Automated Testing against Timing Attacks
نویسندگان
چکیده
This paper provides an overview of a system which allows to integrate detection of potential timing attack with a regular test suite. The authors examine previous approaches to the problem and discuss their usefulness and fitness for the purposes of automated testing. A developer-friendly system for detecting timing issues using Valgrind is presented, and integration with Google Test is discussed. An example of how such test can detect vulnerabilities is provided, and the limitations of the system are outlined.
منابع مشابه
Improving Tor security against timing and traffic analysis attacks with fair randomization
The Tor network is probably one of the most popular online anonymity systems in the world. It has been built based on the volunteer relays from all around the world. It has a strong scientific basis which is structured very well to work in low latency mode that makes it suitable for tasks such as web browsing. Despite the advantages, the low latency also makes Tor insecure against timing and tr...
متن کاملAn automatic test case generator for evaluating implementation of access control policies
One of the main requirements for providing software security is the enforcement of access control policies which aim to protect resources of the system against unauthorized accesses. Any error in the implementation of such policies may lead to undesirable outcomes. For testing the implementation of access control policies, it is preferred to use automated methods which are faster and more relia...
متن کاملCache-Timing Template Attacks
Cache-timing attacks are a serious threat to security-critical software. We show that the combination of vector quantization and hidden Markov model cryptanalysis is a powerful tool for automated analysis of cache-timing data; it can be used to recover critical algorithm state such as key material. We demonstrate its effectiveness by running an attack on the elliptic curve portion of OpenSSL (0...
متن کاملRemote Timing Attacks Are Practical
Timing attacks are usually used to attack weak computing devices such as smartcards. We show that timing attacks apply to general software systems. Specifically, we devise a timing attack against OpenSSL. Our experiments show that we can extract private keys from an OpenSSL-based web server running on a machine in the local network. Our results demonstrate that timing attacks against network se...
متن کاملCAPTCHaStar! A Novel CAPTCHA Based on Interactive Shape Discovery
Over the last years, most websites where users can register (e.g., email providers and social networks) adopted CAPTCHAs (Completely Automated Public Turing test to tell Computers and Humans Apart) as a countermeasure for automated attacks. The battle of wits between designers and attackers of CAPTCHAs led to current ones being annoying and hard to resolve for users, while still being vulnerabl...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2015