Papers about timing attacks on garbage collectors Lassi Kortela (14 Sep 2019 20:22 UTC)
Papers about timing attacks on garbage collectors Lassi Kortela 14 Sep 2019 20:22 UTC
Existing timing attacks on garbage collectors from Google Scholar:
<http://www.ieee-security.org/TC/SP2017/papers/258.pdf>
From trash to treasure: timing-sensitive garbage collection (2017)
Abstract: "This paper studies information flows via
timingchannels in the presence of automatic memory management.
Weconstruct a series of example attacks that illustrate that
garbagecollectors form a shared resource that can be used to
reliablyleak sensitive information at a rate of up to 1
byte/sec on acontemporary general-purpose computer. The created
channel isalso observable across a network connection in a
datacenter-likesetting. We subsequently present a design of
automatic memorymanagement that is provably resilient against
such attacks."
Eliminating Cache-Based Timing Attacks with Instruction-Based Scheduling
(2013)
<http://amitlevy.com/papers/eliminating-esorics2013.pdf>
Excerpt from the paper: "Though GHC already inserts many safe points as
a meansof invoking the garbage collector (via the scheduler), tight
loops that do not perform anyallocation are known to hang execution [1].
Addressing this eight-year old bug, whichwould otherwise be a security
concern in LIO, we modified the compiler to insert safepoints on
function entry points. This modification, integrated in the mainline
GHC, hasalmost no effect on performance and only a 7% bloat in average
binary size."