research-article

Public Access

Decomposition instead of self-composition for proving the absence of timing channels

Authors:

Timos Antonopoulos,

Tachio Terauchi,

Shiyi WeiAuthors Info & Claims

PLDI 2017: Proceedings of the 38th ACM SIGPLAN Conference on Programming Language Design and Implementation

Pages 362 - 375

https://doi.org/10.1145/3062341.3062378

Published: 14 June 2017 Publication History

Abstract

We present a novel approach to proving the absence of timing channels. The idea is to partition the program's execution traces in such a way that each partition component is checked for timing attack resilience by a time complexity analysis and that per-component resilience implies the resilience of the whole program. We construct a partition by splitting the program traces at secret-independent branches. This ensures that any pair of traces with the same public input has a component containing both traces. Crucially, the per-component checks can be normal safety properties expressed in terms of a single execution. Our approach is thus in contrast to prior approaches, such as self-composition, that aim to reason about multiple (k≥ 2) executions at once.

We formalize the above as an approach called quotient partitioning, generalized to any k-safety property, and prove it to be sound. A key feature of our approach is a demand-driven partitioning strategy that uses a regex-like notion called trails to identify sets of execution traces, particularly those influenced by tainted (or secret) data. We have applied our technique in a prototype implementation tool called Blazer, based on WALA, PPL, and the brics automaton library. We have proved timing-channel freedom of (or synthesized an attack specification for) 24 programs written in Java bytecode, including 6 classic examples from the literature and 6 examples extracted from the DARPA STAC challenge problems.

References

[1]

J. Agat. Transforming out timing leaks. In POPL, 2000.

Digital Library

[2]

J. B. Almeida, M. Barbosa, J. S. Pinto, and B. Vieira. Formal verification of side-channel countermeasures using selfcomposition. Science of Computer Programming, 78(7), 2013.

Digital Library

[3]

J. B. Almeida, M. Barbosa, G. Barthe, F. Dupressoir, and M. Emmi. Verifying constant-time implementations. In USENIX Security Symposium, 2016.

[4]

M. S. Alvim, K. Chatzikokolakis, C. Palamidessi, and G. Smith. Measuring information leakage using generalized gain functions. In CSF, 2012.

Digital Library

[5]

M. Assaf, D. A. Naumann, J. Signoles, E. Totel, and F. Tronel. Hypercollecting semantics and its application to static analysis of information flow. In POPL, 2017.

Digital Library

[6]

R. Bagnara, P. M. Hill, and E. Zaffanella. The Parma Polyhedra Library: Toward a complete set of numerical abstractions for the analysis and verification of hardware and software systems. Science of Compututer Programming, 72(1-2), 2008.

Digital Library

[7]

G. Barthe, P. R. D’Argenio, and T. Rezk. Secure information flow by self-composition. In CSFW, 2004.

Digital Library

[8]

G. Barthe, J. M. Crespo, and C. Kunz. Relational verification using product programs. In FM, 2011.

Digital Library

[9]

N. Benton. Simple relational correctness proofs for static analyses and program transformations. In POPL, 2004.

Digital Library

[10]

J. Berdine, A. Chawdhary, B. Cook, D. Distefano, and P. W. O’Hearn. Variance analyses from invariance analyses. In POPL, 2007.

Digital Library

[11]

E. Çiçek, G. Barthe, M. Gaboardi, D. Garg, and J. Hoffmann. Relational cost analysis. In POPL, 2017.

Digital Library

[12]

Á. Darvas, R. Hähnle, and D. Sands. A theorem proving approach to analysis of secure information flow. In SPC, 2005.

Digital Library

[13]

dk.brics.automaton. Finite-state automata and regular expressions for Java. http://www.brics.dk/automaton/, 2017.

[14]

G. Doychev, B. Köpf, L. Mauborgne, and J. Reineke. CacheAudit: A tool for the static analysis of cache side channels. ACM Transactions on Information and System Security, 18(1), 2015.

Digital Library

[15]

D. Genkin, I. Pipman, and E. Tromer. Get your hands off my laptop: Physical side-channel key-extraction attacks on PCs. In CHES, 2014.

Digital Library

[16]

S. Gulwani and F. Zuleger. The reachability-bound problem. In PLDI, 2010.

Digital Library

[17]

S. Gulwani, S. Jain, and E. Koskinen. Control-flow refinement and progress invariants for bound analysis. In PLDI, 2009.

Digital Library

[18]

S. Gulwani, K. K. Mehra, and T. M. Chilimbi. SPEED: precise and efficient static estimation of program computational complexity. In POPL, 2009.

Digital Library

[19]

D. Hedin and D. Sands. Timing aware information flow security for a JavaCard-like bytecode. In Workshop on Bytecode Semantics, Verification, Analysis and Transformation, 2005.

Digital Library

[20]

J. Henry. Static analysis by path focusing. Master’s thesis, Grenoble INP, 2011.

[21]

J. Henry, D. Monniaux, and M. Moy. PAGAI: A path sensitive static analyser. In TAPAS, 2012.

Digital Library

[22]

P. C. Kocher. Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In CRYPTO, 1996.

Digital Library

[23]

B. Köpf and D. A. Basin. Automatically deriving informationtheoretic bounds for adaptive side-channel attacks. Journal of Computer Security, 19(1), 2011.

Digital Library

[24]

S. Langkemper. The password guessing bug in Tenex. https://www.sjoerdlangkemper.nl/2016/11/01/ tenex-password-bug/, 2016.

[25]

P. Malacaria. Assessing security threats of looping constructs. In POPL, 2007.

Digital Library

[26]

L. Mauborgne and X. Rival. Trace partitioning in abstract interpretation based static analyzers. In ESOP, 2005.

Digital Library

[27]

D. A. Naumann. From coupling relations to mated invariants for checking information flow. In ESORICS, 2006.

Digital Library

[28]

N. Partush and E. Yahav. Abstract semantic differencing for numerical programs. In SAS, 2013.

[29]

C. S. Pasareanu, Q. Phan, and P. Malacaria. Multi-run sidechannel analysis using symbolic execution and max-SMT. In CSF, 2016.

[30]

A. Podelski and A. Rybalchenko. Transition invariants. In LICS, 2004.

Digital Library

[31]

J. C. Reynolds. The Craft of Programming. Prentice Hall International series in computer science. Prentice Hall, 1981.

Digital Library

[32]

G. Smith. On the foundations of quantitative information flow. In FOSSACS, 2009.

[33]

G. Snelting, D. Giffhorn, J. Graf, C. Hammer, M. Hecker, M. Mohr, and D. Wasserrab. Checking probabilistic noninterference using JOANA. it - Information Technology, 56(6), 2014.

[34]

M. Sousa and I. Dillig. Cartesian Hoare logic for verifying k-safety properties. In PLDI, 2016.

Digital Library

[35]

STAC. DARPA space/time analysis for cybersecurity (STAC) program. http://www.darpa.mil/program/ space-time-analysis-for-cybersecurity, 2017.

[36]

T. Terauchi and A. Aiken. Secure information flow as a safety problem. In SAS, 2005.

Digital Library

[37]

H. Unno, N. Kobayashi, and A. Yonezawa. Combining typebased analysis and model checking for finding counterexamples against non-interference. In PLAS, 2006.

Digital Library

[38]

D. M. Volpano, C. E. Irvine, and G. Smith. A sound type system for secure flow analysis. Journal of Computer Security, 4 (2/3), 1996.

Digital Library

[39]

WALA. IBM T.J. Watson Libraries for Analysis (WALA). http://wala.sourceforge.net/, 2017.

[40]

H. Yang. Relational separation logic. Theoretical Computer Science, 375(1-3), 2007.

Digital Library

[41]

H. Yasuoka and T. Terauchi. Quantitative information flow - verification hardness and possibilities. In CSF, 2010.

Digital Library

[42]

H. Yasuoka and T. Terauchi. On bounding problems of quantitative information flow. Journal of Computer Security, 19 (6), 2011.

Digital Library

[43]

H. Yasuoka and T. Terauchi. Quantitative information flow as safety and liveness hyperproperties. Theoretical Computer Science, 538, 2014.

[44]

A. Zaks and A. Pnueli. CoVaC: Compiler validation by program analysis of the cross-product. In FM, 2008.

Digital Library

[45]

D. Zhang, A. Askarov, and A. C. Myers. Language-based control and mitigation of timing channels. In PLDI, 2012.

Digital Library

Cited By

Ruan HNoller YTizpaz-Niari SChattopadhyay SRoychoudhury A(2024)Timing Side-Channel Mitigation via Automated Program RepairACM Transactions on Software Engineering and Methodology10.1145/367816933:8(1-27)Online publication date: 16-Jul-2024
https://dl.acm.org/doi/10.1145/3678169
Cai LSong FChen T(2024)Towards Efficient Verification of Constant-Time Cryptographic ImplementationsProceedings of the ACM on Software Engineering10.1145/36437721:FSE(1019-1042)Online publication date: 12-Jul-2024
https://dl.acm.org/doi/10.1145/3643772
Gao PSong FChen T(2024)Compositional Verification of First-Order Masking Countermeasures against Power Side-Channel AttacksACM Transactions on Software Engineering and Methodology10.1145/363570733:3(1-38)Online publication date: 14-Mar-2024
https://dl.acm.org/doi/10.1145/3635707
Show More Cited By

Index Terms

Decomposition instead of self-composition for proving the absence of timing channels

Recommendations

Decomposition instead of self-composition for proving the absence of timing channels
PLDI '17

We present a novel approach to proving the absence of timing channels. The idea is to partition the program's execution traces in such a way that each partition component is checked for timing attack resilience by a time complexity analysis and that per-...
On-the-fly decomposition of specifications in software model checking
FSE 2016: Proceedings of the 2016 24th ACM SIGSOFT International Symposium on Foundations of Software Engineering

Major breakthroughs have increased the efficiency and effectiveness of software model checking considerably, such that this technology is now applicable to industrial-scale software. However, verifying the full formal specification of a software system ...
Exploiting PSL standard assertions in a theorem-proving-based verification environment
GLSVLSI '05: Proceedings of the 15th ACM Great Lakes symposium on VLSI

Assertion-based design is becoming more widely used in industry. However, little has been done to take advantage of existing design assertions in the theorem-proving verification environments. In this paper, we present our work on development of the ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

PLDI 2017: Proceedings of the 38th ACM SIGPLAN Conference on Programming Language Design and Implementation

June 2017

708 pages

ISBN:9781450349888

DOI:10.1145/3062341

General Chair:
Albert Cohen
Inria, France
,
Program Chair:
Martin Vechev
DeepCode, Switzerland / ETH Zurich, Switzerland

ACM SIGPLAN Notices Volume 52, Issue 6
PLDI '17
June 2017
708 pages
ISSN:0362-1340
EISSN:1558-1160
DOI:10.1145/3140587
Editor:
Matthew Fluet
Issue’s Table of Contents

Copyright © 2017 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGPLAN: ACM Special Interest Group on Programming Languages

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 14 June 2017

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Conference

PLDI '17

Sponsor:

SIGPLAN

PLDI '17: ACM SIGPLAN Conference on Programming Language Design and Implementation

June 18 - 23, 2017

Barcelona, Spain

Acceptance Rates

Overall Acceptance Rate 406 of 2,067 submissions, 20%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

92
Total Citations
View Citations
1,031
Total Downloads

Downloads (Last 12 months)178
Downloads (Last 6 weeks)26

Reflects downloads up to 25 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Ruan HNoller YTizpaz-Niari SChattopadhyay SRoychoudhury A(2024)Timing Side-Channel Mitigation via Automated Program RepairACM Transactions on Software Engineering and Methodology10.1145/367816933:8(1-27)Online publication date: 16-Jul-2024
https://dl.acm.org/doi/10.1145/3678169
Cai LSong FChen T(2024)Towards Efficient Verification of Constant-Time Cryptographic ImplementationsProceedings of the ACM on Software Engineering10.1145/36437721:FSE(1019-1042)Online publication date: 12-Jul-2024
https://dl.acm.org/doi/10.1145/3643772
Gao PSong FChen T(2024)Compositional Verification of First-Order Masking Countermeasures against Power Side-Channel AttacksACM Transactions on Software Engineering and Methodology10.1145/363570733:3(1-38)Online publication date: 14-Mar-2024
https://dl.acm.org/doi/10.1145/3635707
Zhao YXue WChen WQiang WZou DJin H(2024)Owl: Differential-Based Side-Channel Leakage Detection for CUDA Applications2024 54th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)10.1109/DSN58291.2024.00044(362-376)Online publication date: 24-Jun-2024
https://doi.org/10.1109/DSN58291.2024.00044
Parolini FMiné A(2024)Sound Abstract Nonexploitability AnalysisVerification, Model Checking, and Abstract Interpretation10.1007/978-3-031-50521-8_15(314-337)Online publication date: 15-Jan-2024
https://dl.acm.org/doi/10.1007/978-3-031-50521-8_15
Ma CWu DTan GKandemir MZhang D(2023)Quantifying and Mitigating Cache Side Channel Leakage with Differential SetProceedings of the ACM on Programming Languages10.1145/36228507:OOPSLA2(1470-1498)Online publication date: 16-Oct-2023
https://dl.acm.org/doi/10.1145/3622850
Yavuz TFowze FHernandez GBai KButler KTian D(2023)ENCIDER: Detecting Timing and Cache Side Channels in SGX Enclaves and Cryptographic APIsIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2022.316034620:2(1577-1595)Online publication date: 1-Mar-2023
https://doi.org/10.1109/TDSC.2022.3160346
Wang CFan GYao PPan FZhang CGrundy JPollock LPenta M(2023)Verifying Data Constraint Equivalence in FinTech SystemsProceedings of the 45th International Conference on Software Engineering10.1109/ICSE48619.2023.00117(1329-1341)Online publication date: 14-May-2023
https://dl.acm.org/doi/10.1109/ICSE48619.2023.00117
Ammanaghatta Shivakumar BBarthe GGrégoire BLaporte VPriya SYin HStavrou ACremers CShi E(2022)Enforcing Fine-grained Constant-time PoliciesProceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security10.1145/3548606.3560689(83-96)Online publication date: 7-Nov-2022
https://dl.acm.org/doi/10.1145/3548606.3560689
Qin QJiYang JSong FChen TXing XRoychoudhury ACadar CKim M(2022)DeJITLeak: eliminating JIT-induced timing side-channel leaksProceedings of the 30th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering10.1145/3540250.3549150(872-884)Online publication date: 7-Nov-2022
https://dl.acm.org/doi/10.1145/3540250.3549150
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents