Transforming out timing leaks 论文
2000引用 339
Security and Verification in ComputingAdvanced Malware Detection TechniquesDistributed systems and fault tolerance
摘要
One aspect of security in mobile code is privacy: private (or secret) data should not be leaked to unauthorised agents. Most of the work on secure information flow has until recently only been concerned with detecting direct and indirect flows. Secret information can however be leaked to the attacker also through covert channels. It is very reasonable to assume that the attacker, even as an external observer, can monitor the timing (including termination) behaviour of the program. Thus to claim a program secure, the security analysis must take also these into account.