This paper identifies system time maintenance—a long-overlooked attack surface—and demonstrates that kernel time subsystem vulnerabilities enable highly stealthy, privilege-escalated time manipulation attacks. Method: The authors formally define the “time attack” paradigm, systematically discover kernel vulnerabilities, and reverse-engineer clocksource/clockevent mechanisms to construct privileged time-tampering primitives, achieving millisecond-precise, controllable time offsets on mainstream Linux systems. Contribution/Results: Such attacks bypass critical security checks—including NTP synchronization validation, TLS certificate validity enforcement, short-lived token authentication, and chronological log auditing—exposing fundamental flaws in time-dependent security designs. The work establishes the first benchmark for time security assessment and introduces a comprehensive defense framework, thereby elevating time integrity to a first-class dimension of system security.

Timekeeping is a fundamental component of modern computing; however, the security of system time remains an overlooked attack surface, leaving critical systems vulnerable to manipulation.