A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2011; you can also visit the original URL.
The file type is application/pdf
.
Filters
Toward securing sensor clouds
2011
2011 International Conference on Collaboration Technologies and Systems (CTS)
proper, and (iii) Defense against the side-channel analysis on the Software-as-a-Service infrastructure. ...
In previous work, we have proposed a large-scale brokering framework, and we are researching several facets of securing sensors in the context of this framework. ...
Mitigating Side-channel Leaks from Web Applications Our research, as elaborated in our prior paper [6] , indicates that mitigation of the side channel problem in web applications is nontrivial. ...
doi:10.1109/cts.2011.5928699
dblp:conf/cts/KapadiaMWF11
fatcat:bhf45zqqszgybcxv25qgo7fb5e
Automated black-box detection of side-channel vulnerabilities in web applications
2011
Proceedings of the 18th ACM conference on Computer and communications security - CCS '11
The frequent and highly dynamic client-server communication that is characteristic of modern web applications leaves them vulnerable to side-channel leaks, even over encrypted connections. ...
Our results illustrate the limitations of entropy measurements used in previous work and show how our new metric based on the Fisher criterion can be used to more robustly reveal side-channels in web applications ...
Acknowledgments The authors thank Shuo Chen and XiaoFeng Wang for introducing us to the interesting problem of web application side-channel leaks. ...
doi:10.1145/2046707.2046737
dblp:conf/ccs/ChapmanE11
fatcat:ogy72hxlvreqjovua5squpb2d4
Data-Driven Debugging for Functional Side Channels
[article]
2020
arXiv
pre-print
Information leaks through side channels are a pervasive problem, even in security-critical applications. ...
We focus on the case of noisy observations, where we demonstrate with examples that there is a practical functional side channel in programs that would be deemed information-leak-free or be underestimated ...
We propose decision tree algorithms to pinpoint locations in the program that contribute to the side channels. ...
arXiv:1808.10502v2
fatcat:gou2n4slinha7jv7zxjczgmnsm
RT-Sniper: A Low-Overhead Defense Mechanism Pinpointing Cache Side-Channel Attacks
2021
Electronics
Since cache side-channel attacks have been serious security threats to multi-tenant systems, there have been several studies to protect systems against the attacks. ...
Compared to the previous defense solutions against cache side-channel attacks, RT-Sniper exhibits better detection performance with lower performance overhead. ...
As previous research disclosed how the cache side-channel attacks can leak secret data (e.g., encryption keys) from the encryption applications, we also study the similar attacker-victim models to evaluate ...
doi:10.3390/electronics10222748
fatcat:yfx37rru2nb7lixmw2p6pgsmfq
Can Content-Based Data Loss Prevention Solutions Prevent Data Leakage in Web Traffic?
2015
IEEE Security and Privacy
Acknowledgments This work was partially supported by the Zurich Information Security Center at ETH Zurich and represents only the views of the authors. ...
[6] [7] [8] [9] Unless an organization is aware of such side channels, this type of leakage is extremely hard to prevent. ...
Leakage via Covert Channels Covert channels are the most challenging strategy to defend against because leaked data isn't directly transmitted in the URL, header, or body. ...
doi:10.1109/msp.2015.88
fatcat:smbcxxpbdndalenazsfatxolwu
Nomad
2015
Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security - CCS '15
cloud applications such as web services and Hadoop MapReduce. ...
In designing Nomad, we make four key contributions: (1) a formal model to capture information leakage via side channels in shared cloud deployments; (2) identifying provider-assisted VM migration as a ...
In this case, we suggest using other side-channel defenses in conjunction with Nomad (i.e., a general side-channel solution) to strengthen defenses against evolving side channels. ...
doi:10.1145/2810103.2813706
dblp:conf/ccs/MoonSR15
fatcat:xo4klwredngzxprpoksm4szbmi
Abusing Hidden Properties to Attack the Node.js Ecosystem
2021
USENIX Security Symposium
Any opinions, findings, conclusions, or recommendations expressed in this material are those of the authors and do not necessarily reflects the views of ONR, DARPA, or NSF. ...
This material was supported in part by the Office of Naval Research (ONR) under grants N00014-17-1-2895, N00014-15-1-2162, N00014-18-1-2662 and N00014-20-1-2734, the Defense Advanced Research Projects ...
[41] propose two new side-channel attacks in JavaScript to automatically infer host information. In contrast to related work, we focus on vulnerabilities in the server-side Node.js programs. ...
dblp:conf/uss/XiaoHXY0GL21
fatcat:lmgsxzo7pzdvtdpii35hivchd4
Did we learn from LLC Side Channel Attacks? A Cache Leakage Detection Tool for Crypto Libraries
[article]
2017
arXiv
pre-print
If dependence is observed, the cryptographic implementation is classified as to leak information. ...
information that lead to key extraction. ...
MI has been used in prior work for side channel attacks and leakage quantification. Gierlichs et al. [19] utilize MI as a side channel distinguisher to mount differential side channel attacks. ...
arXiv:1709.01552v1
fatcat:taa6yk3vffdqpibhgzavx2iseq
Identifying Information Disclosure in Web Applications with Retroactive Auditing
2014
USENIX Symposium on Operating Systems Design and Implementation
Porting three existing web applications required fewer than 25 lines of code changes per application. ...
Rail is a framework for building web applications that can precisely identify inappropriately disclosed data after a vulnerability is discovered. ...
In particular, the paper describes the design of a new system, named Rail (Retroactive Auditing for Information Leakage), that can precisely identify whose information was leaked in the context of web ...
dblp:conf/osdi/ChenKWZK14
fatcat:lsii355ncjgazpa77glbyq4mqy
Fine-grained privilege separation for web applications
2010
Proceedings of the 19th international conference on World wide web - WWW '10
In our model, the web framework enforces privilege separation and isolation of web applications by requiring the use of an objectcapability language and providing interfaces that expose limited, explicitly-specified ...
In our model, applications are divided into isolated, privilege-separated components, enabling rich security policies to be enforced in a way that can be checked by reviewers. ...
The privacy property makes no promises about information that might be leaked through covert channels. ...
doi:10.1145/1772690.1772747
dblp:conf/www/KrishnamurthyMW10
fatcat:spbajjsdjjc6nfhdremgqvsokm
I Know Where You've Been: Geo-Inference Attacks via the Browser Cache
2015
IEEE Internet Computing
In this paper, we demonstrate that such geolocation leakage channels are widely open in popular web applications today, including 62% of Alexa Top 100 websites. ...
Recently, mobile devices further allow web applications to directly read users' geo-location information from GPS sensors. ...
Any opinions, findings, and conclusions or recommendations expressed in this paper are those of the authors and do not necessarily reflect the views of the Ministry of Education, Singapore. ...
doi:10.1109/mic.2014.103
fatcat:p66nbov6tngcljbinymanr3jx4
Demystifying security and compatibility issues in Android Apps
[article]
2023
arXiv
pre-print
Existing mobile phones are not simply devices for making phone calls and receiving SMS messages, but powerful communication and entertainment platforms for web surfing, social networking, etc. ...
Even though the Android OS offers powerful communication and application execution capabilities, it is riddled with defects (e.g., security risks, and compatibility issues), new vulnerabilities come to ...
Such information can also be utilized to steal the PIN of a device through side-channel attacks (such as and [Giallanza et al., 2019] ). ...
arXiv:2302.07467v1
fatcat:fipogt67urg4nmiousqtf2feca
Discriminating Traces with Time
[article]
2017
arXiv
pre-print
We demonstrate on three larger case studies how decision-tree discriminants produced by our tool are useful for debugging timing side-channel vulnerabilities (i.e., where a malicious observer infers secrets ...
zeroing-in on the program internals. ...
The timing information leak thus helped the attacker narrow down the possibilities from hundreds of users to six. Debugging Timing Side-Channels with Decision Tree Learning. ...
arXiv:1702.07103v1
fatcat:643osm7t6zennh6vy236niacwm
An Information Flow-Based Taxonomy to Understand the Nature of Software Vulnerabilities
[chapter]
2016
IFIP Advances in Information and Communication Technology
This paper presents a taxonomy that views vulnerabilities as fractures in the interpretation of information as it flows in the system. ...
The problem actually lies in a lack of understanding of the nature of vulnerabilities. ...
interacting with web applications by leveraging physical or side-effects of the system execution or communications. ...
doi:10.1007/978-3-319-33630-5_16
fatcat:7jw2tkptd5fzhe2q7s6n6taz7y
Push Attack: Binding Virtual and Real Identities Using Mobile Push Notifications
2018
Future Internet
Despite the cryptography used to protect these communication channels, the strict temporal binding between the actions that trigger the notifications and the reception of the notification messages in the ...
The push notification attack bypasses the standard ways of protecting user privacy based on the network layer by operating at the application level. ...
Privacy Implications The proposed attack is collocated in the wide area of privacy threats on encrypted traffic, often referred to as side-channel information leaks [8] . ...
doi:10.3390/fi10020013
fatcat:enkpvvaxujdjdlsdzigy65kiq4
« Previous
Showing results 1 — 15 out of 1,958 results