023.00014(292-307)Online publication date: Jul-2023
https://doi.org/10.1109/CSF57540.2023.00014
Jin JMcMurtry ERubinstein BOhrimenko O(2022)Are We There Yet? Timing and Floating-Point Attacks on Differential Privacy Systems2022 IEEE Symposium on Security and Privacy (SP)10.1109/SP46214.2022.9833672(473-488)Online publication date: May-2022
https://doi.org/10.1109/SP46214.2022.9833672
Mogensen T(2022)HermesScience of Computer Programming10.1016/j.scico.2021.102746215:COnline publication date: 1-Mar-2022
https://dl.acm.org/doi/10.1016/j.scico.2021.102746
Liu STrivedi AYin XZamani M(2022)Secure-by-construction synthesis of cyber-physical systemsAnnual Reviews in Control10.1016/j.arcontrol.2022.03.00453(30-50)Online publication date: 2022
https://doi.org/10.1016/j.arcontrol.2022.03.004
Mushtaq MYousaf MBhatti MLapotre VGogniat G(2022)The Kingsguard OS-level mitigation against cache side-channel attacks using runtime detectionAnnals of Telecommunications10.1007/s12243-021-00906-377:11-12(731-747)Online publication date: 27-Jan-2022
https://doi.org/10.1007/s12243-021-00906-3
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents