Detecting Hidden Storage Side Channel Vulnerabilities in Networked Applications

  • Felix C. Freiling
  • Sebastian Schinzel
Part of the IFIP Advances in Information and Communication Technology book series (IFIPAICT, volume 354)

Abstract

Side channels are communication channels that were not intended for communication and that accidentally leak information. A storage side channel leaks information through the content of the channel and not its timing behavior. Storage side channels are a large problem in networked applications since the output at the level of the protocol encoding (e.g., HTTP and HTML) often depends on data and control flow. We call such channels hidden because the output differences blend with the noise of the channel. Within a formal system model, we give a necessary and sufficient condition for such storage side channels to exist. Based on this condition, we develop a method to detect this kind of side channels. The method is based on systematic comparisons of network responses of web applications. We show that this method is useful in practice by exhibiting hidden storage side channels in three well-known web applications: Typo3, Postfix Admin, and Zenith Image Gallery.

References

  1. 1.
    Admin, P.: Web based administration interface (2010), http://postfixadmin.sourceforge.net/
  2. 2.
    The TYPO3 Association: Typo3 content management system (2010), http://www.typo3.org/
  3. 3.
    Backes, M., Dürmuth, M., Unruh, D.: Compromising reflections-or-how to read LCD monitors around the corner. In: IEEE Symposium on Security and Privacy, pp. 158–169. IEEE Computer Society, Los Alamitos (2008)Google Scholar
  4. 4.
    Bauer, M.: New covert channels in HTTP. CoRR, cs.CR/0404054 (2004)Google Scholar
  5. 5.
    Bond, M., Anderson, R.: API-level attacks on embedded systems. Computer 34(10), 67–75 (2001)CrossRefGoogle Scholar
  6. 6.
    Borders, K., Prakash, A.: Quantifying information leaks in outbound web traffic. In: Proceedings of the IEEE Symposium on Security and Privacy (May 2009)Google Scholar
  7. 7.
    Bortz, A., Boneh, D.: Exposing private information by timing web applications. In: Williamson, C.L., Zurko, M.E., Patel-Schneider, P.F., Shenoy, P.J. (eds.) WWW, pp. 621–628. ACM, New York (2007)CrossRefGoogle Scholar
  8. 8.
    Bowyer, L.: Firewall bypass via protocol stenography (2002), http://web.archive.org/web/20021207163949/, http://networkpenetration.com/protocol_steg.html
  9. 9.
    Chen, S., Wang, R., Wang, X., Zhang, K.: Side-channel leaks in web applications: a reality today, a challenge tomorrow, Oakland, CA. IEEE, Los Alamitos (May 2010)Google Scholar
  10. 10.
    CyberiaPC.com. Zenith picture gallery (2007), http://zenithpg.sourceforge.net/
  11. 11.
    European Network of Excellence (ECRYPT). The Side Channel Cryptanalysis Lounge. Internet (April 2010), http://www.crypto.rub.de/en_sclounge.html
  12. 12.
    Felten, E.W., Schneider, M.A.: Timing attacks on web privacy. In: SIGSAC: 7th ACM Conference on Computer and Communications Security. ACM SIGSAC (2000)Google Scholar
  13. 13.
    Kemmerer, R.A.: Shared resource matrix methodology: An approach to identifying storage and timing channels. ACM Transactions on Computer Systems 1(3), 256–277 (1983)CrossRefGoogle Scholar
  14. 14.
    Kwecka, Z.: Application layer covert channel - analysis and detection (2006), http://www.buchananweb.co.uk/zk.pdf
  15. 15.
    Lampson, B.W.: A note on the confinement problem. ACM 16(10), 613–615 (1973)CrossRefGoogle Scholar
  16. 16.
    Myers, E.W.: An O(ND) difference algorithm and its variations. Algorithmica 1(2), 251–266 (1986)MathSciNetMATHCrossRefGoogle Scholar
  17. 17.
    Nagami, Y., Miyamoto, D., Hazeyama, H., Kadobayashi, Y.: An independent evaluation of web timing attack and its countermeasure. In: Third International Conference an Availability, Reliability and Security (ARES), pp. 1319–1324. IEEE Computer Society, Los Alamitos (2008)CrossRefGoogle Scholar
  18. 18.
    Department of Defense Standard: Department of Defense Trusted Computer System Evaluation Criteria (December 1985)Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2011

Authors and Affiliations

  • Felix C. Freiling
    • 1
  • Sebastian Schinzel
    • 1
  1. 1.Laboratory for Dependable Distributed SystemsUniversity of MannheimGermany

Personalised recommendations