DeepAI
Log In Sign Up

Attack Synthesis for Strings using Meta-Heuristics

07/26/2019
by   Seemanta Saha, et al.
0

Information leaks are a significant problem in modern computer systems and string manipulation is prevalent in modern software. We present techniques for automated synthesis of side-channel attacks that recover secret string values based on timing observations on string manipulating code. Our attack synthesis techniques iteratively generate inputs which, when fed to code that accesses the secret, reveal partial information about the secret based on the timing observations, leading to recovery of the secret at the end of the attack sequence. We use symbolic execution to extract path constraints, automata-based model counting to estimate the probability of execution paths, and meta-heuristic methods to maximize information gain based on entropy for synthesizing adaptive attack steps.

READ FULL TEXT

page 1

page 2

page 3

page 4

05/14/2019

Incremental Adaptive Attack Synthesis

Information leakage is a significant problem in modern software systems....
02/14/2019

Injecting Software Vulnerabilities with Voltage Glitching

We show how voltage glitching can cause timing violations in CMOS behavi...
05/23/2020

Frontal Attack: Leaking Control-Flow in SGX via the CPU Frontend

We introduce a new timing side-channel attack on Intel CPU processors. O...
09/23/2020

Symbolic Execution + Model Counting + Entropy Maximization = Automatic Search Synthesis

We present a method of automatically synthesizing steps to solve search ...
07/22/2020

Exploiting Behavioral Side-Channels in Observation Resilient Cognitive Authentication Schemes

Observation Resilient Authentication Schemes (ORAS) are a class of share...
06/14/2022

Frequency Throttling Side-Channel Attack

Modern processors dynamically control their operating frequency to optim...
12/25/2017

Guesswork Subject to a Total Entropy Budget

We consider an abstraction of computational security in password protect...