Log In Sign Up

Attack Synthesis for Strings using Meta-Heuristics

by   Seemanta Saha, et al.

Information leaks are a significant problem in modern computer systems and string manipulation is prevalent in modern software. We present techniques for automated synthesis of side-channel attacks that recover secret string values based on timing observations on string manipulating code. Our attack synthesis techniques iteratively generate inputs which, when fed to code that accesses the secret, reveal partial information about the secret based on the timing observations, leading to recovery of the secret at the end of the attack sequence. We use symbolic execution to extract path constraints, automata-based model counting to estimate the probability of execution paths, and meta-heuristic methods to maximize information gain based on entropy for synthesizing adaptive attack steps.


page 1

page 2

page 3

page 4


Incremental Adaptive Attack Synthesis

Information leakage is a significant problem in modern software systems....

Injecting Software Vulnerabilities with Voltage Glitching

We show how voltage glitching can cause timing violations in CMOS behavi...

Frontal Attack: Leaking Control-Flow in SGX via the CPU Frontend

We introduce a new timing side-channel attack on Intel CPU processors. O...

Symbolic Execution + Model Counting + Entropy Maximization = Automatic Search Synthesis

We present a method of automatically synthesizing steps to solve search ...

Exploiting Behavioral Side-Channels in Observation Resilient Cognitive Authentication Schemes

Observation Resilient Authentication Schemes (ORAS) are a class of share...

Frequency Throttling Side-Channel Attack

Modern processors dynamically control their operating frequency to optim...

Guesswork Subject to a Total Entropy Budget

We consider an abstraction of computational security in password protect...