Peter Chapman’s CCS talk on Side-Channel Analysis (and Guinness!)
20 October 2011
Peter Chapman presented our work on side-channel analysis for web applications at CCS yesterday. His slides are available here: [PPTX] [PDF].
It provides an automated way to analyze a web application for side-channel vulnerabilities, as well as a better metric for quantifying those vulnerabilities (that may have applications to many other areas where it is important to know how well states can be distinguished). It is described in more detail in this paper: Automated Black-Box Detection of Side-Channel Vulnerabilities in Web Applications (and earlier post), but for the important connection to Guinness you need to view the slides. The tool is also freely available at http://www.cs.virginia.edu/sca/ (with a tutorial explaining how to use it!)