ABSTRACT
The timing characteristics of cache, a high-speed storage between the fast CPU and the slow memory, may reveal sensitive information of a program, thus allowing an adversary to conduct side-channel attacks. Existing methods for detecting timing leaks either ignore cache all together or focus only on passive leaks generated by the program itself, without considering leaks that are made possible by concurrently running some other threads. In this work, we show that timing-leak-freedom is not a compositional property: a program that is not leaky when running alone may become leaky when interleaved with other threads. Thus, we develop a new method, named adversarial symbolic execution, to detect such leaks. It systematically explores both the feasible program paths and their interleavings while modeling the cache, and leverages an SMT solver to decide if there are timing leaks. We have implemented our method in LLVM and evaluated it on a set of real-world ciphers with 14,455 lines of C code in total. Our experiments demonstrate both the efficiency of our method and its effectiveness in detecting side-channel leaks.
- Botan. https://botan.randombit.net/.Google Scholar
- High Performance SSH/SCP - HPN-SSH. https://www.psc.edu/hpnssh.Google Scholar
- Libgcrypt. https://gnupg.org/software/libgcrypt/index.html.Google Scholar
- LibTomCrypt. http://www.libtom.net/LibTomCrypt/.Google Scholar
- OpenSSH. http://www.openssh.com/.Google Scholar
- OpenSSL. https://github.com/openssl/openssl/tree/OpenSSL_0_9_7stable.Google Scholar
- Giovanni Agosta, Alessandro Barenghi, and Gerardo Pelosi. A code morphing methodology to automate power analysis countermeasures. In ACM/IEEE Design Automation Conference, pages 77–82, 2012. Google ScholarDigital Library
- Timos Antonopoulos, Paul Gazzillo, Michael Hicks, Eric Koskinen, Tachio Terauchi, and Shiyi Wei. Decomposition instead of self-composition for proving the absence of timing channels. In ACM SIGPLAN Conference on Programming Language Design and Implementation, pages 362–375, 2017. Google ScholarDigital Library
- Stavros Aronis, Bengt Jonsson, Magnus Lång, and Konstantinos Sagonas. Optimal dynamic partial order reduction with observers. In International Conference on Tools and Algorithms for Construction and Analysis of Systems, pages 229–248, 2018.Google ScholarCross Ref
- Lucas Bang, Abdulbaki Aydin, Quoc-Sang Phan, Corina S. Pasareanu, and Tevfik Bultan. String analysis for side channels with segmented oracles. In ACM SIGSOFT Symposium on Foundations of Software Engineering, pages 193–204, 2016. Google ScholarDigital Library
- Gilles Barthe, Boris Köpf, Laurent Mauborgne, and Martín Ochoa. Leakage resilience against concurrent cache attacks. In International Conference on Principles of Security and Trust, pages 140–158, 2014.Google ScholarCross Ref
- Tiyash Basu and Sudipta Chattopadhyay. Testing cache side-channel leakage. In IEEE International Conference on Software Testing, Verification and Validation, pages 51–60, 2017.Google ScholarCross Ref
- Ali Galip Bayrak, Francesco Regazzoni, Philip Brisk, François-Xavier Standaert, and Paolo Ienne. A first step towards automatic application of power analysis countermeasures. In ACM/IEEE Design Automation Conference, pages 230–235, 2011. Google ScholarDigital Library
- Tom Bergan, Dan Grossman, and Luis Ceze. Symbolic execution of multithreaded programs from arbitrary program contexts. In ACM SIGPLAN Conference on Object Oriented Programming, Systems, Languages, and Applications, pages 491– 506, 2014. Google ScholarDigital Library
- Roderick Bloem, Hannes Groß, Rinat Iusupov, Bettina Könighofer, Stefan Mangard, and Johannes Winter. Formal verification of masked hardware implementations in the presence of glitches. In Annual International Conference on the Theory and Applications of Cryptographic Techniques (EUROCRYPT), pages 321–353, 2018.Google ScholarCross Ref
- Arthur Blot, Masaki Yamamoto, and Tachio Terauchi. Compositional synthesis of leakage resilient programs. In International Conference on Principles of Security and Trust, pages 277–297, 2017. Google ScholarDigital Library
- Tegan Brennan, Seemanta Saha, and Tevfik Bultan. Symbolic path cost analysis for side-channel detection. In International Conference on Software Engineering, pages 424–425, 2018. Google ScholarDigital Library
- Stefan Bucur, Vlad Ureche, Cristian Zamfir, and George Candea. Parallel symbolic execution for automated real-world software testing. In European Conference on Computer Systems, pages 183–198, 2011. Google ScholarDigital Library
- Tevfik Bultan, Fang Yu, Muath Alkhalaf, and Abdulbaki Aydin. String Analysis for Software Verification and Security. Springer, 2017. Google ScholarDigital Library
- Cristian Cadar, Daniel Dunbar, and Dawson R. Engler. KLEE: unassisted and automatic generation of high-coverage tests for complex systems programs. In USENIX Symposium on Operating Systems Design and Implementation, pages 209–224, 2008. Google ScholarDigital Library
- Sudipta Chattopadhyay. Directed automated memory performance testing. In International Conference on Tools and Algorithms for Construction and Analysis of Systems, pages 38–55, 2017. Google ScholarDigital Library
- Sudipta Chattopadhyay, Moritz Beck, Ahmed Rezine, and Andreas Zeller. Quantifying the information leak in cache attacks via symbolic execution. In ACM-IEEE International Conference on Formal Methods and Models for System Design, pages 25–35, 2017. Google ScholarDigital Library
- Jia Chen, Yu Feng, and Isil Dillig. Precise detection of side-channel vulnerabilities using quantitative cartesian hoare logic. In ACM SIGSAC Conference on Computer and Communications Security, pages 875–890, 2017. Google ScholarDigital Library
- Lin Cheng, Zijiang Yang, and Chao Wang. Systematic reduction of GUI test sequences. In IEEE/ACM International Conference On Automated Software Engineering, pages 849–860, 2017. Google ScholarDigital Library
- Duc-Hiep Chu, Joxan Jaffar, and Rasool Maghareh. Precise cache timing analysis via symbolic execution. In IEEE Symposium on Real-Time and Embedded Technology and Applications, pages 293–304, 2016.Google ScholarCross Ref
- Liviu Ciortea, Cristian Zamfir, Stefan Bucur, Vitaly Chipounov, and George Candea. Cloud9: a software testing service. Operating Systems Review, 43(4):5–10, 2009. Google ScholarDigital Library
- Matthew Dellinger, Piyush Garyali, and Binoy Ravindran. Chronos linux: a besteffort real-time multiprocessor linux kernel. In ACM/IEEE Design Automation Conference, pages 474–479, 2011. Google ScholarDigital Library
- Jean-François Dhem, François Koeune, Philippe-Alexandre Leroux, Patrick Mestré, Jean-Jacques Quisquater, and Jean-Louis Willems. A practical implementation of the timing attack. In International Conference on Smart Card Research and Applications, pages 167–182, 1998. Google ScholarDigital Library
- Daniel Dinu, Yann Le Corre, Dmitry Khovratovich, Léo Perrin, Johann Großschädl, and Alex Biryukov. Triathlon of lightweight block ciphers for the internet of things. Cryptology ePrint Archive, Report 2015/209, 2015.Google Scholar
- Goran Doychev, Dominik Feld, Boris Köpf, Laurent Mauborgne, and Jan Reineke. Cacheaudit: A tool for the static analysis of cache side channels. In USENIX Security Symposium, pages 431–446, 2013. Google ScholarDigital Library
- Hassan Eldib and Chao Wang. Synthesis of masking countermeasures against side channel attacks. In International Conference on Computer Aided Verification, pages 114–130, 2014. Google ScholarDigital Library
- Hassan Eldib, Chao Wang, and Patrick Schaumont. SMT-based verification of software countermeasures against side-channel attacks. In International Conference on Tools and Algorithms for Construction and Analysis of Systems, pages 62–77, 2014.Google ScholarCross Ref
- Hassan Eldib, Chao Wang, Mostafa Taha, and Patrick Schaumont. QMS: Evaluating the side-channel resistance of masked software from source code. In ACM/IEEE Design Automation Conference, pages 209:1–6, 2014. Google ScholarDigital Library
- Hassan Eldib, Meng Wu, and Chao Wang. Synthesis of fault-attack countermeasures for cryptographic circuits. In International Conference on Computer Aided Verification, pages 343–363, 2016.Google ScholarCross Ref
- Cormac Flanagan and Patrice Godefroid. Dynamic partial-order reduction for model checking software. In ACM SIGACT-SIGPLAN Symposium on Principles of Programming Languages, pages 110–121, 2005. Google ScholarDigital Library
- Karine Gandolfi, Christophe Mourtel, and Francis Olivier. Electromagnetic analysis: Concrete results. In International Conference on Cryptographic Hardware and Embedded Systems, pages 251–261, 2001. Google ScholarDigital Library
- Daniel Genkin, Adi Shamir, and Eran Tromer. RSA key extraction via lowbandwidth acoustic cryptanalysis. In Annual International Cryptology Conference (CRYPTO), pages 444–461, 2014.Google Scholar
- Daniel Gruss, Julian Lettner, Felix Schuster, Olga Ohrimenko, István Haller, and Manuel Costa. Strong and efficient cache side-channel protection using hardware transactional memory. In USENIX Security Symposium, pages 217–233, 2017. Google ScholarDigital Library
- Shengjian Guo, Markus Kusano, and Chao Wang. Conc-iSE: incremental symbolic execution of concurrent software. In IEEE/ACM International Conference On Automated Software Engineering, pages 531–542, 2016. Google ScholarDigital Library
- Shengjian Guo, Markus Kusano, Chao Wang, Zijiang Yang, and Aarti Gupta. Assertion guided symbolic execution of multithreaded programs. In ACM SIGSOFT Symposium on Foundations of Software Engineering, pages 854–865, 2015. Google ScholarDigital Library
- Shengjian Guo, Meng Wu, and Chao Wang. Symbolic execution of programmable logic controller code. In ACM SIGSOFT Symposium on Foundations of Software Engineering, 2017. Google ScholarDigital Library
- Vineet Kahlon, Chao Wang, and Aarti Gupta. Monotonic partial order reduction: An optimal symbolic partial order reduction technique. In International Conference on Computer Aided Verification, pages 398–413, 2009. Google ScholarDigital Library
- Paul C. Kocher. Timing attacks on implementations of diffie-hellman, rsa, dss, and other systems. In Annual International Cryptology Conference (CRYPTO), pages 104–113, 1996. Google ScholarDigital Library
- Paul C. Kocher, Joshua Jaffe, and Benjamin Jun. Differential power analysis. In Annual International Cryptology Conference (CRYPTO), pages 388–397, 1999. Google ScholarDigital Library
- Jingfei Kong, Onur Aciiçmez, Jean-Pierre Seifert, and Huiyang Zhou. Architecting against software cache-based side-channel attacks. IEEE Trans. Computers, 62(7):1276–1288, 2013. Google ScholarDigital Library
- Boris Köpf, Laurent Mauborgne, and Martín Ochoa. Automatic quantification of cache side-channels. In International Conference on Computer Aided Verification, pages 564–580, 2012. Google ScholarDigital Library
- Markus Kusano and Chao Wang. Assertion guided abstraction: a cooperative optimization for dynamic partial order reduction. In IEEE/ACM International Conference On Automated Software Engineering, pages 175–186, 2014. Google ScholarDigital Library
- Chris Lattner and Vikram S. Adve. LLVM: A compilation framework for lifelong program analysis & transformation. In IEEE/ACM International Symposium on Code Generation and Optimization, pages 75–88, 2004. Google ScholarDigital Library
- Xianfeng Li, Tulika Mitra, and Abhik Roychoudhury. Accurate timing analysis by modeling caches, speculation and their interaction. In ACM/IEEE Design Automation Conference, pages 466–471, 2003. Google ScholarDigital Library
- Yan Li, Vivy Suhendra, Yun Liang, Tulika Mitra, and Abhik Roychoudhury. Timing analysis of concurrent programs running on shared cache multi-cores. In IEEE Real-Time Systems Symposium, pages 57–67, 2009. Google ScholarDigital Library
- Stefan Mangard, Elisabeth Oswald, and Thomas Popp. Power analysis attacks - revealing the secrets of smart cards. 2007. Google ScholarDigital Library
- Tulika Mitra, Jürgen Teich, and Lothar Thiele. Time-critical systems design: A survey. IEEE Design & Test, 35(2):8–26, 2018.Google Scholar
- Andrew Moss, Elisabeth Oswald, Dan Page, and Michael Tunstall. Compiler assisted masking. In International Conference on Cryptographic Hardware and Embedded Systems, pages 58–75, 2012. Google ScholarDigital Library
- Elke De Mulder, Thomas Eisenbarth, and Patrick Schaumont. Identifying and eliminating side-channel leaks in programmable systems. IEEE Design & Test, 35(1):74–89, 2018.Google Scholar
- Corina S. Pasareanu, Quoc-Sang Phan, and Pasquale Malacaria. Multi-run sidechannel analysis using symbolic execution and max-smt. In IEEE Computer Security Foundations Symposium, pages 387–400, 2016.Google Scholar
- Quoc-Sang Phan, Lucas Bang, Corina S. Pasareanu, Pasquale Malacaria, and Tevfik Bultan. Synthesis of adaptive side-channel attacks. In IEEE Computer Security Foundations Symposium, pages 328–342, 2017.Google ScholarCross Ref
- ESEC/FSE ’18, November 4–9, 2018, Lake Buena Vista, FL, USA Shengjian Guo, Meng Wu, and Chao WangGoogle Scholar
- Jean-Jacques Quisquater and David Samyde. ElectroMagnetic Analysis (EMA): Measures and Counter-measures for Smart Cards, pages 200–210. 2001. Google ScholarDigital Library
- Marcelo Sousa and Isil Dillig. Cartesian hoare logic for verifying k-safety properties. In ACM SIGPLAN Conference on Programming Language Design and Implementation, pages 57–69, 2016. Google ScholarDigital Library
- Deian Stefan, Pablo Buiras, Edward Z. Yang, Amit Levy, David Terei, Alejandro Russo, and David Mazières. Eliminating cache-based timing attacks with instruction-based scheduling. In European Symposium on Research in Computer Security, pages 718–735, 2013.Google ScholarCross Ref
- Chungha Sung, Brandon Paulsen, and Chao Wang. CANAL: A cache timing analysis framework via llvm transformation. In IEEE/ACM International Conference On Automated Software Engineering, 2018. Google ScholarDigital Library
- Valentin Touzeau, Claire Maïza, David Monniaux, and Jan Reineke. Ascertaining uncertainty for efficient exact cache analysis. In International Conference on Computer Aided Verification, pages 22–40, 2017.Google ScholarCross Ref
- Chao Wang and Patrick Schaumont. Security by compilation: an automated approach to comprehensive side-channel resistance. ACM SIGLOG News, 4(2):76– 89, 2017. Google ScholarDigital Library
- Chao Wang, Zijiang Yang, Vineet Kahlon, and Aarti Gupta. Peephole partial order reduction. In International Conference on Tools and Algorithms for Construction and Analysis of Systems, pages 382–396, 2008. Google ScholarDigital Library
- Shuai Wang, Pei Wang, Xiao Liu, Danfeng Zhang, and Dinghao Wu. CacheD: Identifying cache-based timing channels in production software. In USENIX Security Symposium, pages 235–252, 2017. Google ScholarDigital Library
- Meng Wu, Shengjian Guo, Patrick Schaumont, and Chao Wang. Eliminating timing side-channel leaks using program repair. In International Symposium on Software Testing and Analysis, 2018. Google ScholarDigital Library
- Qiuping Yi, Zijiang Yang, Shengjian Guo, Chao Wang, Jian Liu, and Chen Zhao. Eliminating path redundancy via postconditioned symbolic execution. IEEE Trans. Software Eng., 44(1):25–43, 2018. Google ScholarDigital Library
- Tingting Yu, Tarannum S. Zaman, and Chao Wang. DESCRY: reproducing system-level concurrency failures. In ACM SIGSOFT Symposium on Foundations of Software Engineering, pages 694–704, 2017. Google ScholarDigital Library
- Jun Zhang, Pengfei Gao, Fu Song, and Chao Wang. SCInfer: Refinement-based verification of software countermeasures against side-channel attacks. In International Conference on Computer Aided Verification, 2018.Google ScholarCross Ref
- Naling Zhang, Markus Kusano, and Chao Wang. Dynamic partial order reduction for relaxed memory models. In ACM SIGPLAN Conference on Programming Language Design and Implementation, pages 250–259, 2015. Google ScholarDigital Library
Index Terms
- Adversarial symbolic execution for detecting concurrency-related cache timing leaks
Recommendations
Exposing cache timing side-channel leaks through out-of-order symbolic execution
As one of the fundamental optimizations in modern processors, the out-of-order execution boosts the pipeline throughput by executing independent instructions in parallel rather than in their program orders. However, due to the side effects introduced by ...
SpecuSym: speculative symbolic execution for cache timing leak detection
ICSE '20: Proceedings of the ACM/IEEE 42nd International Conference on Software EngineeringCPU cache is a limited but crucial storage component in modern processors, whereas the cache timing side-channel may inadvertently leak information through the physically measurable timing variance. Speculative execution, an essential processor ...
Eliminating timing side-channel leaks using program repair
ISSTA 2018: Proceedings of the 27th ACM SIGSOFT International Symposium on Software Testing and AnalysisWe propose a method, based on program analysis and transformation, for eliminating timing side channels in software code that implements security-critical applications. Our method takes as input the original program together with a list of secret ...
Comments