TimeInspector: a static analysis approach for detecting timing attacks

We present a static analysis approach to detect malicious binaries that are capable of carrying out a timing attack. The proposed approach is based on a simple observation that the timing attacks typically operate by measuring the execution times of short sequences of instructions. Consequently, given a binary, we first construct the control flow graph of the binary and then determine the paths between the pairs of time readings, on which a suspiciously low number of instructions might be executed. In the presence of such a path, we mark the binary as potentially malicious and report all the suspicious paths identified. In the experiments, where a collection of benign and malicious binaries were used, the proposed approach correctly detected all the malicious binaries with an accuracy up to 99.5% and without any false negatives