Options
A comparative study across static and dynamic side-channel countermeasures
Publikationstyp
Conference Paper
Date Issued
2018-11-13
Sprache
English
Author(s)
First published in
Number in series
11358 LNCS
Start Page
173
End Page
189
Citation
Lecture Notes in Computer Science 11358 LNCS: 173-189 (2019-01-01)
Contribution to Conference
Publisher DOI
Scopus ID
Publisher
Springer
Timing side-channel attacks remain a major challenge for software security, in particular for cryptographic implementations. Multiple countermeasures against such attacks have been proposed over the last decades, including static and dynamic approaches. Although such countermeasures have been extensively studied in the literature, previous evaluations have mostly relied on simplified system settings. In this article, we provide a comparative evaluation of the effectiveness of both static and dynamic countermeasures in a realistic setting for Java programs. Our experimental setup considers the effects of the non-deterministic timing behavior introduced by the Java VM, in particular involving just-in-time compilation (JIT). Our empirical results indicate that such countermeasures vary heavily on how much they can reduce information leakage, and show that negative effects of non-deterministic timing behavior on their effectiveness are substantial.
DDC Class
004: Informatik