Cross-tenant side-channel attacks in PaaS clouds
We present a new attack framework for conducting cache-based side-channel attacks and
demonstrate this framework in attacks between tenants on commercial Platform-as-a …
demonstrate this framework in attacks between tenants on commercial Platform-as-a …
Eliminating timing side-channel leaks using program repair
M Wu, S Guo, P Schaumont, C Wang - Proceedings of the 27th ACM …, 2018 - dl.acm.org
We propose a method, based on program analysis and transformation, for eliminating timing
side channels in software code that implements security-critical applications. Our method …
side channels in software code that implements security-critical applications. Our method …
The clock is still ticking: Timing attacks in the modern web
T Van Goethem, W Joosen, N Nikiforakis - Proceedings of the 22nd ACM …, 2015 - dl.acm.org
Web-based timing attacks have been known for over a decade, and it has been shown that,
under optimal network conditions, an adversary can use such an attack to obtain information …
under optimal network conditions, an adversary can use such an attack to obtain information …
Bakingtimer: privacy analysis of server-side request processing time
I Sanchez-Rola, D Balzarotti, I Santos - Proceedings of the 35th Annual …, 2019 - dl.acm.org
Cookies were originally introduced as a way to provide state awareness to websites, and
are now one of the backbones of the current web. However, their use is not limited to store …
are now one of the backbones of the current web. However, their use is not limited to store …
CURE—Towards enforcing a reliable timeline for cloud forensics: Model, architecture, and experiments
A malicious alteration of system-provided timeline can negatively affect the reliability of
computer forensics. Indeed, detecting such changes and possibly reconstructing the correct …
computer forensics. Indeed, detecting such changes and possibly reconstructing the correct …
[PDF][PDF] An efficient mitigation method for timing side channels on the web
S Schinzel - 2nd International Workshop on Constructive Side …, 2011 - researchgate.net
Research has shown that timing side channels exist in web applications [1, 3, 5]. An
obvious, but problematic, mitigation for timing attacks is to delay the execution time to the …
obvious, but problematic, mitigation for timing attacks is to delay the execution time to the …
WAFFle: Fingerprinting Filter Rules of Web Application Firewalls.
I Schmitt, S Schinzel - WOOT, 2012 - usenix.org
Web Application Firewalls (WAFs) are used to detect and block attacks against vulnerable
web applications. They distinguish benign requests from rogue requests using a set of filter …
web applications. They distinguish benign requests from rogue requests using a set of filter …
Detecting hidden storage side channel vulnerabilities in networked applications
FC Freiling, S Schinzel - IFIP International Information Security Conference, 2011 - Springer
Side channels are communication channels that were not intended for communication and
that accidentally leak information. A storage side channel leaks information through the …
that accidentally leak information. A storage side channel leaks information through the …
[图书][B] Unintentional and Hidden Information Leaks in Networked Software Applications
S Schinzel - 2012 - search.proquest.com
Side channels are vulnerabilities that can be attacked by observing the behaviour of
applications and by inferring sensitive information just from this behaviour. Because side …
applications and by inferring sensitive information just from this behaviour. Because side …
CloRoFor: Cloud robust forensics
The malicious alteration of machine time is a big challenge in computer forensics. Detecting
such changes and reconstructing the actual timeline of events is of paramount importance …
such changes and reconstructing the actual timeline of events is of paramount importance …