research-article

Adversarial symbolic execution for detecting concurrency-related cache timing leaks

Authors:
Shengjian Guo

Virginia Tech, USA

Virginia Tech, USA
View Profile

,
Meng Wu

Virginia Tech, USA

Virginia Tech, USA
View Profile

,
Chao Wang

University of Southern California, USA

University of Southern California, USA
View Profile

ESEC/FSE 2018: Proceedings of the 2018 26th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software EngineeringOctober 2018Pages 377–388https://doi.org/10.1145/3236024.3236028

Published:26 October 2018Publication History

ESEC/FSE 2018: Proceedings of the 2018 26th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering

Pages 377–388

ABSTRACT

The timing characteristics of cache, a high-speed storage between the fast CPU and the slow memory, may reveal sensitive information of a program, thus allowing an adversary to conduct side-channel attacks. Existing methods for detecting timing leaks either ignore cache all together or focus only on passive leaks generated by the program itself, without considering leaks that are made possible by concurrently running some other threads. In this work, we show that timing-leak-freedom is not a compositional property: a program that is not leaky when running alone may become leaky when interleaved with other threads. Thus, we develop a new method, named adversarial symbolic execution, to detect such leaks. It systematically explores both the feasible program paths and their interleavings while modeling the cache, and leverages an SMT solver to decide if there are timing leaks. We have implemented our method in LLVM and evaluated it on a set of real-world ciphers with 14,455 lines of C code in total. Our experiments demonstrate both the efficiency of our method and its effectiveness in detecting side-channel leaks.

References

Botan. https://botan.randombit.net/.Google Scholar
High Performance SSH/SCP - HPN-SSH. https://www.psc.edu/hpnssh.Google Scholar
Libgcrypt. https://gnupg.org/software/libgcrypt/index.html.Google Scholar
LibTomCrypt. http://www.libtom.net/LibTomCrypt/.Google Scholar
OpenSSH. http://www.openssh.com/.Google Scholar
OpenSSL. https://github.com/openssl/openssl/tree/OpenSSL_0_9_7stable.Google Scholar
Giovanni Agosta, Alessandro Barenghi, and Gerardo Pelosi. A code morphing methodology to automate power analysis countermeasures. In ACM/IEEE Design Automation Conference, pages 77–82, 2012. Google ScholarDigital Library
Timos Antonopoulos, Paul Gazzillo, Michael Hicks, Eric Koskinen, Tachio Terauchi, and Shiyi Wei. Decomposition instead of self-composition for proving the absence of timing channels. In ACM SIGPLAN Conference on Programming Language Design and Implementation, pages 362–375, 2017. Google ScholarDigital Library
Stavros Aronis, Bengt Jonsson, Magnus Lång, and Konstantinos Sagonas. Optimal dynamic partial order reduction with observers. In International Conference on Tools and Algorithms for Construction and Analysis of Systems, pages 229–248, 2018.Google ScholarCross Ref
Lucas Bang, Abdulbaki Aydin, Quoc-Sang Phan, Corina S. Pasareanu, and Tevfik Bultan. String analysis for side channels with segmented oracles. In ACM SIGSOFT Symposium on Foundations of Software Engineering, pages 193–204, 2016. Google ScholarDigital Library
Gilles Barthe, Boris Köpf, Laurent Mauborgne, and Martín Ochoa. Leakage resilience against concurrent cache attacks. In International Conference on Principles of Security and Trust, pages 140–158, 2014.Google ScholarCross Ref
Tiyash Basu and Sudipta Chattopadhyay. Testing cache side-channel leakage. In IEEE International Conference on Software Testing, Verification and Validation, pages 51–60, 2017.Google ScholarCross Ref
Ali Galip Bayrak, Francesco Regazzoni, Philip Brisk, François-Xavier Standaert, and Paolo Ienne. A first step towards automatic application of power analysis countermeasures. In ACM/IEEE Design Automation Conference, pages 230–235, 2011. Google ScholarDigital Library
Tom Bergan, Dan Grossman, and Luis Ceze. Symbolic execution of multithreaded programs from arbitrary program contexts. In ACM SIGPLAN Conference on Object Oriented Programming, Systems, Languages, and Applications, pages 491– 506, 2014. Google ScholarDigital Library
Roderick Bloem, Hannes Groß, Rinat Iusupov, Bettina Könighofer, Stefan Mangard, and Johannes Winter. Formal verification of masked hardware implementations in the presence of glitches. In Annual International Conference on the Theory and Applications of Cryptographic Techniques (EUROCRYPT), pages 321–353, 2018.Google ScholarCross Ref
Arthur Blot, Masaki Yamamoto, and Tachio Terauchi. Compositional synthesis of leakage resilient programs. In International Conference on Principles of Security and Trust, pages 277–297, 2017. Google ScholarDigital Library
Tegan Brennan, Seemanta Saha, and Tevfik Bultan. Symbolic path cost analysis for side-channel detection. In International Conference on Software Engineering, pages 424–425, 2018. Google ScholarDigital Library
Stefan Bucur, Vlad Ureche, Cristian Zamfir, and George Candea. Parallel symbolic execution for automated real-world software testing. In European Conference on Computer Systems, pages 183–198, 2011. Google ScholarDigital Library
Tevfik Bultan, Fang Yu, Muath Alkhalaf, and Abdulbaki Aydin. String Analysis for Software Verification and Security. Springer, 2017. Google ScholarDigital Library
Cristian Cadar, Daniel Dunbar, and Dawson R. Engler. KLEE: unassisted and automatic generation of high-coverage tests for complex systems programs. In USENIX Symposium on Operating Systems Design and Implementation, pages 209–224, 2008. Google ScholarDigital Library
Sudipta Chattopadhyay. Directed automated memory performance testing. In International Conference on Tools and Algorithms for Construction and Analysis of Systems, pages 38–55, 2017. Google ScholarDigital Library
Sudipta Chattopadhyay, Moritz Beck, Ahmed Rezine, and Andreas Zeller. Quantifying the information leak in cache attacks via symbolic execution. In ACM-IEEE International Conference on Formal Methods and Models for System Design, pages 25–35, 2017. Google ScholarDigital Library
Jia Chen, Yu Feng, and Isil Dillig. Precise detection of side-channel vulnerabilities using quantitative cartesian hoare logic. In ACM SIGSAC Conference on Computer and Communications Security, pages 875–890, 2017. Google ScholarDigital Library
Lin Cheng, Zijiang Yang, and Chao Wang. Systematic reduction of GUI test sequences. In IEEE/ACM International Conference On Automated Software Engineering, pages 849–860, 2017. Google ScholarDigital Library
Duc-Hiep Chu, Joxan Jaffar, and Rasool Maghareh. Precise cache timing analysis via symbolic execution. In IEEE Symposium on Real-Time and Embedded Technology and Applications, pages 293–304, 2016.Google ScholarCross Ref
Liviu Ciortea, Cristian Zamfir, Stefan Bucur, Vitaly Chipounov, and George Candea. Cloud9: a software testing service. Operating Systems Review, 43(4):5–10, 2009. Google ScholarDigital Library
Matthew Dellinger, Piyush Garyali, and Binoy Ravindran. Chronos linux: a besteffort real-time multiprocessor linux kernel. In ACM/IEEE Design Automation Conference, pages 474–479, 2011. Google ScholarDigital Library
Jean-François Dhem, François Koeune, Philippe-Alexandre Leroux, Patrick Mestré, Jean-Jacques Quisquater, and Jean-Louis Willems. A practical implementation of the timing attack. In International Conference on Smart Card Research and Applications, pages 167–182, 1998. Google ScholarDigital Library
Daniel Dinu, Yann Le Corre, Dmitry Khovratovich, Léo Perrin, Johann Großschädl, and Alex Biryukov. Triathlon of lightweight block ciphers for the internet of things. Cryptology ePrint Archive, Report 2015/209, 2015.Google Scholar
Goran Doychev, Dominik Feld, Boris Köpf, Laurent Mauborgne, and Jan Reineke. Cacheaudit: A tool for the static analysis of cache side channels. In USENIX Security Symposium, pages 431–446, 2013. Google ScholarDigital Library
Hassan Eldib and Chao Wang. Synthesis of masking countermeasures against side channel attacks. In International Conference on Computer Aided Verification, pages 114–130, 2014. Google ScholarDigital Library
Hassan Eldib, Chao Wang, and Patrick Schaumont. SMT-based verification of software countermeasures against side-channel attacks. In International Conference on Tools and Algorithms for Construction and Analysis of Systems, pages 62–77, 2014.Google ScholarCross Ref
Hassan Eldib, Chao Wang, Mostafa Taha, and Patrick Schaumont. QMS: Evaluating the side-channel resistance of masked software from source code. In ACM/IEEE Design Automation Conference, pages 209:1–6, 2014. Google ScholarDigital Library
Hassan Eldib, Meng Wu, and Chao Wang. Synthesis of fault-attack countermeasures for cryptographic circuits. In International Conference on Computer Aided Verification, pages 343–363, 2016.Google ScholarCross Ref
Cormac Flanagan and Patrice Godefroid. Dynamic partial-order reduction for model checking software. In ACM SIGACT-SIGPLAN Symposium on Principles of Programming Languages, pages 110–121, 2005. Google ScholarDigital Library
Karine Gandolfi, Christophe Mourtel, and Francis Olivier. Electromagnetic analysis: Concrete results. In International Conference on Cryptographic Hardware and Embedded Systems, pages 251–261, 2001. Google ScholarDigital Library
Daniel Genkin, Adi Shamir, and Eran Tromer. RSA key extraction via lowbandwidth acoustic cryptanalysis. In Annual International Cryptology Conference (CRYPTO), pages 444–461, 2014.Google Scholar
Daniel Gruss, Julian Lettner, Felix Schuster, Olga Ohrimenko, István Haller, and Manuel Costa. Strong and efficient cache side-channel protection using hardware transactional memory. In USENIX Security Symposium, pages 217–233, 2017. Google ScholarDigital Library
Shengjian Guo, Markus Kusano, and Chao Wang. Conc-iSE: incremental symbolic execution of concurrent software. In IEEE/ACM International Conference On Automated Software Engineering, pages 531–542, 2016. Google ScholarDigital Library
Shengjian Guo, Markus Kusano, Chao Wang, Zijiang Yang, and Aarti Gupta. Assertion guided symbolic execution of multithreaded programs. In ACM SIGSOFT Symposium on Foundations of Software Engineering, pages 854–865, 2015. Google ScholarDigital Library
Shengjian Guo, Meng Wu, and Chao Wang. Symbolic execution of programmable logic controller code. In ACM SIGSOFT Symposium on Foundations of Software Engineering, 2017. Google ScholarDigital Library
Vineet Kahlon, Chao Wang, and Aarti Gupta. Monotonic partial order reduction: An optimal symbolic partial order reduction technique. In International Conference on Computer Aided Verification, pages 398–413, 2009. Google ScholarDigital Library
Paul C. Kocher. Timing attacks on implementations of diffie-hellman, rsa, dss, and other systems. In Annual International Cryptology Conference (CRYPTO), pages 104–113, 1996. Google ScholarDigital Library
Paul C. Kocher, Joshua Jaffe, and Benjamin Jun. Differential power analysis. In Annual International Cryptology Conference (CRYPTO), pages 388–397, 1999. Google ScholarDigital Library
Jingfei Kong, Onur Aciiçmez, Jean-Pierre Seifert, and Huiyang Zhou. Architecting against software cache-based side-channel attacks. IEEE Trans. Computers, 62(7):1276–1288, 2013. Google ScholarDigital Library
Boris Köpf, Laurent Mauborgne, and Martín Ochoa. Automatic quantification of cache side-channels. In International Conference on Computer Aided Verification, pages 564–580, 2012. Google ScholarDigital Library
Markus Kusano and Chao Wang. Assertion guided abstraction: a cooperative optimization for dynamic partial order reduction. In IEEE/ACM International Conference On Automated Software Engineering, pages 175–186, 2014. Google ScholarDigital Library
Chris Lattner and Vikram S. Adve. LLVM: A compilation framework for lifelong program analysis & transformation. In IEEE/ACM International Symposium on Code Generation and Optimization, pages 75–88, 2004. Google ScholarDigital Library
Xianfeng Li, Tulika Mitra, and Abhik Roychoudhury. Accurate timing analysis by modeling caches, speculation and their interaction. In ACM/IEEE Design Automation Conference, pages 466–471, 2003. Google ScholarDigital Library
Yan Li, Vivy Suhendra, Yun Liang, Tulika Mitra, and Abhik Roychoudhury. Timing analysis of concurrent programs running on shared cache multi-cores. In IEEE Real-Time Systems Symposium, pages 57–67, 2009. Google ScholarDigital Library
Stefan Mangard, Elisabeth Oswald, and Thomas Popp. Power analysis attacks - revealing the secrets of smart cards. 2007. Google ScholarDigital Library
Tulika Mitra, Jürgen Teich, and Lothar Thiele. Time-critical systems design: A survey. IEEE Design & Test, 35(2):8–26, 2018.Google Scholar
Andrew Moss, Elisabeth Oswald, Dan Page, and Michael Tunstall. Compiler assisted masking. In International Conference on Cryptographic Hardware and Embedded Systems, pages 58–75, 2012. Google ScholarDigital Library
Elke De Mulder, Thomas Eisenbarth, and Patrick Schaumont. Identifying and eliminating side-channel leaks in programmable systems. IEEE Design & Test, 35(1):74–89, 2018.Google Scholar
Corina S. Pasareanu, Quoc-Sang Phan, and Pasquale Malacaria. Multi-run sidechannel analysis using symbolic execution and max-smt. In IEEE Computer Security Foundations Symposium, pages 387–400, 2016.Google Scholar
Quoc-Sang Phan, Lucas Bang, Corina S. Pasareanu, Pasquale Malacaria, and Tevfik Bultan. Synthesis of adaptive side-channel attacks. In IEEE Computer Security Foundations Symposium, pages 328–342, 2017.Google ScholarCross Ref
ESEC/FSE ’18, November 4–9, 2018, Lake Buena Vista, FL, USA Shengjian Guo, Meng Wu, and Chao WangGoogle Scholar
Jean-Jacques Quisquater and David Samyde. ElectroMagnetic Analysis (EMA): Measures and Counter-measures for Smart Cards, pages 200–210. 2001. Google ScholarDigital Library
Marcelo Sousa and Isil Dillig. Cartesian hoare logic for verifying k-safety properties. In ACM SIGPLAN Conference on Programming Language Design and Implementation, pages 57–69, 2016. Google ScholarDigital Library
Deian Stefan, Pablo Buiras, Edward Z. Yang, Amit Levy, David Terei, Alejandro Russo, and David Mazières. Eliminating cache-based timing attacks with instruction-based scheduling. In European Symposium on Research in Computer Security, pages 718–735, 2013.Google ScholarCross Ref
Chungha Sung, Brandon Paulsen, and Chao Wang. CANAL: A cache timing analysis framework via llvm transformation. In IEEE/ACM International Conference On Automated Software Engineering, 2018. Google ScholarDigital Library
Valentin Touzeau, Claire Maïza, David Monniaux, and Jan Reineke. Ascertaining uncertainty for efficient exact cache analysis. In International Conference on Computer Aided Verification, pages 22–40, 2017.Google ScholarCross Ref
Chao Wang and Patrick Schaumont. Security by compilation: an automated approach to comprehensive side-channel resistance. ACM SIGLOG News, 4(2):76– 89, 2017. Google ScholarDigital Library
Chao Wang, Zijiang Yang, Vineet Kahlon, and Aarti Gupta. Peephole partial order reduction. In International Conference on Tools and Algorithms for Construction and Analysis of Systems, pages 382–396, 2008. Google ScholarDigital Library
Shuai Wang, Pei Wang, Xiao Liu, Danfeng Zhang, and Dinghao Wu. CacheD: Identifying cache-based timing channels in production software. In USENIX Security Symposium, pages 235–252, 2017. Google ScholarDigital Library
Meng Wu, Shengjian Guo, Patrick Schaumont, and Chao Wang. Eliminating timing side-channel leaks using program repair. In International Symposium on Software Testing and Analysis, 2018. Google ScholarDigital Library
Qiuping Yi, Zijiang Yang, Shengjian Guo, Chao Wang, Jian Liu, and Chen Zhao. Eliminating path redundancy via postconditioned symbolic execution. IEEE Trans. Software Eng., 44(1):25–43, 2018. Google ScholarDigital Library
Tingting Yu, Tarannum S. Zaman, and Chao Wang. DESCRY: reproducing system-level concurrency failures. In ACM SIGSOFT Symposium on Foundations of Software Engineering, pages 694–704, 2017. Google ScholarDigital Library
Jun Zhang, Pengfei Gao, Fu Song, and Chao Wang. SCInfer: Refinement-based verification of software countermeasures against side-channel attacks. In International Conference on Computer Aided Verification, 2018.Google ScholarCross Ref
Naling Zhang, Markus Kusano, and Chao Wang. Dynamic partial order reduction for relaxed memory models. In ACM SIGPLAN Conference on Programming Language Design and Implementation, pages 250–259, 2015. Google ScholarDigital Library

Index Terms

Adversarial symbolic execution for detecting concurrency-related cache timing leaks
1. Security and privacy
  1. Cryptography
    1. Cryptanalysis and other attacks
2. Software and its engineering
  1. Software creation and management
    1. Software verification and validation

Recommendations

Exposing cache timing side-channel leaks through out-of-order symbolic execution

As one of the fundamental optimizations in modern processors, the out-of-order execution boosts the pipeline throughput by executing independent instructions in parallel rather than in their program orders. However, due to the side effects introduced by ...
Read More
SpecuSym: speculative symbolic execution for cache timing leak detection
ICSE '20: Proceedings of the ACM/IEEE 42nd International Conference on Software Engineering

CPU cache is a limited but crucial storage component in modern processors, whereas the cache timing side-channel may inadvertently leak information through the physically measurable timing variance. Speculative execution, an essential processor ...
Read More
Eliminating timing side-channel leaks using program repair
ISSTA 2018: Proceedings of the 27th ACM SIGSOFT International Symposium on Software Testing and Analysis

We propose a method, based on program analysis and transformation, for eliminating timing side channels in software code that implements security-critical applications. Our method takes as input the original program together with a list of secret ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
ESEC/FSE 2018: Proceedings of the 2018 26th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering
October 2018
987 pages
ISBN:9781450355735
DOI:10.1145/3236024
General Chair:
Gary T. Leavens
University of Central Florida, USA
,
Program Chairs:
Alessandro Garcia
PUC-Rio, Brazil
,
Corina S. Păsăreanu
NASA Ames Research Center, USA
Copyright © 2018 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 26 October 2018
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Badges
Author Tags
Side-channel attack
cache
concurrency
symbolic execution
timing
Qualifiers
- research-article
Conference

Acceptance Rates
Overall Acceptance Rate112of543submissions,21%
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 38
  Total Citations
  View Citations
- 344
  Total Downloads
- Downloads (Last 12 months)23
- Downloads (Last 6 weeks)1
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Adversarial symbolic execution for detecting concurrency-related cache timing leaks

ESEC/FSE 2018: Proceedings of the 2018 26th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering

ABSTRACT

References

Cited By

Index Terms

Recommendations

Exposing cache timing side-channel leaks through out-of-order symbolic execution

SpecuSym: speculative symbolic execution for cache timing leak detection

Eliminating timing side-channel leaks using program repair