Organizer: Nina Bindel
Timing side-channel attacks constitute a severe threat to the security of computer systems. During such an attack, the attacker exploits timing side-channel vulnerabilities, particular patterns in system's implementation that result in leakage of secret information. Program analysis offers a lot of opportunities for analyzing implementations of software systems. In this talk, we present our program analysis for detection of timing side-channel vulnerabilities in Java programs. We demonstrate how our analysis can be used for detection of vulnerabilities in open-source cryptographic implementations in Java. We speak about opportunities offered by our approach, and discuss how we plan to explore them in CROSSING.