|
[1] N.Apthorpe,D.Reisman,S.Sundaresan,A.Narayanan,andN.Feamster.Spyingon the smart home: Privacy attacks and defenses on encrypted iot traffic. arXiv preprint arXiv:1708.05044, 2017. [2] A. Aydin, L. Bang, and T. Bultan. Automata-based model counting for string con- straints. In International Conference on Computer Aided Verification, pages 255– 272. Springer, 2015. [3] M. Backes, M. Dürmuth, S. Gerling, M. Pinkal, C. Sporleder, et al. Acoustic {Side- Channel} attacks on printers. In 19th USENIX Security Symposium (USENIX Secu- rity 10), 2010. [4] L.Bang,N.Rosner,andT.Bultan.Onlinesynthesisofadaptiveside-channelattacks based on noisy observations. In 2018 IEEE European Symposium on Security and Privacy (EuroS&P), pages 307–322. IEEE, 2018. [5] G. Barthe, T. Rezk, and M. Warnier. Preventing timing leaks through transactional branching instructions. Electronic Notes in Theoretical Computer Science, 153(2): 33–55, 2006. [6] L.Batina,N.Mentens,andI.Verbauwhede.Side-channelissuesfordesigningsecure hardware implementations. In 11th IEEE International On-Line Testing Symposium, pages 118–121, 2005. doi: 10.1109/IOLTS.2005.64. [7] A. Bortz and D. Boneh. Exposing private information by timing web applications. In Proceedings of the 16th international conference on World Wide Web, pages 621– 628, 2007. [8] J. Cathalo, F. Koeune, and J.-J. Quisquater. A new type of timing attack: Applica- tion to gps. In International Workshop on Cryptographic Hardware and Embedded Systems, pages 291–303. Springer, 2003. [9] S. Chen, R. Wang, X. Wang, and K. Zhang. Side-channel leaks in web applications: A reality today, a challenge tomorrow. In 2010 IEEE Symposium on Security and Privacy, pages 191–206. IEEE, 2010. [10] S. Chen, F. Liu, Z. Mi, Y. Zhang, R. B. Lee, H. Chen, and X. Wang. Leveraging hardware transactional memory for cache side-channel defenses. In Proceedings of the 2018 on Asia Conference on Computer and Communications Security, pages 601–608, 2018. [11] T. Chothia, Y. Kawamoto, and C. Novakovic. A tool for estimating information leakage. In International Conference on Computer Aided Verification, pages 690– 695. Springer, 2013. [12] T. Chothia, Y. Kawamoto, and C. Novakovic. Leakwatch: Estimating information leakage from java programs. In European Symposium on Research in Computer Security, pages 219–236. Springer, 2014. [13] J. Demme, R. Martin, A. Waksman, and S. Sethumadhavan. Side-channel vulner- ability factor: A metric for measuring information leakage. In 2012 39th Annual International Symposium on Computer Architecture (ISCA), pages 106–117, 2012. doi: 10.1109/ISCA.2012.6237010. [14] G. Doychev, B. Köpf, L. Mauborgne, and J. Reineke. Cacheaudit: A tool for the static analysis of cache side channels. ACM Transactions on information and system security (TISSEC), 18(1):1–32, 2015. [15] H. Eldib, C. Wang, and P. Schaumont. Smt-based verification of software counter- measures against side-channel attacks. In International Conference on Tools and Algorithms for the Construction and Analysis of Systems, pages 62–77. Springer, 2014. [16] K. Gandolfi, C. Mourtel, and F. Olivier. Electromagnetic analysis: Concrete results. In International workshop on cryptographic hardware and embedded systems, pages 251–261. Springer, 2001. [17] D. Gullasch, E. Bangerter, and S. Krenn. Cache games–bringing access-based cache attacks on aes to practice. In 2011 IEEE Symposium on Security and Privacy, pages 490–505. IEEE, 2011. [18] S. Guo, M. Wu, and C. Wang. Adversarial symbolic execution for detecting concurrency-related cache timing leaks. In Proceedings of the 2018 26th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering, pages 377–388, 2018. [19] W. Hnath and J. Pettengill. Differential power analysis side-channel attacks in cryp- tography. Major Qualifying Project, Worcester Polytechnic Institute, 2010. [20] P. Kocher, J. Jaffe, and B. Jun. Differential power analysis. In Annual international cryptology conference, pages 388–397. Springer, 1999. [21] P. Kocher, J. Horn, A. Fogh, D. Genkin, D. Gruss, W. Haas, M. Hamburg, M. Lipp, S. Mangard, T. Prescher, et al. Spectre attacks: Exploiting speculative execution. In 2019 IEEE Symposium on Security and Privacy (SP), pages 1–19. IEEE, 2019. [22] P. C. Kocher. Timing attacks on implementations of diffie-hellman, rsa, dss, and other systems. In Annual International Cryptology Conference, pages 104–113. Springer, 1996. [23] D. Kohlbrenner and H. Shacham. Trusted browsers for uncertain times. In 25th USENIX Security Symposium (USENIX Security 16), pages 463–480, Austin, TX, Aug. 2016. USENIX Association. ISBN 978-1-931971-32-4. [24] B. Köpf and D. Basin. An information-theoretic model for adaptive side-channel attacks. In Proceedings of the 14th ACM conference on Computer and communica- tions security, pages 286–296, 2007. [25] A. Levina, D. Sleptsova, and O. Zaitsev. Side-channel attacks and machine learning approach. In 2016 18th Conference of Open Innovations Association and Seminar on Information Security and Protection of Information Technology (FRUCT-ISPIT), pages 181–186, 2016. doi: 10.1109/FRUCT-ISPIT.2016.7561525. [26] M. E. Mazaheri, F. Taheri, and S. B. Sarmadi. Lurking eyes: A method to detect side-channel attacks on javascript and webassembly. In 2020 17th International ISC Conference on Information Security and Cryptology (ISCISC), pages 1–6. IEEE, 2020. [27] W. Melicher, B. Ur, S. M. Segreti, S. Komanduri, L. Bauer, N. Christin, and L. F. Cranor. Fast, lean, and accurate: Modeling password guessability using neural net- works. In 25th USENIX Security Symposium (USENIX Security 16), pages 175–191, 2016. [28] T. S. Messerges, E. A. Dabbish, and R. H. Sloan. Investigations of power analysis attacks on smartcards. Smartcard, 99:151–161, 1999. [29] A. Mosenia and N. K. Jha. A comprehensive study of security of internet-of-things. IEEE Transactions on Emerging Topics in Computing, 5(4):586–602, 2017. doi: 10.1109/TETC.2016.2606384. [30] S. Nilizadeh, Y. Noller, and C. S. Pasareanu. Diffuzz: Differential fuzzing for side- channel analysis. In 2019 IEEE/ACM 41st International Conference on Software Engineering (ICSE), pages 176–187, 2019. doi: 10.1109/ICSE.2019.00034. [31] Y. Noller, C. S. Păsăreanu, M. Böhme, Y. Sun, H. L. Nguyen, and L. Grunske. Hy- diff: Hybrid differential software analysis. In 2020 IEEE/ACM 42nd International Conference on Software Engineering (ICSE), pages 1273–1285, 2020. [32] A. A. Pammu, K.-S. Chong, W.-G. Ho, and B.-H. Gwee. Interceptive side channel attack on aes-128 wireless communications for iot applications. In 2016 IEEE Asia Pacific Conference on Circuits and Systems (APCCAS), pages 650–653. IEEE, 2016. [33] C.S.Pasareanu,Q.-S.Phan,andP.Malacaria.Multi-runside-channelanalysisusing symbolic execution and max-smt. In 2016 IEEE 29th Computer Security Founda- tions Symposium (CSF), pages 387–400. IEEE, 2016. [34] H. Patel and R. O. Baldwin. Random forest profiling attack on advanced encryption standard. International Journal of Applied Cryptography, 3(2):181–194, 2014. [35] P. Ravi, S. S. Roy, A. Chattopadhyay, and S. Bhasin. Generic side-channel attacks on cca-secure lattice-based pke and kems. IACR Trans. Cryptogr. Hardw. Embed. Syst., 2020(3):307–335, 2020. [36] P. Ravi, A. Chattopadhyay, and A. Baksi. Side-channel and fault-injection attacks over lattice-based post-quantum schemes (kyber, dilithium): Survey and new results. Cryptology ePrint Archive, 2022. [37] D. X. Song, D. Wagner, and X. Tian. Timing analysis of keystrokes and timing attacks on {SSH}. In 10th USENIX Security Symposium (USENIX Security 01), 2001. [38] C. S. Thirumalai and P. Viswanathan. Modelling a side channel resistant chan-pkc cryptomata for medical data security. Multimedia Tools and Applications, 78(18): 25977–25997, 2019. [39] A. Wei, Y. Deng, C. Yang, and L. Zhang. Free lunch for testing: Fuzzing deep- learning libraries from open source. arXiv preprint arXiv:2201.06589, 2022. [40] M. Wu, S. Guo, P. Schaumont, and C. Wang. Eliminating timing side-channel leaks using program repair. In Proceedings of the 27th ACM SIGSOFT International Sym- posium on Software Testing and Analysis, pages 15–26, 2018. [41] F. Y. Yuhou Lin, Shuwen Hsiao. On profiling runtime function call invocation of python script. 2019. [42] K. Zhang, Z. Li, R. Wang, X. Wang, and S. Chen. Sidebuster: automated detection and quantification of side-channel leaks in web application development. In Pro- ceedings of the 17th ACM conference on Computer and communications security, pages 595–606, 2010. |