Microwalk-CI: Practical side-channel analysis for JavaScript applications
J Wichelmann, F Sieck, A Pätschke… - Proceedings of the 2022 …, 2022 - dl.acm.org
Secret-dependent timing behavior in cryptographic implementations has resulted in
exploitable vulnerabilities, undermining their security. Over the years, numerous tools to …
exploitable vulnerabilities, undermining their security. Over the years, numerous tools to …
HASTE: Software security analysis for timing attacks on clear hardware assumption
P Chakraborty, J Cruz, C Posada… - IEEE embedded …, 2021 - ieeexplore.ieee.org
Information leakage via timing side-channel analysis can compromise embedded systems
used in diverse applications that are otherwise secure. Most state-of-the-art timing side …
used in diverse applications that are otherwise secure. Most state-of-the-art timing side …
MAMBO–V: Dynamic Side-Channel Leakage Analysis on RISC–V
J Wichelmann, C Peredy, F Sieck, A Pätschke… - … on Detection of …, 2023 - Springer
RISC–V is an emerging technology, with applications ranging from embedded devices to
high-performance servers. Therefore, more and more security-critical workloads will be …
high-performance servers. Therefore, more and more security-critical workloads will be …
“They're not that hard to mitigate”: What cryptographic library developers think about timing attacks
Timing attacks are among the most devastating side-channel attacks, allowing remote
attackers to retrieve secret material, including cryptographic keys, with relative ease. In …
attackers to retrieve secret material, including cryptographic keys, with relative ease. In …
Eliminating timing side-channel leaks using program repair
M Wu, S Guo, P Schaumont, C Wang - Proceedings of the 27th ACM …, 2018 - dl.acm.org
We propose a method, based on program analysis and transformation, for eliminating timing
side channels in software code that implements security-critical applications. Our method …
side channels in software code that implements security-critical applications. Our method …
JIT leaks: Inducing timing side channels through just-in-time compilation
Side-channel vulnerabilities in software are caused by an observable imbalance in resource
usage across different program paths. We show that just-in-time (JIT) compilation, which is …
usage across different program paths. We show that just-in-time (JIT) compilation, which is …
Fantastic timers and where to find them: High-resolution microarchitectural attacks in JavaScript
Research showed that microarchitectural attacks like cache attacks can be performed
through websites using JavaScript. These timing attacks allow an adversary to spy on users …
through websites using JavaScript. These timing attacks allow an adversary to spy on users …
Øzone: Efficient execution with zero timing leakage for modern microarchitectures
Time variation during program execution can leak sensitive information. Time variations due
to program control flow and hardware resource contention have been used to steal …
to program control flow and hardware resource contention have been used to steal …
Practical keystroke timing attacks in sandboxed javascript
Keystrokes trigger interrupts which can be detected through software side channels to
reconstruct keystroke timings. Keystroke timing attacks use these side channels to infer …
reconstruct keystroke timings. Keystroke timing attacks use these side channels to infer …
Sok: In search of lost time: A review of javascript timers in browsers
JavaScript-based timing attacks have been greatly explored over the last few years. They
rely on subtle timing differences to infer information that should not be available inside of the …
rely on subtle timing differences to infer information that should not be available inside of the …