JIT Leaks - Inducing Timing Side Channels through Just-In-Time Compilation
Offered By: IEEE via YouTube
Course Description
Overview
Explore the concept of JIT Leaks in this 17-minute IEEE conference talk. Delve into how just-in-time (JIT) compilation, essential for runtime performance in modern interpreted languages, can introduce timing side channels when input distribution is non-uniform. Learn about three attack models for harnessing these side channels and five vulnerability templates for detecting susceptible code fragments and predicates. Discover profiling algorithms designed to generate statistical information crucial for accurate attacker inference. Examine the systematic evaluation of JIT-based side channels in Java and JavaScript standard libraries using Oracle HotSpot Java Virtual Machine and Google V8 JavaScript engine. Investigate real-world examples of JIT-based side channels in the Apache Shiro security framework and GraphHopper route planning server, demonstrating their observability over the public Internet.
Syllabus
JIT Leaks: Inducing Timing Side Channels through Just-In-Time Compilation
Taught by
IEEE Symposium on Security and Privacy
Tags
Related Courses
Computer SecurityStanford University via Coursera Cryptography II
Stanford University via Coursera Malicious Software and its Underground Economy: Two Sides to Every Story
University of London International Programmes via Coursera Building an Information Risk Management Toolkit
University of Washington via Coursera Introduction to Cybersecurity
National Cybersecurity Institute at Excelsior College via Canvas Network