Timing Attacks for Recovering Private Entries From Database Engines (RSA Conference)

Timing Attacks for Recovering Private Entries From Database Engines (RSA Conference)

Data security breaches are mostly due to the exploitation of bugs in front-end web applications. CoreLabs devised an attack that works without requiring the existence of implementation bugs or security misconfigurations in the database. The researchers will explain how this technique makes it possible to extract private data from a database by performing record insertion operations.

Keywords

Timing attacks, Database Management Systems, MySQL, MS SQL, B-trees.

Monday, April 7, 2008