Enum Exploitability 

pub enum Exploitability {
    SharedHardwareOnly,
    Http2Multiplexing,
    StandardRemote,
    ObviousLeak,
}

Exploitability assessment based on effect magnitude.

Based on Crosby et al. (2009) thresholds for timing attack feasibility. These thresholds are heuristics based on academic research for risk prioritization, not guarantees. The thresholds reflect modern attack techniques including HTTP/2 multiplexing (Timeless Timing Attacks) and shared-hardware attacks (KyberSlash, Flush+Reload).

See spec Section 5.4 (Exploitability).

Variants

SharedHardwareOnly

Effect < 10 ns: Requires shared hardware to exploit.

Only exploitable by attackers with physical co-location: SGX enclaves, hyperthreading on same core, containers on same host, or cross-VM on shared cache. Remote exploitation is impractical.

References: KyberSlash (2024), Flush+Reload, Prime+Probe literature

Http2Multiplexing

10-100 ns: Exploitable via HTTP/2 request multiplexing.

Requires ~100k concurrent HTTP/2 requests to exploit. The “Timeless Timing Attacks” technique eliminates network jitter by sending requests that arrive simultaneously, making response order reveal timing differences.

Reference: Van Goethem et al., “Timeless Timing Attacks” (USENIX Security 2020)

StandardRemote

100 ns - 10 μs: Exploitable with standard remote timing.

Requires ~1k-10k requests using traditional timing techniques. Exploitable on LAN with any protocol, or over internet with HTTP/2.

References: Crosby et al. (2009), Brumley & Boneh (2005)

ObviousLeak

10 μs: Obvious timing leak, trivially exploitable.

Detectable with < 100 requests. Exploitable over the internet even with high-jitter connections using traditional timing techniques.

Implementations

impl Exploitability

pub fn from_effect_ns(effect_ns: f64) -> Exploitability

Determine exploitability from effect size in nanoseconds.

Thresholds are based on:

• < 10 ns: Below HTTP/2 timing precision, requires shared hardware
• 10-100 ns: Within HTTP/2 “Timeless Timing Attacks” range
• 100 ns - 10 μs: Standard remote timing attack range

• 10 μs: Trivially observable

Trait Implementations

impl Clone for Exploitability

fn clone(&self) -> Exploitability

Returns a duplicate of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for Exploitability

fn fmt(&self, f: &mut Formatter<'_>) -> Result<(), Error>

Formats the value using the given formatter.

impl<'de> Deserialize<'de> for Exploitability

fn deserialize<__D>( __deserializer: __D, ) -> Result<Exploitability, <__D as Deserializer<'de>>::Error>

where __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer.

impl Display for Exploitability

fn fmt(&self, f: &mut Formatter<'_>) -> Result<(), Error>

Formats the value using the given formatter.

impl PartialEq for Exploitability

fn eq(&self, other: &Exploitability) -> bool

Tests for self and other values to be equal, and is used by ==.

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.

impl Serialize for Exploitability

fn serialize<__S>( &self, __serializer: __S, ) -> Result<<__S as Serializer>::Ok, <__S as Serializer>::Error>

where __S: Serializer,

Serialize this value into the given Serde serializer.

impl Copy for Exploitability

impl Eq for Exploitability

impl StructuralPartialEq for Exploitability