Modern software systems frequently store and manipulate personal data, such as location, credit card information or medical history. Guaranteeing the confidentiality of such private data is necessary to protect the users of these systems. This aim is complicated by side channel attacks, which have been increasingly demonstrated as a practical threat to the secrecy of personal user information. Side channel attacks use non-functional properties of the program’s output such as time or memory consumption to obtain information about private data.
These side-channels are not detectable with any current program analysis approach. I will end my talk with a discussion of an automated technique for inducing and evaluating JIT-based side channels.