Timing Attacks for Recovering Private Entries From Database Engines (RSA Conference)

Timing Attacks for Recovering Private Entries From Database Engines (RSA Conference)

Monday, April 7, 2008
Ariel Waissbein. Joint work with Ariel Futoransky, Damian Saura and Pedro Varangot
RSA Conference 2008

Data security breaches are mostly due to the exploitation of bugs in front-end web applications. CoreLabs devised an attack that works without requiring the existence of implementation bugs or security misconfigurations in the database. The researchers will explain how this technique makes it possible to extract private data from a database by performing record insertion operations.

Keywords

Timing attacks, Database Management Systems, MySQL, MS SQL, B-trees.

Attachment: