article

Public Access

Decomposition instead of self-composition for proving the absence of timing channels

Authors:

Timos Antonopoulos,

Tachio Terauchi,

Shiyi WeiAuthors Info & Claims

ACM SIGPLAN Notices, Volume 52, Issue 6

Pages 362 - 375

https://doi.org/10.1145/3140587.3062378

Published: 14 June 2017 Publication History

Abstract

We present a novel approach to proving the absence of timing channels. The idea is to partition the program's execution traces in such a way that each partition component is checked for timing attack resilience by a time complexity analysis and that per-component resilience implies the resilience of the whole program. We construct a partition by splitting the program traces at secret-independent branches. This ensures that any pair of traces with the same public input has a component containing both traces. Crucially, the per-component checks can be normal safety properties expressed in terms of a single execution. Our approach is thus in contrast to prior approaches, such as self-composition, that aim to reason about multiple (k≥ 2) executions at once.

We formalize the above as an approach called quotient partitioning, generalized to any k-safety property, and prove it to be sound. A key feature of our approach is a demand-driven partitioning strategy that uses a regex-like notion called trails to identify sets of execution traces, particularly those influenced by tainted (or secret) data. We have applied our technique in a prototype implementation tool called Blazer, based on WALA, PPL, and the brics automaton library. We have proved timing-channel freedom of (or synthesized an attack specification for) 24 programs written in Java bytecode, including 6 classic examples from the literature and 6 examples extracted from the DARPA STAC challenge problems.

References

[1]

J. Agat. Transforming out timing leaks. In POPL, 2000.

Digital Library

[2]

J. B. Almeida, M. Barbosa, J. S. Pinto, and B. Vieira. Formal verification of side-channel countermeasures using selfcomposition. Science of Computer Programming, 78(7), 2013.

Digital Library

[3]

J. B. Almeida, M. Barbosa, G. Barthe, F. Dupressoir, and M. Emmi. Verifying constant-time implementations. In USENIX Security Symposium, 2016.

[4]

M. S. Alvim, K. Chatzikokolakis, C. Palamidessi, and G. Smith. Measuring information leakage using generalized gain functions. In CSF, 2012.

Digital Library

[5]

M. Assaf, D. A. Naumann, J. Signoles, E. Totel, and F. Tronel. Hypercollecting semantics and its application to static analysis of information flow. In POPL, 2017.

Digital Library

[6]

R. Bagnara, P. M. Hill, and E. Zaffanella. The Parma Polyhedra Library: Toward a complete set of numerical abstractions for the analysis and verification of hardware and software systems. Science of Compututer Programming, 72(1-2), 2008.

Digital Library

[7]

G. Barthe, P. R. D’Argenio, and T. Rezk. Secure information flow by self-composition. In CSFW, 2004.

Digital Library

[8]

G. Barthe, J. M. Crespo, and C. Kunz. Relational verification using product programs. In FM, 2011.

Digital Library

[9]

N. Benton. Simple relational correctness proofs for static analyses and program transformations. In POPL, 2004.

Digital Library

[10]

J. Berdine, A. Chawdhary, B. Cook, D. Distefano, and P. W. O’Hearn. Variance analyses from invariance analyses. In POPL, 2007.

Digital Library

[11]

E. Çiçek, G. Barthe, M. Gaboardi, D. Garg, and J. Hoffmann. Relational cost analysis. In POPL, 2017.

Digital Library

[12]

Á. Darvas, R. Hähnle, and D. Sands. A theorem proving approach to analysis of secure information flow. In SPC, 2005.

Digital Library

[13]

dk.brics.automaton. Finite-state automata and regular expressions for Java. http://www.brics.dk/automaton/, 2017.

[14]

G. Doychev, B. Köpf, L. Mauborgne, and J. Reineke. CacheAudit: A tool for the static analysis of cache side channels. ACM Transactions on Information and System Security, 18(1), 2015.

Digital Library

[15]

D. Genkin, I. Pipman, and E. Tromer. Get your hands off my laptop: Physical side-channel key-extraction attacks on PCs. In CHES, 2014.

Digital Library

[16]

S. Gulwani and F. Zuleger. The reachability-bound problem. In PLDI, 2010.

Digital Library

[17]

S. Gulwani, S. Jain, and E. Koskinen. Control-flow refinement and progress invariants for bound analysis. In PLDI, 2009.

Digital Library

[18]

S. Gulwani, K. K. Mehra, and T. M. Chilimbi. SPEED: precise and efficient static estimation of program computational complexity. In POPL, 2009.

Digital Library

[19]

D. Hedin and D. Sands. Timing aware information flow security for a JavaCard-like bytecode. In Workshop on Bytecode Semantics, Verification, Analysis and Transformation, 2005.

Digital Library

[20]

J. Henry. Static analysis by path focusing. Master’s thesis, Grenoble INP, 2011.

[21]

J. Henry, D. Monniaux, and M. Moy. PAGAI: A path sensitive static analyser. In TAPAS, 2012.

Digital Library

[22]

P. C. Kocher. Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In CRYPTO, 1996.

Digital Library

[23]

B. Köpf and D. A. Basin. Automatically deriving informationtheoretic bounds for adaptive side-channel attacks. Journal of Computer Security, 19(1), 2011.

Digital Library

[24]

S. Langkemper. The password guessing bug in Tenex. https://www.sjoerdlangkemper.nl/2016/11/01/ tenex-password-bug/, 2016.

[25]

P. Malacaria. Assessing security threats of looping constructs. In POPL, 2007.

Digital Library

[26]

L. Mauborgne and X. Rival. Trace partitioning in abstract interpretation based static analyzers. In ESOP, 2005.

Digital Library

[27]

D. A. Naumann. From coupling relations to mated invariants for checking information flow. In ESORICS, 2006.

Digital Library

[28]

N. Partush and E. Yahav. Abstract semantic differencing for numerical programs. In SAS, 2013.

[29]

C. S. Pasareanu, Q. Phan, and P. Malacaria. Multi-run sidechannel analysis using symbolic execution and max-SMT. In CSF, 2016.

[30]

A. Podelski and A. Rybalchenko. Transition invariants. In LICS, 2004.

Digital Library

[31]

J. C. Reynolds. The Craft of Programming. Prentice Hall International series in computer science. Prentice Hall, 1981.

Digital Library

[32]

G. Smith. On the foundations of quantitative information flow. In FOSSACS, 2009.

[33]

G. Snelting, D. Giffhorn, J. Graf, C. Hammer, M. Hecker, M. Mohr, and D. Wasserrab. Checking probabilistic noninterference using JOANA. it - Information Technology, 56(6), 2014.

[34]

M. Sousa and I. Dillig. Cartesian Hoare logic for verifying k-safety properties. In PLDI, 2016.

Digital Library

[35]

STAC. DARPA space/time analysis for cybersecurity (STAC) program. http://www.darpa.mil/program/ space-time-analysis-for-cybersecurity, 2017.

[36]

T. Terauchi and A. Aiken. Secure information flow as a safety problem. In SAS, 2005.

Digital Library

[37]

H. Unno, N. Kobayashi, and A. Yonezawa. Combining typebased analysis and model checking for finding counterexamples against non-interference. In PLAS, 2006.

Digital Library

[38]

D. M. Volpano, C. E. Irvine, and G. Smith. A sound type system for secure flow analysis. Journal of Computer Security, 4 (2/3), 1996.

Digital Library

[39]

WALA. IBM T.J. Watson Libraries for Analysis (WALA). http://wala.sourceforge.net/, 2017.

[40]

H. Yang. Relational separation logic. Theoretical Computer Science, 375(1-3), 2007.

Digital Library

[41]

H. Yasuoka and T. Terauchi. Quantitative information flow - verification hardness and possibilities. In CSF, 2010.

Digital Library

[42]

H. Yasuoka and T. Terauchi. On bounding problems of quantitative information flow. Journal of Computer Security, 19 (6), 2011.

Digital Library

[43]

H. Yasuoka and T. Terauchi. Quantitative information flow as safety and liveness hyperproperties. Theoretical Computer Science, 538, 2014.

[44]

A. Zaks and A. Pnueli. CoVaC: Compiler validation by program analysis of the cross-product. In FM, 2008.

Digital Library

[45]

D. Zhang, A. Askarov, and A. C. Myers. Language-based control and mitigation of timing channels. In PLDI, 2012.

Digital Library

Cited By

Minkin MKasikci B(2024)ZipChannel: Cache Side-Channel Vulnerabilities in Compression Algorithms2024 54th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)10.1109/DSN58291.2024.00033(223-237)Online publication date: 24-Jun-2024
https://doi.org/10.1109/DSN58291.2024.00033
Tol MSunar B(2024)ZeroLeak: Automated Side-Channel Patching in Source Code Using LLMsComputer Security – ESORICS 202410.1007/978-3-031-70879-4_15(290-310)Online publication date: 16-Sep-2024
https://dl.acm.org/doi/10.1007/978-3-031-70879-4_15
Miltner AWang ZChaudhuri SDillig I(2024)Relational Synthesis of Recursive Programs via Constraint Annotated Tree AutomataComputer Aided Verification10.1007/978-3-031-65633-0_3(41-63)Online publication date: 24-Jul-2024
https://dl.acm.org/doi/10.1007/978-3-031-65633-0_3
Show More Cited By

Index Terms

Decomposition instead of self-composition for proving the absence of timing channels

Recommendations

Decomposition instead of self-composition for proving the absence of timing channels
PLDI 2017: Proceedings of the 38th ACM SIGPLAN Conference on Programming Language Design and Implementation

We present a novel approach to proving the absence of timing channels. The idea is to partition the program's execution traces in such a way that each partition component is checked for timing attack resilience by a time complexity analysis and that per-...
On-the-fly decomposition of specifications in software model checking
FSE 2016: Proceedings of the 2016 24th ACM SIGSOFT International Symposium on Foundations of Software Engineering

Major breakthroughs have increased the efficiency and effectiveness of software model checking considerably, such that this technology is now applicable to industrial-scale software. However, verifying the full formal specification of a software system ...
Exploiting PSL standard assertions in a theorem-proving-based verification environment
GLSVLSI '05: Proceedings of the 15th ACM Great Lakes symposium on VLSI

Assertion-based design is becoming more widely used in industry. However, little has been done to take advantage of existing design assertions in the theorem-proving verification environments. In this paper, we present our work on development of the ...

Comments

Information & Contributors

Information

Published In

cover image ACM SIGPLAN Notices

ACM SIGPLAN Notices Volume 52, Issue 6

PLDI '17

June 2017

708 pages

ISSN:0362-1340

EISSN:1558-1160

DOI:10.1145/3140587

Editor:
Matthew Fluet

Issue’s Table of Contents

PLDI 2017: Proceedings of the 38th ACM SIGPLAN Conference on Programming Language Design and Implementation
June 2017
708 pages
ISBN:9781450349888
DOI:10.1145/3062341
General Chair:
Albert Cohen
Inria, France
,
Program Chair:
Martin Vechev
DeepCode, Switzerland / ETH Zurich, Switzerland

Copyright © 2017 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 14 June 2017

Published in SIGPLAN Volume 52, Issue 6

Check for updates

Author Tags

Qualifiers

Article

Funding Sources

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

92
Total Citations
View Citations
1,031
Total Downloads

Downloads (Last 12 months)178
Downloads (Last 6 weeks)26

Reflects downloads up to 25 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Minkin MKasikci B(2024)ZipChannel: Cache Side-Channel Vulnerabilities in Compression Algorithms2024 54th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)10.1109/DSN58291.2024.00033(223-237)Online publication date: 24-Jun-2024
https://doi.org/10.1109/DSN58291.2024.00033
Tol MSunar B(2024)ZeroLeak: Automated Side-Channel Patching in Source Code Using LLMsComputer Security – ESORICS 202410.1007/978-3-031-70879-4_15(290-310)Online publication date: 16-Sep-2024
https://dl.acm.org/doi/10.1007/978-3-031-70879-4_15
Miltner AWang ZChaudhuri SDillig I(2024)Relational Synthesis of Recursive Programs via Constraint Annotated Tree AutomataComputer Aided Verification10.1007/978-3-031-65633-0_3(41-63)Online publication date: 24-Jul-2024
https://dl.acm.org/doi/10.1007/978-3-031-65633-0_3
Saha SGhentiyala SLu SBang LBultan T(2023)Obtaining Information Leakage Bounds via Approximate Model CountingProceedings of the ACM on Programming Languages10.1145/35912817:PLDI(1488-1509)Online publication date: 6-Jun-2023
https://dl.acm.org/doi/10.1145/3591281
Erata FPiskac RMateu VSzefer J(2023)Towards Automated Detection of Single-Trace Side-Channel Vulnerabilities in Constant-Time Cryptographic Code2023 IEEE 8th European Symposium on Security and Privacy (EuroS&P)10.1109/EuroSP57164.2023.00047(687-706)Online publication date: Jul-2023
https://doi.org/10.1109/EuroSP57164.2023.00047
Lima RFerreira JMendes ACarreira C(2023)DifFuzzAR: automatic repair of timing side-channel vulnerabilities via refactoringAutomated Software Engineering10.1007/s10515-023-00398-631:1Online publication date: 18-Oct-2023
https://dl.acm.org/doi/10.1007/s10515-023-00398-6
Wang JWang C(2022)Learning to Synthesize Relational InvariantsProceedings of the 37th IEEE/ACM International Conference on Automated Software Engineering10.1145/3551349.3556942(1-12)Online publication date: 10-Oct-2022
https://dl.acm.org/doi/10.1145/3551349.3556942
Sun WYan ZXu XDing WGao L(2022)Software Side Channel Vulnerability Detection Based on Similarity Calculation and Deep Learning2022 IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)10.1109/TrustCom56396.2022.00112(800-809)Online publication date: Dec-2022
https://doi.org/10.1109/TrustCom56396.2022.00112
Nguyen TNguyen KDwyer M(2022)Using Symbolic States to Infer Numerical InvariantsIEEE Transactions on Software Engineering10.1109/TSE.2021.310696448:10(3877-3899)Online publication date: 1-Oct-2022
https://doi.org/10.1109/TSE.2021.3106964
Noller Y(2022)Hybrid Differential Software TestingErnst Denert Award for Software Engineering 202010.1007/978-3-030-83128-8_9(167-195)Online publication date: 28-Feb-2022
https://doi.org/10.1007/978-3-030-83128-8_9
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Issue’s Table of Contents