Skip to main content
SpringerLink
Log in

Probabilistic timing covert channels: to close or not to close?

  • Special Issue Paper
  • Published:
International Journal of Information Security Aims and scope Submit manuscript

Abstract

We develop a new notion of security against timing attacks where the attacker is able to simultaneously observe the execution time of a program and the probability of the values of low variables. We then propose an algorithm which computes an estimate of the security of a program with respect to this notion in terms of timing leakage and show how to use this estimate for cost optimisation.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. ABE’08: Workshop on Approximate Behavioural Equivalences (2008) http://www.cse.yorku.ca/abe08

  2. Agat, J.: Transforming out timing leaks. In: Proceedings of POPL’00, pp. 40–53. ACM Press, New York (2000)

  3. Aldini, A., Bravetti, M., Di Pierro, A., Gorrieri, R., Hankin, H., Wiklicky, H.: Two formal approaches for approximating noninterference properties. In: Foundations of Security Analysis and Design II—Tutorial Lectures, vol. 2946 of Lecture Notes in Computer Science, pp. 1–46. Springer, Berlin (2002)

  4. Alur R., Dill D.L.: A theory of timed automata. Theor. Comput. Sci. 126(2), 183–235 (1994)

    Article  MathSciNet  MATH  Google Scholar 

  5. Aubin J.-P.: Optima and Equilibria—An Introduction to Nonlinear Analysis, vol. 140 of Graduate Texts in Mathematics. Springer, Berlin (1993)

    Google Scholar 

  6. Boreale, M.: Quantifying information leakage in process calculi. In: Bugliesi, M., Preneel, B., Sassone, V., Wegener, I. (eds.) Proceedings of ICALP’06, vol. 4052 of Lecture Notes in Computer Science, pp. 119–131. Springer, Berlin (2006)

  7. Clarkson, M.R., Myers, A.C., Schneider, F.B.: Belief in information flow. In: Proceedings of 18th Computer Security Foundations Workshop, IEEE, pp. 31–45 (2005)

  8. Clark D., Hunt S., Malacaria P.: Quantitative information flow, relations and polymorphic types. J. Log. Comput. 15(2), 181–199 (2005)

    Article  MathSciNet  MATH  Google Scholar 

  9. Derisavi S., Hermanns H., Sanders W.H.: Optimal state-space lumping in Markov chains. Inf. Process. Lett. 87(6), 309–315 (2003)

    Article  MathSciNet  MATH  Google Scholar 

  10. Desharnais, J., Jagadeesan, R., Gupta, V., Panangaden, P.: Metrics for labeled Markov systems. In: Proceedings of CONCUR’99, vol. 1664 of Lecture Notes in Computer Science, pp. 258–273. Springer, Berlin (1999)

  11. Desharnais, J., Jagadeesan, R., Gupta, V., Panangaden, P.: The metric analogue of weak bisimulation for probabilistic processes. In: Proceedings of LICS’02, IEEE, pp. 413–422 (2002)

  12. Di Pierro, A., Hankin, C., Wiklicky, H.: Approximate non- interference. In: Proceedings of CSFW’02, IEEE Computer Society, pp. 3–17. (2002)

  13. Di Pierro, A., Hankin, C., Wiklicky, H.: Quantitative relations and approximate process equivalences. In: Lugiez, D. (ed.) Proceedings of CONCUR’03, vol. 2761 of Lecture Notes in Computer Science, pp. 508–522. Springer, Berlin (2003)

  14. Di Pierro A., Hankin C., Wiklicky H.: Approximate non- interference. J. Comput. Secur. 12(1), 37–81 (2004)

    Google Scholar 

  15. Di Pierro A., Hankin C., Wiklicky H.: Measuring the confinement of probabilistic systems. Theor. Comp. Sci. 340(1), 3–56 (2005)

    Article  MathSciNet  MATH  Google Scholar 

  16. Di Pierro A., Hankin C., Siveroni I., Wiklicky H.: Tempus fugit: How to plug it. J. Log. Algebr. Program. 72(2), 173–190 (2007)

    Article  MathSciNet  MATH  Google Scholar 

  17. Di Pierro, A., Hankin, C., Wiklicky, H.: Quantifying timing leaks and cost optimisation. In: Chen, L., Ryan, M.D., Wang, G. (eds.) Proceedings of 10th International Conference on Information and Communications Security, vol. 5308 of Lecture Notes in Computer Science, pp. 81–96. Springer, Berlin (2008)

  18. Dovier A., Piazza C., Policriti A.: An efficient algorithm for computing bisimulation equivalence. Theor. Comp. Sci. 311(1–3), 221–256 (2004)

    Article  MathSciNet  MATH  Google Scholar 

  19. Eaton, J.W.: Octave. Technical report, Free Software Foundation, Boston, MA (2005)

  20. Focardi, R., Gorrieri, R.: Classification of security properties (Part I: Information flow). In: Foundations of Security Analysis and Design—Tutorial Lectures, vol. 2171 of Lecture Notes in Computer Science, pp. 331–396. Springer, Berlin (2001)

  21. Goguen, J., Meseguer, J.: Security policies and security models. In: Symposium on Security and Privacy, IEEE, pp. 11–20 (1982)

  22. Hiller F.S., Lieberman G.J.: Introduction to Operations Research, 7th edn. McGraw-Hill, Maidenherd (2001)

    Google Scholar 

  23. Jonsson B., Yi W., Larsen K: Probabilistic Extentions of Process Algebras, pp. 685–710. Elsevier Science, Amsterdam (2001)

    Google Scholar 

  24. Kocher, P.: Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In: Proceedings of CRYPTO ’96, vol. 1109 of Lecture Notes in Computer Science, pp. 104–113. Springer, Berlin (1996)

  25. Köpf B., Dürmuth, M.: A provably secure and efficient countermeasure against timing attack. In: Proceedings of 22nd Computer Security Foundations Symposium, IEEE (2009)

  26. Kwiatkowska, M., Norman, G., Sproston, J., Wang, F.: Symbolic model checking for probabilistic timed automata. In: Lakhnech, Y., Yovine, S. (eds.) Proceedings of FORMATS/FTRTFT’04, vol. 3253 of Lecture Notes in Computer Science, pp. 293–308. Springer, Berlin (2004)

  27. Larsen K., Skou A.: Bisimulation through probabilistic testing. Inf. Comput. 94, 1–28 (1991)

    Article  MathSciNet  MATH  Google Scholar 

  28. Lowe, G.: Quantifying information flow. In: Proceedings of 15th Computer Security Foundations Workshop, IEEE, pp. 18–31 (2002)

  29. Mclean, J.: Security models and information flow. In: Proceedings of IEEE Symposium on Security and Privacy, pp. 180–189. (1990)

  30. Paige R., Tarjan R.: Three partition refinement algorithms. SIAM J. Comput. 16(6), 973–989 (1987)

    Article  MathSciNet  MATH  Google Scholar 

  31. Ryan P., Schneider S.: Process algebra and non-interference. J. Comput. Secur. 9(1/2), 75–103 (2001) Special Issue on CSFW-12

    Google Scholar 

  32. Stirzaker D.: Probability and Random Variables. Cambridge University Press, Cambridge (1999)

    MATH  Google Scholar 

  33. Smith, G.: On the foundations of quantitative information flow. In: De Alfero, L. (ed.) Proceedings of FOSSACS’09, vol. 5504 of Lecture Notes in Computer Science, pp. 288–302. Springer, Berlin (2009)

  34. Smith, G., Volpano, D.: Secure information flow in a multi-threaded imperative language. In: Proceedings of POPL’98, pp. 355–364. ACM Press, New York (1998)

  35. Software Bugtraps: Software that makes software better. Economist 386(8570) (March 2008)

  36. Volpano D., Smith G.: Confinement properties for programming languages. SIGACT News 29(3), 33–42 (1998)

    Article  Google Scholar 

  37. van Breugel, F.: A behavioural pseudometric for metric labelled transition systems. In: Abadi, M., de Alfaro, L. (eds.) Proceedings of CONCUR’05, vol. 3653 of Lecture Notes in Computer Science, pp. 141–155. Springer, Berlin (2005)

Download references

Author information

Authors and Affiliations

  1. University of Verona, Ca’ Vignal 2-Strada le Grazie 15, 37134, Verona, Italy

    Alessandra Di Pierro

  2. Imperial College London, 180 Queen’s Gate, London, SW7 2AZ, UK

    Chris Hankin & Herbert Wiklicky

Authors
  1. Alessandra Di Pierro
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Chris Hankin
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Herbert Wiklicky
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Herbert Wiklicky.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Di Pierro, A., Hankin, C. & Wiklicky, H. Probabilistic timing covert channels: to close or not to close?. Int. J. Inf. Secur. 10, 83–106 (2011). https://doi.org/10.1007/s10207-010-0107-0

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10207-010-0107-0

Keywords

Search

Navigation