Date Added: Feb 2011
Research has shown that timing side channels exist in web applications. An obvious, but problematic, mitigation for timing attacks is to delay the execution time to the worst case execution time, so that all requests have the same response time. On the upside, this prevents timing attacks as there are no differences in the response time any more. On the downside, this approach has a negative effect on performance, which may render the approach useless for many practical systems. In this paper, the authors propose a new strategy to prevent timing attacks in web applications with little impact on performance.