Timing Attacks:
Identify tasks that take a measurable amount of time
Determine under which circumstances this task is executed
Determine if you can infer information about the underlying system
Race Conditions:
Identify tasks that assume single-threaded execution (file access, database access, ...)
Identify if there is a possible timing window that could be exploited
Make sure all computation paths take (nearly) the same amount of time
Always assume multi-threaded execution
Use file locks and database locks when performing critical operations
Last updated 4 months ago