Title
Timing Attacks for Recovering Private Entries From Database Engines (RSA Conference)
Authors
Ariel Waissbein. Joint work with Ariel Futoransky, Damian Saura and Pedro Varangot
In
RSA Conference 2008. April 7-11, 2008. (HT1-302)
Date published
2008-04
Keywords
Timing attacks, Database Management Systems, MySQL, MS SQL, B-trees.

Abstract

Data security breaches are mostly due to the exploitation of bugs in front-end web applications. CoreLabs devised an attack that works without requiring the existence of implementation bugs or security misconfigurations in the database. The researchers will explain how this technique makes it possible to extract private data from a database by performing record insertion operations.

Attachments