CWE-385: Covert Timing Channel
CWE版本: 4.18
更新日期: 2025-09-09
弱点描述
Covert timing channels convey information by modulating some aspect of system behavior over time, so that the program receiving the information can observe system behavior and infer protected information.
常见后果
影响范围: Confidentiality Other
技术影响: Read Application Data Other
说明: Information exposure.
潜在缓解措施
阶段: Architecture and Design
描述: Whenever possible, specify implementation strategies that do not introduce time variances in operations.
阶段: Implementation
描述: Often one can artificially manipulate the time which operations take or -- when operations occur -- can remove information from the attacker.
阶段: Implementation
描述: It is reasonable to add artificial or random delays so that the amount of CPU time consumed is independent of the action being taken by the application.
引入模式
| 阶段 | 说明 |
|---|---|
| Architecture and Design | - |
| Implementation | - |
适用平台
编程语言
分类映射
| 分类名称 | 条目ID | 条目名称 | 映射适配度 |
|---|---|---|---|
| Landwehr | - | Timing | - |
| CLASP | - | Covert Timing Channel | - |