Detecting Hidden Storage Side Channel Vulnerabilities in Networked Applications
Side channels are communication channels that were not intended for communication and that accidentally leak information. A storage side channel leaks information through the content of the channel and not its timing behavior. Storage side channels are a large problem in networked applications since the output at the level of the protocol encoding (e.g., HTTP and HTML) often depends on data and control flow. The authors call such channels hidden because the output differences blend with the noise of the channel. Within a formal system model, they give a necessary and sufficient condition for such storage side channels to exist.