Dantas, Yuri GilYuri GilDantasHamann, TobiasTobiasHamannMantel, HeikoHeikoMantel2022-10-182022-10-182018-11-13Lecture Notes in Computer Science 11358 LNCS: 173-189 (2019-01-01)http://hdl.handle.net/11420/13801Timing side-channel attacks remain a major challenge for software security, in particular for cryptographic implementations. Multiple countermeasures against such attacks have been proposed over the last decades, including static and dynamic approaches. Although such countermeasures have been extensively studied in the literature, previous evaluations have mostly relied on simplified system settings. In this article, we provide a comparative evaluation of the effectiveness of both static and dynamic countermeasures in a realistic setting for Java programs. Our experimental setup considers the effects of the non-deterministic timing behavior introduced by the Java VM, in particular involving just-in-time compilation (JIT). Our empirical results indicate that such countermeasures vary heavily on how much they can reduce information leakage, and show that negative effects of non-deterministic timing behavior on their effectiveness are substantial.enInformatikConference Paper10.1007/978-3-030-18419-3_12Other