https://github.com/hoytech/statistics-boxtest

Simple timing measurement stats test
https://github.com/hoytech/statistics-boxtest

Last synced: 7 months ago
JSON representation

Simple timing measurement stats test

• Host: GitHub
• URL: https://github.com/hoytech/statistics-boxtest
• Owner: hoytech
• License: other
• Created: 2012-07-27T05:48:38.000Z (about 13 years ago)
• Default Branch: master
• Last Pushed: 2012-07-27T05:51:42.000Z (about 13 years ago)
• Last Synced: 2025-01-25T05:43:08.745Z (9 months ago)
• Language: Perl
• Size: 97.7 KB
• Stars: 1
• Watchers: 3
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.pod
  • Changelog: Changes
  • License: COPYING

Awesome Lists containing this project

README

          
=encoding utf-8

=head1 NAME

Statistics::BoxTest - Simple timing measurement stats test

=head1 SYNOPSIS

    use Statistics::BoxTest;

    my ($r, $summary) = Statistics::BoxTest::compare(

                          dataset1 => $dataset1,

                          dataset2 => $dataset2,

                        );

    ## $r is -1, 0, or 1

=head1 DESCRIPTION

This module is a component of an attempt to replicate some experiments described in the paper "Opportunities and Limits of Remote Timing Attacks" by Scott Crosby, Dan Wallach, and Rudolf Riedi.

The box test works on the principle that network latency measurements tend to have a bimodal distribution. The first mode is a large, tight cluster of measurements in the bottom of the range representing the best-case where there is no significant network congestion and no interfering interrupts or page faults on the measuring or measured machines. The second mode is a higher-valued aggregate of all the sources of "jitter" that contribute to latency measurements. In other words, measurements with lower values tend to contain less noise than higher values (read the paper for a much more in-depth explanation).

=head1 USAGE

This module contains a single function C (not exported by default). It must be passed at least two arrayrefs, C and C.

You can optionally also pass C and C (called I and I in the paper). The defaults are 0 and 5 respectively. According to the paper, optimal values were less than 6.


In C<$r>, C will return -1 if it thinks that C is lower than C, 1 if it thinks C is higher than C, and 0 if it didn't detect any difference.

C also returns C<$summary> which is an arrayref of arrayrefs representing the bounds of the boxes of the two datasets.

C will croak if the data-sets don't contain enough samples for your specified percentiles.

=head1 NOTES

In order to minimise jitter added by your measurment machine, normally you would collect the measurements using a program written in C, and then use this module to analyze the measurements after the fact. Collecting timing data using perl is problematic because of the unpredictability of the perl run-time environment.

=head1 SEE ALSO

There are many other statistics-related modules on CPAN, although see the paper for some insights into why tests like the Student's t-test that seem like they would be applicable have some issues with remote timing side-channels.

L - The very interesting paper that inspired this module

L - Exploiting Timing Side Channel Vulnerabilities on the Web

L - Interesting weaknesses of ASLR and stack canaries in the presence of timing side-channels

=head1 AUTHOR

Doug Hoyte, C<<  >>

=head1 COPYRIGHT & LICENSE

Copyright 2012 Doug Hoyte.

This module is licensed under the same terms as perl itself.

=cut