English
Related papers

Related papers: Quantifying Timing Leaks and Cost Optimisation

200 papers

Timing side-channel attacks exploit secret-dependent execution time to fully or partially recover secrets of cryptographic implementations, posing a severe threat to software security. Constant-time programming discipline is an effective…

Cryptography and Security · Computer Science 2024-02-22 Luwei Cai , Fu Song , Taolue Chen

Process mining employs event logs to provide insights into the actual processes. Event logs are recorded by information systems and contain valuable information helping organizations to improve their processes. However, these data also…

Databases · Computer Science 2020-12-23 Majid Rafiei , Wil M. P. van der Aalst

Secure software architecture is increasingly important in a data-driven world. When security is neglected sensitive information might leak through unauthorized access. To mitigate this software architects needs tools and methods to quantify…

Software Engineering · Computer Science 2024-01-17 Rasmus Carl Rønneberg

Constant-time programming is a countermeasure to prevent cache based attacks where programs should not perform memory accesses that depend on secrets. In some cases this policy can be safely relaxed if one can prove that the program does…

Cryptography and Security · Computer Science 2023-06-22 Cristian Ene , Laurent Mounier , Marie-Laure Potet

Information flow analysis is a powerful technique for reasoning about the sensitive information exposed by a program during its execution. While past work has proposed information theoretic metrics (e.g., Shannon entropy, min-entropy,…

Cryptography and Security · Computer Science 2010-09-22 Ji Zhu , Mudhakar Srivatsa

Detecting and resolving violations of temporal constraints in real-time systems is both, time-consuming and resource-intensive, particularly in complex software environments. Measurement-based approaches are widely used during development,…

Operating Systems · Computer Science 2025-07-31 Benno Bielmeier , Ralf Ramsauer , Takahiro Yoshida , Wolfgang Mauerer

Side channels represent a broad class of security vulnerabilities that have been demonstrated to exist in many applications. Because completely eliminating side channels often leads to prohibitively high overhead, there is a need for a…

Information Theory · Computer Science 2020-04-20 Benjamin Wu , Aaron B. Wagner , G. Edward Suh

Physical implementations of cryptographic algorithms leak information, which makes them vulnerable to so-called side-channel attacks. The problem of secure computation in the presence of leakage is generally known as leakage resilience. In…

Quantum Physics · Physics 2014-05-01 Felipe G. Lacerda , Joseph M. Renes , Renato Renner

Many physical systems considered promising qubit candidates are not, in fact, two-level systems. Such systems can leak out of the preferred computational states, leading to errors on any qubits that interact with leaked qubits. Without…

Quantum Physics · Physics 2013-10-09 Austin G. Fowler

This work aims to solve a practical problem, i.e., how to quantify the risk brought upon a system by different attackers. The answer is useful for optimising resource allocation for system defence. Given a set of safety requirements, we…

Logic in Computer Science · Computer Science 2018-11-27 Eric Rothstein-Morris , Sun Jun

The PQDSS standardization process requires cryptographic primitives to be free from vulnerabilities, including timing and cache side-channels. Resistance to timing leakage is therefore an essential property, and achieving this typically…

Conformance checking quantifies the deviations between a set of traces in a given process log and a set of possible traces defined by a process model. Current approaches mostly focus on added or missing events. Lately, multi-perspective…

Software Engineering · Computer Science 2020-08-18 Florian Stertz , Juergen Mangler , Stefanie Rinderle-Ma

We propose an operational measure of information leakage in a non-stochastic setting to formalize privacy against a brute-force guessing adversary. We use uncertain variables, non-probabilistic counterparts of random variables, to construct…

Information Theory · Computer Science 2021-01-29 Farhad Farokhi , Ni Ding

The `security index' of a discrete-time LTI system under sensor attacks is introduced as a quantitative measure on the security of an observable system. We derive ideas from error control coding theory to provide sufficient conditions for…

Systems and Control · Computer Science 2016-08-26 Michelle S. Chong , Margreta Kuijper

Secure applications implement software protections against side-channel and physical attacks. Such protections are meaningful at machine code or micro-architectural level, but they typically do not carry observable semantics at source…

Cryptography and Security · Computer Science 2021-01-18 Son Tuan Vu , Albert Cohen , Karine Heydemann , Arnaud de Grandmaison , Christophe Guillon

Information leakage can have dramatic consequences on the security of real-time systems. Timing leaks occur when an attacker is able to infer private behavior depending on timing information. In this work, we propose a definition of…

Logic in Computer Science · Computer Science 2024-03-13 Étienne André , Engel Lefaucheux , Dylan Marinho

We introduce a novel adversarial model for scheduling with explorable uncertainty. In this model, the processing time of a job can potentially be reduced (by an a priori unknown amount) by testing the job. Testing a job $j$ takes one unit…

Data Structures and Algorithms · Computer Science 2020-05-15 Christoph Dürr , Thomas Erlebach , Nicole Megow , Julie Meißner

As more attention is paid to security in the context of control systems and as attacks occur to real control systems throughout the world, it has become clear that some of the most nefarious attacks are those that evade detection. The term…

Systems and Control · Computer Science 2019-06-04 Carlos Murguia , Iman Shames , Justin Ruths , Dragan Nesic

Selective data protection is a promising technique to defend against the data leakage attack. In this paper, we revisit technical challenges that were neglected when applying this protection to real applications. These challenges include…

Cryptography and Security · Computer Science 2021-06-01 Lin Ma , Jinyan Xu , Jiadong Sun , Yajin Zhou , Xun Xie , Wenbo Shen , Rui Chang , Kui Ren

The security of control systems under sensor attacks is investigated. Redundant observability is introduced, explaining existing security notions including the security index, attack detectability, and observability under attacks.…

Systems and Control · Computer Science 2021-01-11 Chanhwa Lee , Hyungbo Shim , Yongsoon Eun