{"id":21651853,"url":"https://github.com/hoytech/statistics-boxtest","last_synced_at":"2025-03-20T04:06:48.305Z","repository":{"id":4093408,"uuid":"5201074","full_name":"hoytech/Statistics-BoxTest","owner":"hoytech","description":"Simple timing measurement stats test","archived":false,"fork":false,"pushed_at":"2012-07-27T05:51:42.000Z","size":100,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-01-25T05:43:08.745Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Perl","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/hoytech.png","metadata":{"files":{"readme":"README.pod","changelog":"Changes","contributing":null,"funding":null,"license":"COPYING","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2012-07-27T05:48:38.000Z","updated_at":"2014-09-09T04:15:27.000Z","dependencies_parsed_at":"2022-08-26T04:51:22.155Z","dependency_job_id":null,"html_url":"https://github.com/hoytech/Statistics-BoxTest","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hoytech%2FStatistics-BoxTest","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hoytech%2FStatistics-BoxTest/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hoytech%2FStatistics-BoxTest/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hoytech%2FStatistics-BoxTest/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/hoytech","download_url":"https://codeload.github.com/hoytech/Statistics-BoxTest/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":244547606,"owners_count":20470103,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-25T07:49:51.958Z","updated_at":"2025-03-20T04:06:48.285Z","avatar_url":"https://github.com/hoytech.png","language":"Perl","funding_links":[],"categories":[],"sub_categories":[],"readme":"=encoding utf-8\n\n=head1 NAME\n\nStatistics::BoxTest - Simple timing measurement stats test\n\n\n=head1 SYNOPSIS\n\n    use Statistics::BoxTest;\n\n    my ($r, $summary) = Statistics::BoxTest::compare(\n                          dataset1 =\u003e $dataset1,\n                          dataset2 =\u003e $dataset2,\n                        );\n\n    ## $r is -1, 0, or 1\n\n\n\n=head1 DESCRIPTION\n\nThis module is a component of an attempt to replicate some experiments described in the paper \"Opportunities and Limits of Remote Timing Attacks\" by Scott Crosby, Dan Wallach, and Rudolf Riedi.\n\nThe box test works on the principle that network latency measurements tend to have a bimodal distribution. The first mode is a large, tight cluster of measurements in the bottom of the range representing the best-case where there is no significant network congestion and no interfering interrupts or page faults on the measuring or measured machines. The second mode is a higher-valued aggregate of all the sources of \"jitter\" that contribute to latency measurements. In other words, measurements with lower values tend to contain less noise than higher values (read the paper for a much more in-depth explanation).\n\n\n\n=head1 USAGE\n\nThis module contains a single function C\u003ccompare\u003e (not exported by default). It must be passed at least two arrayrefs, C\u003cdataset1\u003e and C\u003cdataset2\u003e.\n\nYou can optionally also pass C\u003cpercentile_low\u003e and C\u003cpercentile_high\u003e (called I\u003ci\u003e and I\u003cj\u003e in the paper). The defaults are 0 and 5 respectively. According to the paper, optimal values were less than 6.\n\nIn C\u003c$r\u003e, C\u003ccompare\u003e will return -1 if it thinks that C\u003cdataset1\u003e is lower than C\u003cdataset2\u003e, 1 if it thinks C\u003cdataset1\u003e is higher than C\u003cdataset2\u003e, and 0 if it didn't detect any difference.\n\nC\u003ccompare\u003e also returns C\u003c$summary\u003e which is an arrayref of arrayrefs representing the bounds of the boxes of the two datasets.\n\nC\u003ccompare\u003e will croak if the data-sets don't contain enough samples for your specified percentiles.\n\n\n\n=head1 NOTES\n\nIn order to minimise jitter added by your measurment machine, normally you would collect the measurements using a program written in C, and then use this module to analyze the measurements after the fact. Collecting timing data using perl is problematic because of the unpredictability of the perl run-time environment.\n\n\n\n\n\n=head1 SEE ALSO\n\nThere are many other statistics-related modules on CPAN, although see the paper for some insights into why tests like the Student's t-test that seem like they would be applicable have some issues with remote timing side-channels.\n\nL\u003cOpportunities and Limits of Remote Timing Attacks|http://www.cs.rice.edu/~dwallach/pub/crosby-timing2009.pdf\u003e - The very interesting paper that inspired this module\n\nL\u003cTime is on my Side|http://events.ccc.de/congress/2011/Fahrplan/events/4640.en.html\u003e - Exploiting Timing Side Channel Vulnerabilities on the Web\n\nL\u003cExploiting OpenBSD|http://sota.gen.nz/hawkes_openbsd.pdf\u003e - Interesting weaknesses of ASLR and stack canaries in the presence of timing side-channels\n\n\n\n\n=head1 AUTHOR\n\nDoug Hoyte, C\u003c\u003c \u003cdoug@hcsw.org\u003e \u003e\u003e\n\n\n\n=head1 COPYRIGHT \u0026 LICENSE\n\nCopyright 2012 Doug Hoyte.\n\nThis module is licensed under the same terms as perl itself.\n\n\n=cut\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhoytech%2Fstatistics-boxtest","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fhoytech%2Fstatistics-boxtest","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhoytech%2Fstatistics-boxtest/lists"}