Clockwork: Tracking Remote Timing Attacks
By Iulia Bastys, Musard Balliu, Tamara Rezk, Andrei Sabelfeld.
In Proceedings of the IEEE Computer Security Foundations Symposium (CSF), June 2020.
Timing leaks have been a major concern for the security community. A common
approach is to prevent secrets from affecting the execution time, thus
achieving security with respect to a strong, local attacker who can measure the
timing of program runs. However, this approach becomes restrictive as soon as
programs branch on a secret.
This paper focuses on timing leaks under remote execution. A key difference is
that the remote attacker does not have a reference point of when a program run
has started or finished, which significantly restricts attacker capabilities.
We propose an extensional security characterization that captures the essence
of remote timing attacks. We identify patterns of combining clock access,
secret branching, and output in a way that leads to timing leaks. Based on
these patterns, we design Clockwork, a monitor that rules out remote timing
leaks. We implement the approach for JavaScript, leveraging JSFlow, a
state-of-the-art information flow tracker. We demonstrate the feasibility of
the approach on case studies with IFTTT, a popular IoT app platform, and VJSC,
an advanced JavaScript library for e-voting.
[Paper] [Full version]
Supplementary material
Download the set of benchmarks and the dynamic monitor.