Options
Transforming out timing leaks, more or less
Publikationstyp
Conference Paper
Publikationsdatum
2015-09
Sprache
English
Author
Mantel, Heiko
First published in
Number in series
9326 LNSC
Start Page
447
End Page
467
Citation
Lecture Notes in Computer Science 9326 9326: 447-467 (2015)
Contribution to Conference
Publisher DOI
Scopus ID
Publisher
Springer
We experimentally evaluate program transformations for removing timing side-channel vulnerabilities wrt. security and overhead. Our study of four well-known transformations confirms that their performance overhead differs substantially. A novelty of our work is the empirical investigation of channel bandwidths, which clarifies that the transformations also differ wrt. how much security they add to a program. Interestingly, we observe such differences even between transformations that have been proven to establish timing-sensitive noninterference. Beyond clarification, our findings provide guidance for choosing a suitable transformation for removing timing side-channel vulnerabilities. Such guidance is needed because there is a trade-off between security and overhead, which makes choosing a suitable transformation non-trivial.
DDC Class
004: Informatik