Abstract : Timing side-channel vulnerabilities constitute a serious threat against privacy and confidentiality of data. In this article, we study the effects of bucketing, a previously proposed mitigation technique against timing side channels. We present two implementations of bucketing that reside at the application and at the kernel level, respectively. We experimentally evaluate the effectiveness of these implementations in a setting with non-deterministic timing behavior, a practically relevant setting that has not been studied before. Our results show that the impact of non-deterministic timing behavior is substantial. The bucket boundaries cannot be established sharply and this reduces the effectiveness of bucketing. Nevertheless, bucketing still provides a significant reduction of side-channel capacity.
https://hal.inria.fr/hal-02023728
Contributor : Hal Ifip <>
Submitted on : Thursday, February 21, 2019 - 4:08:42 PM Last modification on : Thursday, February 21, 2019 - 4:10:02 PM Long-term archiving on: : Wednesday, May 22, 2019 - 9:13:08 PM
Yuri Dantas, Richard Gay, Tobias Hamann, Heiko Mantel, Johannes Schickel. An Evaluation of Bucketing in Systems with Non-deterministic Timing Behavior. 33th IFIP International Conference on ICT Systems Security and Privacy Protection (SEC), Sep 2018, Poznan, Poland. pp.323-338, ⟨10.1007/978-3-319-99828-2_23⟩. ⟨hal-02023728⟩