research-article

Public Access

Symbolic path cost analysis for side-channel detection

Authors:

Corina S. PăsăreanuAuthors Info & Claims

ISSTA 2018: Proceedings of the 27th ACM SIGSOFT International Symposium on Software Testing and Analysis

Pages 27 - 37

https://doi.org/10.1145/3213846.3213867

Published: 12 July 2018 Publication History

Abstract

Side-channels in software are an increasingly significant threat to the confidentiality of private user information, and the static detection of such vulnerabilities is a key challenge in secure software development. In this paper, we introduce a new technique for scalable detection of side- channels in software. Given a program and a cost model for a side-channel (such as time or memory usage), we decompose the control flow graph of the program into nested branch and loop components, and compositionally assign a symbolic cost expression to each component. Symbolic cost expressions provide an over-approximation of all possible observable cost values that components can generate. Queries to a satisfiability solver on the difference between possible cost values of a component allow us to detect the presence of imbalanced paths (with respect to observable cost) through the control flow graph. When combined with taint analysis that identifies conditional statements that depend on secret information, our technique answers the following question: Does there exist a pair of paths in the program's control flow graph, differing only on branch conditions influenced by the secret, that differ in observable side-channel value by more than some given threshold? Additional optimization queries allow us to identify the minimal number of loop iterations necessary for the above to hold or the maximal cost difference between paths in the graph. We perform symbolic execution based feasibility analyses to eliminate control flow paths that are infeasible. We implemented our techniques in a prototype, and we demonstrate its favourable performance against state-of-the-art tools as well as its effectiveness and scalability on a set of sizable, realistic Java server-client and peer-to-peer applications.

References

[1]

{n. d.}. https://github.com/Apogee-Research/STAC/tree/master/Engagement_ Challenges. ({n. d.}).

[2]

{n. d.}. https://github.com/vlab-cs-ucsb/coco-channel. ({n. d.}).

[3]

{n. d.}. Space/Time Analysis for Cybersecurity (STAC). https://www.darpa.mil/ program/space-time-analysis-for-cybersecurity. ({n. d.}).

[4]

{n. d.}. Z3 API in Python. ({n. d.}). http://www.cs.tau.ac.il/~msagiv/courses/asv/ z3py/guide-examples.htm

[5]

Johan Agat. 2000. Transforming out timing leaks. In Proceedings of the 27th ACM SIGPLAN-SIGACT symposium on Principles of programming languages. ACM, 40–53.

Digital Library

[6]

Saswat Anand, Corina Păsăreanu, and Willem Visser. 2007. JPF–SE: A symbolic execution extension to java pathfinder. Tools and Algorithms for the Construction and Analysis of Systems (2007), 134–138.

Digital Library

[7]

Timos Antopoulos, Paul Gazzillo, Michael Hicks, Eric Koskinen, Tachio Terauchi, and Shiyi Wei. 2017. Decomposition instead of self-composition for k-safety.

[8]

(2017).

[9]

Daniel Balasubramanian, Zhenkai Zhang, Dan McDermet, and Gabor Karsai. 2017. Janalyzer: A Static Analysis Tool for Java Bytecode. (08/2017 2017).

[10]

Lucas Bang, Abdulbaki Aydin, Quoc-Sang Phan, Corina S Păsăreanu, and Tevfik Bultan. 2016. String analysis for side channels with segmented oracles. In Proceedings of the 2016 24th ACM SIGSOFT International Symposium on Foundations of Software Engineering. ACM, 193–204.

Digital Library

[11]

Tegan Brennan, Seemanta Saha, and Tevfik Bultan. 2018. Symbolic Path Cost Analysis for Side-Channel Detection. In Software Engineering Companion (ICSEC), 2018 IEEE/ACM 40th International Conference on. IEEE.

Digital Library

[12]

David Brumley and Dan Boneh. 2005. Remote timing attacks are practical. Computer Networks 48, 5 (2005), 701–716.

Digital Library

[13]

Peter Chapman and David Evans. 2011. Automated black-box detection of side-channel vulnerabilities in web applications. In Proceedings of the 18th ACM conference on Computer and communications security. ACM, 263–274.

Digital Library

[14]

Jia Chen, Yu Feng, and Isil Dillig. 2017. Precise Detection of Side-Channel Vulnerabilities using Quantitative Cartesian Hoare Logic. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. ACM, 875–890.

Digital Library

[15]

Shuo Chen, Rui Wang, XiaoFeng Wang, and Kehuan Zhang. 2010. Side-channel leaks in web applications: A reality today, a challenge tomorrow. In Security and Privacy (SP), 2010 IEEE Symposium on. IEEE, 191–206.

Digital Library

[16]

Shigeru Chiba. 1998. JavassistâĂŤa reflection-based programming wizard for Java. In Proceedings of OOPSLAâĂŹ98 Workshop on Reflective Programming in C++ and Java, Vol. 174.

[17]

Leonardo De Moura and Nikolaj Bjørner. 2008. Z3: An efficient SMT solver. In International conference on Tools and Algorithms for the Construction and Analysis of Systems. Springer, 337–340.

Digital Library

[18]

Goran Doychev, Boris Köpf, Laurent Mauborgne, and Jan Reineke. 2015. Cacheaudit: A tool for the static analysis of cache side channels. ACM Transactions on Information and System Security (TISSEC) 18, 1 (2015), 4.

Digital Library

[19]

Jeffrey Friedman. 1972. Tempest: A signal problem. NSA Cryptologic Spectrum 35 (1972), 76.

[20]

Daniel Genkin, Itamar Pipman, and Eran Tromer. 2015. Get your hands off my laptop: Physical side-channel key-extraction attacks on PCs. Journal of Cryptographic Engineering 5, 2 (2015), 95–112.

[21]

Matthew S Hecht and Jeffrey D Ullman. 1972. Flow graph reducibility. In Proceedings of the fourth annual ACM symposium on Theory of computing. ACM, 238–250.

Digital Library

[22]

Daniel Hedin and David Sands. 2005. Timing aware information flow security for a javacard-like bytecode. Electronic Notes in Theoretical Computer Science 141, 1 (2005), 163–182.

Digital Library

[23]

Vincent Hindriksen. {n. d.}. How expensive is an operation on a CPU. ({n. d.}). https://streamhpc.com/blog/2012-07-16/ how-expensive-is-an-operation-on-a-cpu/

[24]

Ralf Hund, Carsten Willems, and Thorsten Holz. 2013. Practical timing side channel attacks against kernel space ASLR. In Security and Privacy (SP), 2013 IEEE Symposium on. IEEE, 191–205.

Digital Library

[25]

Marc Joye and Sung-Ming Yen. 2002. The Montgomery powering ladder. In CHES, Vol. 2. Springer, 291–302.

Digital Library

[26]

Paul C Kocher. 1996. Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In Annual International Cryptology Conference. Springer, 104–113.

Digital Library

[27]

Yau-Tsun Steven Li and Sharad Malik. 1995. Performance analysis of embedded software using implicit path enumeration. In ACM SIGPLAN Notices, Vol. 30. ACM, 88–98.

Digital Library

[28]

Fangfei Liu, Yuval Yarom, Qian Ge, Gernot Heiser, and Ruby B Lee. 2015. Lastlevel cache side-channel attacks are practical. In Security and Privacy (SP), 2015 IEEE Symposium on. IEEE, 605–622.

Digital Library

[29]

Edward S Lowry and Cleburne W Medlock. 1969. Object code optimization. Commun. ACM 12, 1 (1969), 13–22.

Digital Library

[30]

Luke Mather and Elisabeth Oswald. 2012. Quantifying Side-Channel Information Leakage from Web Applications. IACR Cryptology ePrint Archive 2012 (2012), 269.

[31]

Corina S Pasareanu, Quoc-Sang Phan, and Pasquale Malacaria. 2016. Multi-run side-channel analysis using Symbolic Execution and Max-SMT. In Computer Security Foundations Symposium (CSF), 2016 IEEE 29th. IEEE, 387–400.

[32]

Quoc-Sang Phan, Lucas Bang, Corina S Pasareanu, Pasquale Malacaria, and Tevfik Bultan. 2017. Synthesis of Adaptive Side-Channel Attacks. IACR Cryptology ePrint Archive 2017 (2017), 401.

[33]

Reese T Prosser. 1959. Applications of boolean matrices to the analysis of flow diagrams. In Papers presented at the December 1-3, 1959, eastern joint IRE-AIEEACM computer conference. ACM, 133–138.

Digital Library

[34]

Peter P Puschner and Anton V Schedl. 1997. Computing maximum task execution timesâĂŤa graph-based approach. Real-Time Systems 13, 1 (1997), 67–91.

Digital Library

[35]

Omer Tripp, Marco Pistoia, Stephen J Fink, Manu Sridharan, and Omri Weisman. 2009. TAJ: effective taint analysis of web applications. In ACM Sigplan Notices, Vol. 44. ACM, 87–97.

Digital Library

[36]

Reinhard Wilhelm, Jakob Engblom, Andreas Ermedahl, Niklas Holsti, Stephan Thesing, David Whalley, Guillem Bernat, Christian Ferdinand, Reinhold Heckmann, Tulika Mitra, et al. 2008.

[37]

The worst-case execution-time problemâĂŤoverview of methods and survey of tools. 7, 3 (2008), 36.

Cited By

Gao PSong FChen T(2024)Compositional Verification of First-Order Masking Countermeasures against Power Side-Channel AttacksACM Transactions on Software Engineering and Methodology10.1145/363570733:3(1-38)Online publication date: 14-Mar-2024
https://dl.acm.org/doi/10.1145/3635707
Tu HJiang LHong JDing XJiang H(2024)Concretely Mapped Symbolic Memory Locations for Memory Error DetectionIEEE Transactions on Software Engineering10.1109/TSE.2024.3395412(1-21)Online publication date: 2024
https://doi.org/10.1109/TSE.2024.3395412
Trabish DRinetzky NShoham SSharma VChandra SBlincoe KTonella P(2023)State Merging with Quantifiers in Symbolic ExecutionProceedings of the 31st ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering10.1145/3611643.3616287(1140-1152)Online publication date: 30-Nov-2023
https://dl.acm.org/doi/10.1145/3611643.3616287
Show More Cited By

Index Terms

Symbolic path cost analysis for side-channel detection
1. Security and privacy
  1. Software and application security
2. Software and its engineering
  1. Software organization and properties
    1. Software functional properties
      1. Formal methods
        Automated static analysis

Recommendations

Path cost analysis for side channel detection
ISSTA 2017: Proceedings of the 26th ACM SIGSOFT International Symposium on Software Testing and Analysis

Side-channels have been increasingly demonstrated as a practical threat to the confidentiality of private user information. Being able to statically detect these kinds of vulnerabilites is a key challenge in current computer security research. We ...
Reinforcement Learning-Based Design of Side-Channel Countermeasures
Security, Privacy, and Applied Cryptography Engineering
Abstract
Deep learning-based side-channel attacks are capable of breaking targets protected with countermeasures. The constant progress in the last few years makes the attacks more powerful, requiring fewer traces to break a target. Unfortunately, to ...
Checksum-Aware Fuzzing Combined with Dynamic Taint Analysis and Symbolic Execution

Fuzz testing has proven successful in finding security vulnerabilities in large programs. However, traditional fuzz testing tools have a well-known common drawback: they are ineffective if most generated inputs are rejected at the early stage of program ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

ISSTA 2018: Proceedings of the 27th ACM SIGSOFT International Symposium on Software Testing and Analysis

July 2018

379 pages

ISBN:9781450356992

DOI:10.1145/3213846

General Chair:
Frank Tip
Northeastern University, USA
,
Program Chair:
Eric Bodden
University of Paderborn, Germany / Fraunhofer IEM, Germany

Copyright © 2018 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGSOFT: ACM Special Interest Group on Software Engineering

In-Cooperation

SIGPLAN: ACM Special Interest Group on Programming Languages

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 12 July 2018

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Conference

ISSTA '18

Sponsor:

SIGSOFT

ISSTA '18: International Symposium on Software Testing and Analysis

July 16 - 21, 2018

Amsterdam, Netherlands

Acceptance Rates

Overall Acceptance Rate 58 of 213 submissions, 27%

Upcoming Conference

ISSTA '24

Sponsor:
sigsoft

33rd ACM SIGSOFT International Symposium on Software Testing and Analysis

September 16 - 20, 2024

Vienna , Austria

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

17
Total Citations
View Citations
753
Total Downloads

Downloads (Last 12 months)122
Downloads (Last 6 weeks)7

Reflects downloads up to 30 Aug 2024

Other Metrics

View Author Metrics

Citations

Cited By

Gao PSong FChen T(2024)Compositional Verification of First-Order Masking Countermeasures against Power Side-Channel AttacksACM Transactions on Software Engineering and Methodology10.1145/363570733:3(1-38)Online publication date: 14-Mar-2024
https://dl.acm.org/doi/10.1145/3635707
Tu HJiang LHong JDing XJiang H(2024)Concretely Mapped Symbolic Memory Locations for Memory Error DetectionIEEE Transactions on Software Engineering10.1109/TSE.2024.3395412(1-21)Online publication date: 2024
https://doi.org/10.1109/TSE.2024.3395412
Trabish DRinetzky NShoham SSharma VChandra SBlincoe KTonella P(2023)State Merging with Quantifiers in Symbolic ExecutionProceedings of the 31st ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering10.1145/3611643.3616287(1140-1152)Online publication date: 30-Nov-2023
https://dl.acm.org/doi/10.1145/3611643.3616287
Yavuz TFowze FHernandez GBai KButler KTian D(2023)ENCIDER: Detecting Timing and Cache Side Channels in SGX Enclaves and Cryptographic APIsIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2022.316034620:2(1577-1595)Online publication date: 1-Mar-2023
https://doi.org/10.1109/TDSC.2022.3160346
Erata FPiskac RMateu VSzefer J(2023)Towards Automated Detection of Single-Trace Side-Channel Vulnerabilities in Constant-Time Cryptographic Code2023 IEEE 8th European Symposium on Security and Privacy (EuroS&P)10.1109/EuroSP57164.2023.00047(687-706)Online publication date: Jul-2023
https://doi.org/10.1109/EuroSP57164.2023.00047
Sun WYan ZXu XDing WGao L(2022)Software Side Channel Vulnerability Detection Based on Similarity Calculation and Deep Learning2022 IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)10.1109/TrustCom56396.2022.00112(800-809)Online publication date: Dec-2022
https://doi.org/10.1109/TrustCom56396.2022.00112
Gerrard MBorges MDwyer MFilieri A(2022)Conditional Quantitative Program AnalysisIEEE Transactions on Software Engineering10.1109/TSE.2020.301677848:4(1212-1227)Online publication date: 1-Apr-2022
https://doi.org/10.1109/TSE.2020.3016778
Noller Y(2022)Hybrid Differential Software TestingErnst Denert Award for Software Engineering 202010.1007/978-3-030-83128-8_9(167-195)Online publication date: 28-Feb-2022
https://doi.org/10.1007/978-3-030-83128-8_9
Trabish DItzhaky SRinetzky NSpinellis DGousios GChechik MDi Penta M(2021)A bounded symbolic-size model for symbolic executionProceedings of the 29th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering10.1145/3468264.3468596(1190-1201)Online publication date: 20-Aug-2021
https://dl.acm.org/doi/10.1145/3468264.3468596
Luo YFilieri AZhou YSpinellis DGousios GChechik MDi Penta M(2021)Symbolic parallel adaptive importance sampling for probabilistic program analysisProceedings of the 29th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering10.1145/3468264.3468593(1166-1177)Online publication date: 20-Aug-2021
https://dl.acm.org/doi/10.1145/3468264.3468593
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents