Results 1  10
of
11
Predictive blackbox mitigation of timing channels
 In ACM Conference on Computer and Communications Security
, 2010
"... We investigate techniques for general blackbox mitigation of timing channels. The source of events is wrapped by a timing mitigator that delays output events so that they contain only a bounded amount of information. We introduce a general class of timing mitigators that can achieve any given bound ..."
Abstract

Cited by 43 (4 self)
 Add to MetaCart
(Show Context)
We investigate techniques for general blackbox mitigation of timing channels. The source of events is wrapped by a timing mitigator that delays output events so that they contain only a bounded amount of information. We introduce a general class of timing mitigators that can achieve any given bound on timing channel leakage, with a tradeoff in system performance. We show these mitigators compose well with other mechanisms for information flow control, and demonstrate they are effective against some known timing attacks.
Vulnerability bounds and leakage resilience of blinded cryptography under timing attacks
 in 2010 IEEE Computer Security Foundations
, 2010
"... Abstract—We establish formal bounds for the number of minentropy bits that can be extracted in a timing attack against a cryptosystem that is protected by blinding, the stateofthe art countermeasure against timing attacks. Compared with existing bounds, our bounds are both tighter and of greater ..."
Abstract

Cited by 27 (7 self)
 Add to MetaCart
(Show Context)
Abstract—We establish formal bounds for the number of minentropy bits that can be extracted in a timing attack against a cryptosystem that is protected by blinding, the stateofthe art countermeasure against timing attacks. Compared with existing bounds, our bounds are both tighter and of greater operational significance, in that they directly address the key’s oneguess vulnerability. Moreover, we show that any semantically secure publickey cryptosystem remains semantically secure in the presence of timing attacks, if the implementation is protected by blinding and bucketing. This result shows that, by considering (and justifying) more optimistic models of leakage than recent proposals for leakageresilient cryptosystems, one can achieve provable resistance against sidechannel attacks for standard cryptographic primitives. I.
A Provably Secure And Efficient Countermeasure Against Timing Attacks
"... We show that the amount of information about the key that an unknownmessage attacker can extract from a deterministic sidechannel is bounded from above by Olog 2 (n + 1) bits, where n is the number of sidechannel measurements and O is the set of possible observations. We use this bound to deriv ..."
Abstract

Cited by 20 (4 self)
 Add to MetaCart
(Show Context)
We show that the amount of information about the key that an unknownmessage attacker can extract from a deterministic sidechannel is bounded from above by Olog 2 (n + 1) bits, where n is the number of sidechannel measurements and O is the set of possible observations. We use this bound to derive a novel countermeasure against timing attacks, where the strength of the security guarantee can be freely traded for the resulting performance penalty. We give algorithms that efficiently and optimally adjust this tradeoff for given constraints on the sidechannel leakage or on the efficiency of the cryptosystem. Finally, we perform a casestudy that shows that applying our countermeasure leads to implementations with minor performance overhead and formal security guarantees. 1.
A General Framework for Nondeterministic, Probabilistic, and Stochastic Noninterference
 in Proc. of the Joint Workshop on Automated Reasoning for Security Protocol Analysis and Issues in the Theory of Security (ARSPAWITS’09), Springer, LNCS 5511:18–33
, 2009
"... Abstract. We introduce a notion of stochastic noninterference aimed at extending the classical approach to information flow analysis with finegrain information describing the temporal behavior of systems. In particular, we refer to a process algebraic setting that joins durational activities expr ..."
Abstract

Cited by 3 (1 self)
 Add to MetaCart
(Show Context)
Abstract. We introduce a notion of stochastic noninterference aimed at extending the classical approach to information flow analysis with finegrain information describing the temporal behavior of systems. In particular, we refer to a process algebraic setting that joins durational activities expressing time passing through exponentially distributed random variables, zero duration activities allowing for prioritized/probabilistic choices, and untimed activities with unspecified duration. In this setting unifying time, priority, probability, and nondeterminism, we highlight the expressive power of stochastic noninterference with respect to the existing definitions of nondeterministic and probabilistic noninterference. From this comparison, we obtain that stochastic noninterference turns out to be very strict and limiting in realworld applications and, therefore, requires the use of relaxation techniques. Among them we advocate performance evaluation as a means for achieving a reasonable balance between security requirements and quality.
Characterizing the Efficacy of the NRL Network Pump in Mitigating Covert Timing Channels
"... Pump, or Pump, is a standard for mitigating covert channels that arise in a multilevel secure (MLS) system when a high user (HU) sends acknowledgements to a low user (LU). The issue here is that HU can encode information in the “timings ” of the acknowledgements. The Pump aims at mitigating the cov ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
(Show Context)
Pump, or Pump, is a standard for mitigating covert channels that arise in a multilevel secure (MLS) system when a high user (HU) sends acknowledgements to a low user (LU). The issue here is that HU can encode information in the “timings ” of the acknowledgements. The Pump aims at mitigating the covert timing channel by introducing buffering between HU and LU, as well as adding noise to the acknowledgment timings. We model the working of the Pump in certain situations, as a communication system with feedback and use then this perspective to derive an upper bound on the capacity of the covert channel between HU and LU in the Pump. This upper bound is presented in terms of a directed information flow over the dynamics of the system. We also present an achievable scheme that can transmit information over this channel. When the support of the noise added by Pump to acknowledgment timings is finite, the achievable rate is nonzero, i.e., infinite number of bits can be reliably communicated. If the support of the noise is infinite, the achievable rate is zero and hence a finite number of bits can be communicated. Index Terms—Informationtheoretic bounds, network security, NRL network pump, queueing theory, timing channels. I.
Time and Probability based Information Flow Analysis
"... Abstract—In multilevel systems it is important to avoid unwanted indirect information flow from higher levels to lower levels, namely the so called covert channels. Initial studies of information flow analysis were performed by abstracting away from time and probability. It is already known that sys ..."
Abstract
 Add to MetaCart
Abstract—In multilevel systems it is important to avoid unwanted indirect information flow from higher levels to lower levels, namely the so called covert channels. Initial studies of information flow analysis were performed by abstracting away from time and probability. It is already known that systems that are proved to be secure in a possibilistic framework may turn out to be insecure when time or probability are considered. Recently, work has been done in order to consider also aspects either of time or of probability, but not both. In this paper we propose a general framework, based on Probabilistic Timed Automata, where both probabilistic and timing covert channels can be studied. We define a NonInterference security property and a Non Deducibility on Composition security property, which allow expressing information flow in a timed and probabilistic setting. We then compare these properties with analogous ones defined in contexts where either time or probability or neither of them are taken into account. This permits a classification of the properties depending on their discerning power. As an application, we study a system with covert channels that we are able to discover by applying our techniques.
Specification and Verification of Side Channel
"... Abstract. Side channel attacks have emerged as a serious threat to the security of both networked and embedded systems – in particular through the implementations of cryptographic operations. Side channels can be difficult to model formally, but with careful coding and program transformation techniq ..."
Abstract
 Add to MetaCart
Abstract. Side channel attacks have emerged as a serious threat to the security of both networked and embedded systems – in particular through the implementations of cryptographic operations. Side channels can be difficult to model formally, but with careful coding and program transformation techniques it may be possible to verify security in the presence of specific sidechannel attacks. But what if a program intentionally makes a tradeoff between security and efficiency and leaks some information through a side channel? In this paper we study such tradeoffs using ideas from recent research on declassification. We present a semantic model of security for programs which allow for declassification through side channels, and show how sidechannel declassification can be verified using offtheshelf software model checking tools. Finally, to make it simpler for verifiers to check that a program conforms to a particular sidechannel declassification policy we introduce a further tradeoff between efficiency and verifiability: by writing programs in a particular “manifest form ” security becomes considerably easier to verify. 1
unknown title
, 2012
"... Abstract. Informationtheoretic measures based upon mutual information can be employed to quantify the information that an execution of a program reveals about its secret inputs. The information leakage bounding problem asks whether the information leaked by a program does not exceed a certain amoun ..."
Abstract
 Add to MetaCart
(Show Context)
Abstract. Informationtheoretic measures based upon mutual information can be employed to quantify the information that an execution of a program reveals about its secret inputs. The information leakage bounding problem asks whether the information leaked by a program does not exceed a certain amount. We consider this problem for two scenarios: a) the outputs of the program are revealed, and b) the timing (measured in the number of execution steps) of the program is revealed. For both scenarios, we establish complexity results in the context of deterministic boolean programs, both for programs with and without recursion. In particular, we prove that for recursive programs the information leakage bounding problem is no harder than checking reachability. 1
Program Analysis Probably Counts
"... Semanticsbased program analysis uses an abstract semantics of programs/systems to statically determine runtime properties. Classic examples from compiler technology include analyses to support constant propagation and constant folding transformations and estimation of pointer values to prevent bu ..."
Abstract
 Add to MetaCart
(Show Context)
Semanticsbased program analysis uses an abstract semantics of programs/systems to statically determine runtime properties. Classic examples from compiler technology include analyses to support constant propagation and constant folding transformations and estimation of pointer values to prevent buffer overruns. More recent examples include the estimation of information flows (to enforce security constraints) and estimation of nonfunctional properties such as timing (to determine worst case execution times in hard realtime applications). The classical approaches are based on semantics involving discrete mathematics. Paralleling trends in modelchecking, there have been recent moves towards using probabilistic and quantitative methods in program analysis. In this paper we will start by reviewing both classical and probabilistic/quantitative approaches to program analysis. We will provide a comparison of the two approaches. We will use a simple information flow analysis to exemplify the classical approach. The existence of covert information flows through timing channels are difficult to detect using classical techniques; we show how such problems can be addressed using probabilistic techniques.
Probabilistic Timing . . .
"... We develop a new notion of security against timing attacks where the attacker is able to simultaneously observe the execution time of a program and the probability of the values of low variables. We then propose an algorithm which computes an estimate of the security of a program with respect to t ..."
Abstract
 Add to MetaCart
We develop a new notion of security against timing attacks where the attacker is able to simultaneously observe the execution time of a program and the probability of the values of low variables. We then propose an algorithm which computes an estimate of the security of a program with respect to this notion in terms of timing leakage, and show how to use this estimate for cost optimisation.