Empirical analysis of software vulnerabilities causing timing side channels

Mehdi Kholoosi, M. and Ali Babar, M. and Yılmaz, Cemal (2023) Empirical analysis of software vulnerabilities causing timing side channels. In: IEEE Conference on Communications and Network Security (CNS), Orlando, FL, USA

Full text not available from this repository. (Request a copy)

Abstract

Timing attacks are considered one of the most damaging side-channel attacks. These attacks exploit timing fluctuations caused by certain operations to disclose confidential information to an attacker. For instance, in asymmetric encryption, operations such as multiplication and division can cause time-varying execution times that can be m-treated to obtain an encryption key. Whilst several efforts have been devoted to exploring the various aspects of timing attacks, particularly in cryptography, little attention has been paid to empirically studying the timing attack-related vulnerabilities in non-cryptographic software. By inspecting these software vulnerabilities, this study aims to gain an evidence-based understanding of weaknesses in non-cryptographic software that may help timing attacks succeed. We used qualitative and quantitative research approaches to systematically study the timing attack-related vulnerabilities reported in the National Vulnerability Database (NVD) from March 2003 to December 2022. Our analysis was focused on the modifications made to the code for patching the identified vulnerabilities. We found that a majority of the timing attack-related vulnerabilities Were introduced due to not following known secure coding practices. The findings of this study are expected to help the software security community gain evidence-based information about the nature and causes of the vulnerabilities related to timing attacks.
Item Type: Papers in Conference Proceedings
Uncontrolled Keywords: constant time; secure coding; software vulnerability; timing attack
Divisions: Faculty of Engineering and Natural Sciences
Depositing User: Cemal Yılmaz
Date Deposited: 08 Feb 2024 13:01
Last Modified: 08 Feb 2024 13:01
URI: https://research.sabanciuniv.edu/id/eprint/48732

Actions (login required)

View Item
View Item