Abstract
We develop a new notion of security against timing attacks where the attacker is able to simultaneously observe the execution time of a program and the probability of the values of low variables. We then propose an algorithm which computes an estimate of the security of a program with respect to this notion in terms of timing leakage and show how to use this estimate for cost optimisation.
Similar content being viewed by others
References
ABE’08: Workshop on Approximate Behavioural Equivalences (2008) http://www.cse.yorku.ca/abe08
Agat, J.: Transforming out timing leaks. In: Proceedings of POPL’00, pp. 40–53. ACM Press, New York (2000)
Aldini, A., Bravetti, M., Di Pierro, A., Gorrieri, R., Hankin, H., Wiklicky, H.: Two formal approaches for approximating noninterference properties. In: Foundations of Security Analysis and Design II—Tutorial Lectures, vol. 2946 of Lecture Notes in Computer Science, pp. 1–46. Springer, Berlin (2002)
Alur R., Dill D.L.: A theory of timed automata. Theor. Comput. Sci. 126(2), 183–235 (1994)
Aubin J.-P.: Optima and Equilibria—An Introduction to Nonlinear Analysis, vol. 140 of Graduate Texts in Mathematics. Springer, Berlin (1993)
Boreale, M.: Quantifying information leakage in process calculi. In: Bugliesi, M., Preneel, B., Sassone, V., Wegener, I. (eds.) Proceedings of ICALP’06, vol. 4052 of Lecture Notes in Computer Science, pp. 119–131. Springer, Berlin (2006)
Clarkson, M.R., Myers, A.C., Schneider, F.B.: Belief in information flow. In: Proceedings of 18th Computer Security Foundations Workshop, IEEE, pp. 31–45 (2005)
Clark D., Hunt S., Malacaria P.: Quantitative information flow, relations and polymorphic types. J. Log. Comput. 15(2), 181–199 (2005)
Derisavi S., Hermanns H., Sanders W.H.: Optimal state-space lumping in Markov chains. Inf. Process. Lett. 87(6), 309–315 (2003)
Desharnais, J., Jagadeesan, R., Gupta, V., Panangaden, P.: Metrics for labeled Markov systems. In: Proceedings of CONCUR’99, vol. 1664 of Lecture Notes in Computer Science, pp. 258–273. Springer, Berlin (1999)
Desharnais, J., Jagadeesan, R., Gupta, V., Panangaden, P.: The metric analogue of weak bisimulation for probabilistic processes. In: Proceedings of LICS’02, IEEE, pp. 413–422 (2002)
Di Pierro, A., Hankin, C., Wiklicky, H.: Approximate non- interference. In: Proceedings of CSFW’02, IEEE Computer Society, pp. 3–17. (2002)
Di Pierro, A., Hankin, C., Wiklicky, H.: Quantitative relations and approximate process equivalences. In: Lugiez, D. (ed.) Proceedings of CONCUR’03, vol. 2761 of Lecture Notes in Computer Science, pp. 508–522. Springer, Berlin (2003)
Di Pierro A., Hankin C., Wiklicky H.: Approximate non- interference. J. Comput. Secur. 12(1), 37–81 (2004)
Di Pierro A., Hankin C., Wiklicky H.: Measuring the confinement of probabilistic systems. Theor. Comp. Sci. 340(1), 3–56 (2005)
Di Pierro A., Hankin C., Siveroni I., Wiklicky H.: Tempus fugit: How to plug it. J. Log. Algebr. Program. 72(2), 173–190 (2007)
Di Pierro, A., Hankin, C., Wiklicky, H.: Quantifying timing leaks and cost optimisation. In: Chen, L., Ryan, M.D., Wang, G. (eds.) Proceedings of 10th International Conference on Information and Communications Security, vol. 5308 of Lecture Notes in Computer Science, pp. 81–96. Springer, Berlin (2008)
Dovier A., Piazza C., Policriti A.: An efficient algorithm for computing bisimulation equivalence. Theor. Comp. Sci. 311(1–3), 221–256 (2004)
Eaton, J.W.: Octave. Technical report, Free Software Foundation, Boston, MA (2005)
Focardi, R., Gorrieri, R.: Classification of security properties (Part I: Information flow). In: Foundations of Security Analysis and Design—Tutorial Lectures, vol. 2171 of Lecture Notes in Computer Science, pp. 331–396. Springer, Berlin (2001)
Goguen, J., Meseguer, J.: Security policies and security models. In: Symposium on Security and Privacy, IEEE, pp. 11–20 (1982)
Hiller F.S., Lieberman G.J.: Introduction to Operations Research, 7th edn. McGraw-Hill, Maidenherd (2001)
Jonsson B., Yi W., Larsen K: Probabilistic Extentions of Process Algebras, pp. 685–710. Elsevier Science, Amsterdam (2001)
Kocher, P.: Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In: Proceedings of CRYPTO ’96, vol. 1109 of Lecture Notes in Computer Science, pp. 104–113. Springer, Berlin (1996)
Köpf B., Dürmuth, M.: A provably secure and efficient countermeasure against timing attack. In: Proceedings of 22nd Computer Security Foundations Symposium, IEEE (2009)
Kwiatkowska, M., Norman, G., Sproston, J., Wang, F.: Symbolic model checking for probabilistic timed automata. In: Lakhnech, Y., Yovine, S. (eds.) Proceedings of FORMATS/FTRTFT’04, vol. 3253 of Lecture Notes in Computer Science, pp. 293–308. Springer, Berlin (2004)
Larsen K., Skou A.: Bisimulation through probabilistic testing. Inf. Comput. 94, 1–28 (1991)
Lowe, G.: Quantifying information flow. In: Proceedings of 15th Computer Security Foundations Workshop, IEEE, pp. 18–31 (2002)
Mclean, J.: Security models and information flow. In: Proceedings of IEEE Symposium on Security and Privacy, pp. 180–189. (1990)
Paige R., Tarjan R.: Three partition refinement algorithms. SIAM J. Comput. 16(6), 973–989 (1987)
Ryan P., Schneider S.: Process algebra and non-interference. J. Comput. Secur. 9(1/2), 75–103 (2001) Special Issue on CSFW-12
Stirzaker D.: Probability and Random Variables. Cambridge University Press, Cambridge (1999)
Smith, G.: On the foundations of quantitative information flow. In: De Alfero, L. (ed.) Proceedings of FOSSACS’09, vol. 5504 of Lecture Notes in Computer Science, pp. 288–302. Springer, Berlin (2009)
Smith, G., Volpano, D.: Secure information flow in a multi-threaded imperative language. In: Proceedings of POPL’98, pp. 355–364. ACM Press, New York (1998)
Software Bugtraps: Software that makes software better. Economist 386(8570) (March 2008)
Volpano D., Smith G.: Confinement properties for programming languages. SIGACT News 29(3), 33–42 (1998)
van Breugel, F.: A behavioural pseudometric for metric labelled transition systems. In: Abadi, M., de Alfaro, L. (eds.) Proceedings of CONCUR’05, vol. 3653 of Lecture Notes in Computer Science, pp. 141–155. Springer, Berlin (2005)
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Di Pierro, A., Hankin, C. & Wiklicky, H. Probabilistic timing covert channels: to close or not to close?. Int. J. Inf. Secur. 10, 83–106 (2011). https://doi.org/10.1007/s10207-010-0107-0
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10207-010-0107-0