Abstract
The time it takes a program or its elementary operations to execute reveals a great deal about the data it manipulates. Using the RSA signature as an example, we'll see how to attack software by observing its execution times, and how to counter these attacks by modifying the algorithm (data masking) or its implementation (time quantization, etc.). Processor cache memory provides another indirect channel of information: the time taken for a memory access reveals things about the memory cells that have recently been accessed, enabling attacks to be mounted, as we shall see in the example of AES encryption. Constant-time programming (or, more precisely, time-independent programming) is one way of countering these attacks by observing time and caches. We'll see how to characterize it in terms of information flow and how to put it into practice. We'll finish with an overview of "Spectre"-type attacks, which combine cache observation and manipulation of speculative processor execution.
