Information-Flow Attacks Based on Limited Observations

Gruska, Damas P.

doi:10.1007/978-3-540-70881-0_20

Damas P. Gruska¹

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 4378))

Included in the following conference series:

International Andrei Ershov Memorial Conference on Perspectives of System Informatics

533 Accesses

Abstract

Two formal models for description of timing attacks are presented, studied and compared with other security concepts. The models are based on a timed process algebra and on a concept of observations which make visible only a part of a system behaviour. An intruder tries to deduce some private system activities from this partial information which contains also timing of actions. To obtain realistic security characterizations some limitations on observational power of the intruder are applied. It is assumed that the intruder has only limited time window to perform the attack or time of action occurrences can be measured only with a given limited precision.

Work supported by the grant VEGA 1/3105/06 and APVV-20-P04805.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Bossi, A., et al.: Information Flow in Secure Contexts. Journal of Computer Security 13(3) (2005)
Google Scholar
Bryans, J., Koutny, M., Ryan, P.: Modelling non-deducibility using Petri Nets. In: Proc. of the 2nd International Workshop on Security Issues with Petri Nets and other Computational Models (2004)
Google Scholar
Bryans, J., et al.: Opacity Generalised to Transition Systems. CS-TR-868, University of Newcastle upon Tyne (2004)
Google Scholar
Bossi, A., et al.: Refinement Operators and Information Flow Security. In: Proc. of SEFM’03, IEEE Computer Society Press, Los Alamitos (2003)
Google Scholar
Gorrieri, R., Busi, N.: Positive Non-interference in Elementary and Trace Nets. In: Cortadella, J., Reisig, W. (eds.) ICATPN 2004. LNCS, vol. 3099, pp. 1–16. Springer, Heidelberg (2004)
Google Scholar
Dhem, J.-F., et al.: A practical implementation of the timing attack. In: Schneier, B., Quisquater, J.-J. (eds.) CARDIS 1998. LNCS, vol. 1820, Springer, Heidelberg (2000)
Google Scholar
Felten, E.W., Schneider, M.A.: Timing attacks on web privacy. In: Proc. of the 7^th ACM Conference on Computer and Communications Security (2000)
Google Scholar
Gorrieri, R., Focardi, R.: Classification of Security Properties. In: Focardi, R., Gorrieri, R. (eds.) FOSAD 2000. LNCS, vol. 2171, Springer, Heidelberg (2001)
Google Scholar
Focardi, R., Gorrieri, R., Martinelli, F.: Information flow analysis in a discrete-time process algebra. In: Proc. of the 13^th Computer Security Foundation Workshop, IEEE Computer Society Press, Los Alamitos (2000)
Google Scholar
Focardi, R., Gorrieri, R., Martinelli, F.: Real-Time information flow analysis. IEEE Journal on Selected Areas in Communications 21 (2003)
Google Scholar
Gorrieri, R., Martinelli, F.: A simple framework for real-time cryptographic protocol analysis with compositional proof rules. Science of Computer Programing 50 (1-3) (2004)
Google Scholar
Goguen, J.A., Meseguer, J.: Security Policies and Security Models. In: Proc. of the IEEE Symposium on Security and Privacy (1982)
Google Scholar
Groote, J.F.: Transition Systems Specification with Negative Premises. In: Baeten, J.C.M., Klop, J.W. (eds.) CONCUR 1990. LNCS, vol. 458, Springer, Heidelberg (1990)
Google Scholar
Gruska, D.P., Maggiolo-Schettini, A.: Process algebra for network communication. Fundamenta Informaticae 45 (2001)
Google Scholar
Gruska, D., Maggiolo-Schettini, A.: Nested Timing Attacks. Proc. of FAST (2003)
Google Scholar
Gruska, D.P.: Information Flow in Timing Attacks. In: Proc. of CS&P’04 (2004)
Google Scholar
Gruska, D.P.: Network Information Flow. Fundamenta Informaticae 72 (2006)
Google Scholar
Handschuh, H., Heys, H.M.: A timing attack on RC5. In: Tavares, S., Meijer, H. (eds.) SAC 1998. LNCS, vol. 1556, Springer, Heidelberg (1999)
Chapter Google Scholar
Kocher, P.C.: Timing attacks on implementations of Diffie-Hellman, RSA, DSS and other systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, Springer, Heidelberg (1996)
Google Scholar
Milner, R.: Communication and concurrency. Prentice-Hall International, New York (1989)
MATH Google Scholar
Sabelfeld, A., Myers, A.C.: Language-Based Information Flow Security. IEEE Journal on Selected Areas in Communication 21(1) (2003)
Google Scholar
Song, D., Wagner, D., Tian, X.: Timing analysis of Keystrokes and SSH timing attacks. In: Proc. of the 10th USENIX Security Symposium (2001)
Google Scholar

Download references

Author information

Authors and Affiliations

Institute of Informatics, Comenius University, Mlynska dolina, 842 48 Bratislava, Slovakia
Damas P. Gruska

Authors

Damas P. Gruska
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Irina Virbitskaite Andrei Voronkov

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Gruska, D.P. (2007). Information-Flow Attacks Based on Limited Observations. In: Virbitskaite, I., Voronkov, A. (eds) Perspectives of Systems Informatics. PSI 2006. Lecture Notes in Computer Science, vol 4378. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-70881-0_20

Download citation

DOI: https://doi.org/10.1007/978-3-540-70881-0_20
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-70880-3
Online ISBN: 978-3-540-70881-0
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics