Abstract
The time it takes a program or its elementary operations to execute reveals a great deal about the data it manipulates. Using the RSA signature as an example, we have described how to attack software by observing its execution times, and how to counter these attacks by modifying the algorithm (data masking) or its implementation (time quantization, etc.). Processor cache memory provides another indirect channel of information : the time taken for a memory access reveals things about the memory cells that have recently been accessed, enabling attacks to be mounted, as we have shown with the AES encryption example. Programming in constant time (or, more precisely, in time independent of secret data) is one way of countering these attacks by observing time and caches. We have seen how to characterize it in terms of information flow and how to put it into practice. The lecture concluded with an overview of Spectre attacks, which combine cache observation and manipulation of speculative processor execution.
