Proceedings of the 7th ACM conference on Computer and communications security
Symbolic execution and program testing
Communications of the ACM
Programming Techniques: Regular expression search algorithm
Communications of the ACM
A mathematical theory of communication
ACM SIGMOBILE Mobile Computing and Communications Review
New covert channels in HTTP: adding unwitting Web browsers to anonymity sets
Proceedings of the 2003 ACM workshop on Privacy in the electronic society
On the Foundations of Quantitative Information Flow
FOSSACS '09 Proceedings of the 12th International Conference on Foundations of Software Science and Computational Structures: Held as Part of the Joint European Conferences on Theory and Practice of Software, ETAPS 2009
Automatic creation of SQL Injection and cross-site scripting attacks
ICSE '09 Proceedings of the 31st International Conference on Software Engineering
Side-Channel Leaks in Web Applications: A Reality Today, a Challenge Tomorrow
SP '10 Proceedings of the 2010 IEEE Symposium on Security and Privacy
Symbolic PathFinder: symbolic execution of Java bytecode
Proceedings of the IEEE/ACM international conference on Automated software engineering
Proceedings of the 17th ACM conference on Computer and communications security
Soot: a Java bytecode optimization framework
CASCON First Decade High Impact Papers
Automatically deriving information-theoretic bounds for adaptive side-channel attacks
Journal of Computer Security
Automated driver generation for analysis of web applications
FASE'11/ETAPS'11 Proceedings of the 14th international conference on Fundamental approaches to software engineering: part of the joint European conferences on theory and practice of software
Cache Games -- Bringing Access-Based Cache Attacks on AES to Practice
SP '11 Proceedings of the 2011 IEEE Symposium on Security and Privacy
Automated black-box detection of side-channel vulnerabilities in web applications
Proceedings of the 18th ACM conference on Computer and communications security
Hi-index | 0.00 |
Communication between the client side and server side in web applications is a threat to the users' private data because of side-channel leakage. Attackers can infer sensitive information from the network traffic generated during the communication according to packet sizes and sequence structure. Here we present a new technique, based on verification and quantitative information flow, for the analysis of these side channels in web applications. The technique is implemented in a tool, called SideAuto, whose applicability to a variety of web applications is demonstrated. SideAuto aims to perform fully automatic analysis of side-channel leakage. Core to this aim is the generation of test cases without the developer's manual work. Our technique applies primarily to the Apache Struts framework of web applications.