IMDEA Software

IMDEA initiative

Home > Events > Software Seminar Series > 2013 > Resolving Security Trade-Offs: Side-Channel Leakage vs. Cost

Goran Doychev

Tuesday, November 26, 2013

11:00am Meeting room 302 (Mountain View), level 3

Goran Doychev, PhD Student, IMDEA Software Institute

Resolving Security Trade-Offs: Side-Channel Leakage vs. Cost

Abstract:

Side-channels can often be easily eliminated, however rarely are, as the cost for this is considerable. In practice, users are left with the task of finding a good trade-off between security and cost. In this work, I present ongoing work on resolving this trade-off, using economic reasoning to aid the decision-making process, and quantitative information-flow analysis to obtain security guarantees for concrete implementations. We model the problem as a game between a user and an adversary, where its solution gives an optimal protection strategy for the user. Moreover, we improve previously known bounds on the probability of successful attacks, which results in tangible economic savings for users seeking formal protection for their systems. In a practical study, we demonstrate how a trade-off between security and cost can be obtained in the example of countermeasures against timing attacks in the OpenSSL RSA implementation.