Skip to main content

AttackerModel

tacet

Enum AttackerModel 

Source 
pub enum AttackerModel {
    SharedHardware,
    PostQuantumSentinel,
    AdjacentNetwork,
    RemoteNetwork,
    Research,
    Custom {
        threshold_ns: f64,
    },
}
Expand description

Attacker model determines the minimum effect threshold (θ) for leak detection.

Choose based on your threat model - this is the most important configuration choice. There is no single correct threshold; your choice is a statement about who you’re defending against.

§Sources

  • Crosby et al. (2009): “Opportunities and Limits of Remote Timing Attacks.” Reports ~100ns LAN accuracy, 15–100μs internet accuracy.
  • Van Goethem et al. (2020): “Timeless Timing Attacks” (USENIX Security). Achieved 100ns accuracy over the internet using HTTP/2 request multiplexing.
  • Flush+Reload, Prime+Probe literature: Documents cycle-level timing attacks on shared hardware (SGX, cross-VM, containers).

Variants§

§

SharedHardware

Attacker shares physical hardware with the target.

θ = 2 cycles (~0.6ns @ 3GHz)

Use for: SGX enclaves, cross-VM on shared cache, co-located containers, hyperthreading neighbors, shared hosting.

Sources: Flush+Reload, Prime+Probe literature

§

PostQuantumSentinel

Catch KyberSlash-class timing leaks in post-quantum cryptography.

θ = 10 cycles (~3.3ns @ 3GHz)

Use for: ML-KEM (Kyber), ML-DSA (Dilithium), and other lattice-based cryptography where ~20 cycle leaks have been shown exploitable.

This provides a 2x safety margin: set θ at 10 cycles to reliably catch 20+ cycle leaks.

Sources: KyberSlash (Jancar et al. 2024)

§

AdjacentNetwork

Attacker on same local network, or using HTTP/2 concurrent requests.

θ = 100ns

Use for: Internal services, microservices, or any HTTP/2 endpoint.

Note: “Timeless Timing Attacks” (USENIX 2020) achieved 100ns over the internet using HTTP/2 request multiplexing. The LAN/WAN distinction is weaker than previously thought.

Sources: Crosby et al. 2009 (LAN), Van Goethem et al. 2020 (HTTP/2)

§

RemoteNetwork

Attacker over the internet using traditional timing techniques.

θ = 50μs

Use for: Public APIs without HTTP/2, legacy services, high-jitter paths.

Sources: Crosby et al. 2009 (15-100μs range)

§

Research

Detect any measurable timing difference.

θ → 0 (clamped to timer resolution)

Warning: Will flag tiny, unexploitable differences. Not for CI. Use for: Profiling, debugging, academic analysis, finding any leak.

§

Custom

Custom threshold in nanoseconds.

Fields

§threshold_ns: f64

Threshold in nanoseconds.

Implementations§

Source§

impl AttackerModel

Source

pub fn to_threshold_ns(&self) -> f64

Convert attacker model to threshold in nanoseconds.

Source

pub fn description(&self) -> &'static str

Get a human-readable description of this attacker model.

Trait Implementations§

Source§

impl Clone for AttackerModel

Source§

fn clone(&self) -> AttackerModel

Returns a duplicate of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for AttackerModel

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result<(), Error>

Formats the value using the given formatter. Read more
Source§

impl Default for AttackerModel

Source§

fn default() -> AttackerModel

Returns the “default value” for a type. Read more
Source§

impl PartialEq for AttackerModel

Source§

fn eq(&self, other: &AttackerModel) -> bool

Tests for self and other values to be equal, and is used by ==.
1.0.0 · Source§

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.
Source§

impl Copy for AttackerModel

Source§

impl StructuralPartialEq for AttackerModel

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> IntoEither for T

Source§

fn into_either(self, into_left: bool) -> Either<Self, Self>

Converts self into a Left variant of Either<Self, Self> if into_left is true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
Source§

fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
where F: FnOnce(&Self) -> bool,

Converts self into a Left variant of Either<Self, Self> if into_left(&self) returns true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
Source§

impl<T> Pointable for T

Source§

const ALIGN: usize

The alignment of pointer.
Source§

type Init = T

The type for initializers.
Source§

unsafe fn init(init: <T as Pointable>::Init) -> usize

Initializes a with the given initializer. Read more
Source§

unsafe fn deref<'a>(ptr: usize) -> &'a T

Dereferences the given pointer. Read more
Source§

unsafe fn deref_mut<'a>(ptr: usize) -> &'a mut T

Mutably dereferences the given pointer. Read more
Source§

unsafe fn drop(ptr: usize)

Drops the object pointed to by the given pointer. Read more
Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<SS, SP> SupersetOf<SS> for SP
where SS: SubsetOf<SP>,

Source§

fn to_subset(&self) -> Option<SS>

The inverse inclusion map: attempts to construct self from the equivalent element of its superset. Read more
Source§

fn is_in_subset(&self) -> bool

Checks if self is actually part of its subset T (and can be converted to it).
Source§

fn to_subset_unchecked(&self) -> SS

Use with care! Same as self.to_subset but without any property checks. Always succeeds.
Source§

fn from_subset(element: &SS) -> SP

The inclusion map: converts self to the equivalent element of its superset.
Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

Source§

fn vzip(self) -> V

Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

impl<T> EventData for T
where T: Send + Sync,

Source§

impl<T> Scalar for T
where T: 'static + Clone + PartialEq + Debug,