From trash to treasure: timing-sensitive garbage collection

Mathias V. Pedersen and Aslan Askarov

In Proceedings of the 38th IEEE Symposium on Security and Privacy (S&P'17)

Abstract: This paper studies information flows via timing channels in the presence of automatic memory management. We construct a series of example attacks that illustrate that garbage collectors form a shared resource that can be used to reliably leak sensitive information at a rate of up to 1 byte/sec on a contemporary general-purpose computer. The created channel is also observable across a network connection in a datacenter-like setting. We subsequently present a design of automatic memory management that is provably resilient against such attacks.

Paper PDF

Auxiliary material: