Detection of leaks through exception mechanisms

A timing attack is a security exploit that allows an attacker to discover vulnerabilities in the security of a computer or network system by analysing the execution time of algorithms. This is because each operation in a program takes time to be executed, and this time may vary depending on its inputs and the characteristics of the microprocessor on which it runs. With accurate time measurements for each operation, it may be possible for an attacker to discover secrets through the analysis of the execution time of a program. This paper presents an automatable approach for detecting information leakage in programs through timing information. It is based on the Z3-SMT solver. It allows to detect vulnerabilities in a software code according to a given security specification and target architecture. This paper also features some research issues that will be addressed during my thesis.