Abstract
Two formal models for description of timing attacks are presented, studied and compared with other security concepts. The models are based on a timed process algebra and on a concept of observations which make visible only a part of a system behaviour. An intruder tries to deduce some private system activities from this partial information which contains also timing of actions. To obtain realistic security characterizations some limitations on observational power of the intruder are applied. It is assumed that the intruder has only limited time window to perform the attack or time of action occurrences can be measured only with a given limited precision.
Work supported by the grant VEGA 1/3105/06 and APVV-20-P04805.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Bossi, A., et al.: Information Flow in Secure Contexts. Journal of Computer Security 13(3) (2005)
Bryans, J., Koutny, M., Ryan, P.: Modelling non-deducibility using Petri Nets. In: Proc. of the 2nd International Workshop on Security Issues with Petri Nets and other Computational Models (2004)
Bryans, J., et al.: Opacity Generalised to Transition Systems. CS-TR-868, University of Newcastle upon Tyne (2004)
Bossi, A., et al.: Refinement Operators and Information Flow Security. In: Proc. of SEFM’03, IEEE Computer Society Press, Los Alamitos (2003)
Gorrieri, R., Busi, N.: Positive Non-interference in Elementary and Trace Nets. In: Cortadella, J., Reisig, W. (eds.) ICATPN 2004. LNCS, vol. 3099, pp. 1–16. Springer, Heidelberg (2004)
Dhem, J.-F., et al.: A practical implementation of the timing attack. In: Schneier, B., Quisquater, J.-J. (eds.) CARDIS 1998. LNCS, vol. 1820, Springer, Heidelberg (2000)
Felten, E.W., Schneider, M.A.: Timing attacks on web privacy. In: Proc. of the 7th ACM Conference on Computer and Communications Security (2000)
Gorrieri, R., Focardi, R.: Classification of Security Properties. In: Focardi, R., Gorrieri, R. (eds.) FOSAD 2000. LNCS, vol. 2171, Springer, Heidelberg (2001)
Focardi, R., Gorrieri, R., Martinelli, F.: Information flow analysis in a discrete-time process algebra. In: Proc. of the 13th Computer Security Foundation Workshop, IEEE Computer Society Press, Los Alamitos (2000)
Focardi, R., Gorrieri, R., Martinelli, F.: Real-Time information flow analysis. IEEE Journal on Selected Areas in Communications 21 (2003)
Gorrieri, R., Martinelli, F.: A simple framework for real-time cryptographic protocol analysis with compositional proof rules. Science of Computer Programing 50 (1-3) (2004)
Goguen, J.A., Meseguer, J.: Security Policies and Security Models. In: Proc. of the IEEE Symposium on Security and Privacy (1982)
Groote, J.F.: Transition Systems Specification with Negative Premises. In: Baeten, J.C.M., Klop, J.W. (eds.) CONCUR 1990. LNCS, vol. 458, Springer, Heidelberg (1990)
Gruska, D.P., Maggiolo-Schettini, A.: Process algebra for network communication. Fundamenta Informaticae 45 (2001)
Gruska, D., Maggiolo-Schettini, A.: Nested Timing Attacks. Proc. of FAST (2003)
Gruska, D.P.: Information Flow in Timing Attacks. In: Proc. of CS&P’04 (2004)
Gruska, D.P.: Network Information Flow. Fundamenta Informaticae 72 (2006)
Handschuh, H., Heys, H.M.: A timing attack on RC5. In: Tavares, S., Meijer, H. (eds.) SAC 1998. LNCS, vol. 1556, Springer, Heidelberg (1999)
Kocher, P.C.: Timing attacks on implementations of Diffie-Hellman, RSA, DSS and other systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, Springer, Heidelberg (1996)
Milner, R.: Communication and concurrency. Prentice-Hall International, New York (1989)
Sabelfeld, A., Myers, A.C.: Language-Based Information Flow Security. IEEE Journal on Selected Areas in Communication 21(1) (2003)
Song, D., Wagner, D., Tian, X.: Timing analysis of Keystrokes and SSH timing attacks. In: Proc. of the 10th USENIX Security Symposium (2001)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Gruska, D.P. (2007). Information-Flow Attacks Based on Limited Observations. In: Virbitskaite, I., Voronkov, A. (eds) Perspectives of Systems Informatics. PSI 2006. Lecture Notes in Computer Science, vol 4378. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-70881-0_20
Download citation
DOI: https://doi.org/10.1007/978-3-540-70881-0_20
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-70880-3
Online ISBN: 978-3-540-70881-0
eBook Packages: Computer ScienceComputer Science (R0)