- Forward


Information Leakage Vulnerabilities
An Introduction


Prof. David Bernstein
James Madison University

Computer Science Department
bernstdh@jmu.edu

Print

Overview
Back SMYC Forward
  • Nature of the Vulnerability:
    • Information is provided using an unintended mechanism
  • Nature of the Attack:
    • The attacker becomes aware of the unintended mechanism and makes use of it
Kinds of Mechanisms
Back SMYC Forward
  • Side Channels:
    • Timing Channels - information is inferred by measuring the time required to complete different operations
    • Storage Channels - information is inferred using properties of stored information (e.g., the names of files, the lengths of files)
  • Insecure Direct Object References:
    • Insecure references to secure information (e.g., a URL that results in an operation being performed on data with a particular ID leaks information about that ID and the identification scheme)
Mitigation
Back SMYC Forward
  • Tends to be application-specific
  • Cryptography and randomization tend to play an important role
There's Always More to Learn
Back -