IMDEA Software

IMDEA initiative

Home > Events > Software Seminar Series > 2017 > Reasoning about aggregation of information

Itsaka Rakotonirina

Tuesday, March 14, 2017

10:45am Meeting room 302 (Mountain View), level 3

Itsaka Rakotonirina, Research Intern, IMDEA Software Institute

Reasoning about aggregation of information

Abstract:

Along with the conventional mathematic-driven approach of software security, 20 years of attacks harnessing the timing behaviour of programs to obtain secret data (timing attacks) pose a concerning threat to software systems. The complexity and the need for efficiency of softwares makes it difficult to expect constant-time implementations in general, requiring us to accept such leaks to some extent.

The border between unimpactful and critical leaks does not lie in the amount of information leaked by isolated runs of the software. Rather, the key criterion is the ability to aggregate different secret bits over and over through several executions. As the question of aggregation has not been tackled much in the literature, there is a need for techniques allowing to distinguish between critical and non-critical leaks: in this work we present a novel approach to help with this distinction.