TimeInspector: a static analysis approach for detecting timing attacks

Durmaz, Fatih and Kamadan, Nureddin and Öz, Melih Taha and Ünal, Musa Sadık and Javeed, Arsalan and Yılmaz, Cemal and Savaş, Erkay (2023) TimeInspector: a static analysis approach for detecting timing attacks. In: IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), Delft, Netherlands

Full text not available from this repository. (Request a copy)


We present a static analysis approach to detect malicious binaries that are capable of carrying out a timing attack. The proposed approach is based on a simple observation that the timing attacks typically operate by measuring the execution times of short sequences of instructions. Consequently, given a binary, we first construct the control flow graph of the binary and then determine the paths between the pairs of time readings, on which a suspiciously low number of instructions might be executed. In the presence of such a path, we mark the binary as potentially malicious and report all the suspicious paths identified. In the experiments, where a collection of benign and malicious binaries were used, the proposed approach correctly detected all the malicious binaries with an accuracy up to 99.5% and without any false negatives.
Item Type: Papers in Conference Proceedings
Uncontrolled Keywords: malware analysis; side-channel attacks; static program analysis; timing attacks
Divisions: Faculty of Engineering and Natural Sciences
Depositing User: Cemal Yılmaz
Date Deposited: 04 Sep 2023 16:25
Last Modified: 04 Sep 2023 16:25
URI: https://research.sabanciuniv.edu/id/eprint/47701

Actions (login required)

View Item
View Item