SwePub
Sök i LIBRIS databas

  Extended search

id:"swepub:oai:research.chalmers.se:48c56691-e9d8-47bb-9511-55df67483737"
 

Search: id:"swepub:oai:research.chalmers.se:48c56691-e9d8-47bb-9511-55df67483737" > Clockwork: Tracking...

  • 1 of 1
  • Previous record
  • Next record
  •    To hitlist
  • Bastys, Iulia,1986Chalmers tekniska högskola,Chalmers University of Technology (author)

Clockwork: Tracking Remote Timing Attacks

  • Article/chapterEnglish2020

Publisher, publication year, extent ...

  • IEEE,2020

Numbers

  • LIBRIS-ID:oai:research.chalmers.se:48c56691-e9d8-47bb-9511-55df67483737
  • https://doi.org/10.1109/CSF49147.2020.00032DOI
  • https://research.chalmers.se/publication/519151URI
  • https://research.chalmers.se/publication/519393URI
  • https://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-273162URI

Supplementary language notes

  • Language:English
  • Summary in:English

Part of subdatabase

Classification

  • Subject category:kon swepub-publicationtype
  • Subject category:ref swepub-contenttype

Notes

  • QC 20210323
  • Timing leaks have been a major concern for the security community. A common approach is to prevent secrets from affecting the execution time, thus achieving security with respect to a strong, local attacker who can measure the timing of program runs. However, this approach becomes restrictive as soon as programs branch on a secret. This paper focuses on timing leaks under remote execution. A key difference is that the remote attacker does not have a reference point of when a program run has started or finished, which significantly restricts attacker capabilities. We propose an extensional security characterization that captures the essence of remote timing attacks. We identify patterns of combining clock access, secret branching, and output in a way that leads to timing leaks. Based on these patterns, we design Clockwork, a monitor that rules out remote timing leaks. We implement the approach for JavaScript, leveraging JSFlow, a state-of-the-art information flow tracker. We demonstrate the feasibility of the approach on case studies with IFTTT, a popular IoT app platform, and VJSC, an advanced JavaScript library for e-voting.

Subject headings and genre

Added entries (persons, corporate bodies, meetings, titles ...)

  • Balliu, Musard,1985KTH,Teoretisk datalogi, TCS,Kungliga Tekniska Högskolan (KTH),Royal Institute of Technology (KTH)(Swepub:kth)u1j8w3cj (author)
  • Rezk, Tamara,1978Institut National de Recherche en Informatique et en Automatique (INRIA),INRIA Sophia-Antipolis(Swepub:cth)tamara (author)
  • Sabelfeld, Andrei,1974Chalmers tekniska högskola,Chalmers University of Technology(Swepub:cth)andrei (author)
  • Chalmers tekniska högskolaChalmers University of Technology (creator_code:org_t)

Related titles

  • In:Proceedings - IEEE Computer Security Foundations Symposium: IEEE2020-June, s. 350-3651940-1434
  • In:Proceedings IEEE Computer Security Foundations Symposium, CSF 2020: IEEE2020-June, s. 350-365

Internet link

Find in a library

To the university's database

  • 1 of 1
  • Previous record
  • Next record
  •    To hitlist

Find more in SwePub

By the author/editor
Bastys, Iulia, 1 ...
Balliu, Musard, ...
Rezk, Tamara, 19 ...
Sabelfeld, Andre ...
About the subject
NATURAL SCIENCES
NATURAL SCIENCES
and Computer and Inf ...
and Computer Enginee ...
NATURAL SCIENCES
NATURAL SCIENCES
and Computer and Inf ...
and Computer Science ...
ENGINEERING AND TECHNOLOGY
ENGINEERING AND ...
and Electrical Engin ...
and Computer Systems
Articles in the publication
Proceedings - IE ...
Proceedings IEEE ...
By the university
Chalmers University of Technology
Royal Institute of Technology

Search outside SwePub

Wikipedia about the author:
Iulia_Bastys
Bastys, Iulia,1986
en

Kungliga biblioteket hanterar dina personuppgifter i enlighet med EU:s dataskyddsförordning (2018), GDPR. Läs mer om hur det funkar här.
Så här hanterar KB dina uppgifter vid användning av denna tjänst.

 
pil uppåt Close

Copy and save the link in order to return to this view