通过异常机制检测泄漏

2022 International Conference on Advanced Aspects of Software Engineering (ICAASE) Pub Date : 2022-09-17 DOI:10.1109/ICAASE56196.2022.9931592

Salim Yahia Kissi, Yassamine Seladji, R. Ameur-Boulifa

{"title":"通过异常机制检测泄漏","authors":"Salim Yahia Kissi, Yassamine Seladji, R. Ameur-Boulifa","doi":"10.1109/ICAASE56196.2022.9931592","DOIUrl":null,"url":null,"abstract":"A timing attack is a security exploit that allows an attacker to discover vulnerabilities in the security of a computer or network system by analysing the execution time of algorithms. This is because each operation in a program takes time to be executed, and this time may vary depending on its inputs and the characteristics of the microprocessor on which it runs. With accurate time measurements for each operation, it may be possible for an attacker to discover secrets through the analysis of the execution time of a program. This paper presents an automatable approach for detecting information leakage in programs through timing information. It is based on the Z3-SMT solver. It allows to detect vulnerabilities in a software code according to a given security specification and target architecture. This paper also features some research issues that will be addressed during my thesis.","PeriodicalId":206411,"journal":{"name":"2022 International Conference on Advanced Aspects of Software Engineering (ICAASE)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-09-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Detection of leaks through exception mechanisms\",\"authors\":\"Salim Yahia Kissi, Yassamine Seladji, R. Ameur-Boulifa\",\"doi\":\"10.1109/ICAASE56196.2022.9931592\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"A timing attack is a security exploit that allows an attacker to discover vulnerabilities in the security of a computer or network system by analysing the execution time of algorithms. This is because each operation in a program takes time to be executed, and this time may vary depending on its inputs and the characteristics of the microprocessor on which it runs. With accurate time measurements for each operation, it may be possible for an attacker to discover secrets through the analysis of the execution time of a program. This paper presents an automatable approach for detecting information leakage in programs through timing information. It is based on the Z3-SMT solver. It allows to detect vulnerabilities in a software code according to a given security specification and target architecture. This paper also features some research issues that will be addressed during my thesis.\",\"PeriodicalId\":206411,\"journal\":{\"name\":\"2022 International Conference on Advanced Aspects of Software Engineering (ICAASE)\",\"volume\":\"1 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2022-09-17\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2022 International Conference on Advanced Aspects of Software Engineering (ICAASE)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICAASE56196.2022.9931592\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 International Conference on Advanced Aspects of Software Engineering (ICAASE)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICAASE56196.2022.9931592","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

摘要

定时攻击是一种安全漏洞，允许攻击者通过分析算法的执行时间来发现计算机或网络系统的安全漏洞。这是因为程序中的每个操作都需要时间来执行，而这个时间可能取决于它的输入和运行它的微处理器的特性。通过对每个操作进行精确的时间测量，攻击者就有可能通过分析程序的执行时间来发现秘密。本文提出了一种通过时序信息自动检测程序中信息泄漏的方法。它是基于Z3-SMT求解器。它允许根据给定的安全规范和目标体系结构检测软件代码中的漏洞。这篇论文也有一些研究问题，将在我的论文中解决。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Detection of leaks through exception mechanisms

A timing attack is a security exploit that allows an attacker to discover vulnerabilities in the security of a computer or network system by analysing the execution time of algorithms. This is because each operation in a program takes time to be executed, and this time may vary depending on its inputs and the characteristics of the microprocessor on which it runs. With accurate time measurements for each operation, it may be possible for an attacker to discover secrets through the analysis of the execution time of a program. This paper presents an automatable approach for detecting information leakage in programs through timing information. It is based on the Z3-SMT solver. It allows to detect vulnerabilities in a software code according to a given security specification and target architecture. This paper also features some research issues that will be addressed during my thesis.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2022 International Conference on Advanced Aspects of Software Engineering (ICAASE)

自引率

0.00%

发文量