Binsec/Rel: Efficient Relational Symbolic Execution for Constant-Time at Binary-Level

by   Lesly-Ann Daniel, et al.

The constant-time programming discipline (CT) is an efficient countermeasure against timing side-channel attacks, requiring the control flow and the memory accesses to be independent from the secrets. Yet, writing CT code is challenging as it demands to reason about pairs of execution traces (2- hypersafety property) and it is generally not preserved by the compiler, requiring binary-level analysis. Unfortunately, current verification tools for CT either reason at higher level (C or LLVM), or sacrifice bug-finding or bounded-verification, or do not scale. We tackle the problem of designing an efficient binary-level verification tool for CT providing both bug-finding and bounded-verification. The technique builds on relational symbolic execution enhanced with new optimizations dedicated to information flow and binary-level analysis, yielding a dramatic improvement over prior work based on symbolic execution. We implement a prototype, Binsec/Rel, and perform extensive experiments on a set of 338 cryptographic implementations, demonstrating the benefits of our approach in both bug-finding and bounded-verification. Using Binsec/Rel, we also automate a previous manual study of CT preservation by compilers. Interestingly, we discovered that gcc -O0 and backend passes of clang introduce violations of CT in implementations that were previously deemed secure by a state-of-the-art CT verification tool operating at LLVM level, showing the importance of reasoning at binary-level.


Binsec/Rel: Symbolic Binary Analyzer for Security with Applications to Constant-Time and Secret-Erasure

This paper tackles the problem of designing efficient binary-level verif...

Vivienne: Relational Verification of Cryptographic Implementations in WebAssembly

This paper explores the use of relational symbolic execution to counter ...

Proof-Producing Symbolic Execution for Binary Code Verification

We propose a proof-producing symbolic execution for verification of mach...

CryptoBap: A Binary Analysis Platform for Cryptographic Protocols

We introduce CryptoBap, a platform to verify weak secrecy and authentica...

CT-Wasm: Type-driven Secure Cryptography for the Web Ecosystem

A significant amount of both client and server-side cryptography is impl...

Evaluating Manual Intervention to Address the Challenges of Bug Finding with KLEE

Symbolic execution has shown its ability to find security-relevant flaws...

NeuDep: Neural Binary Memory Dependence Analysis

Determining whether multiple instructions can access the same memory loc...

Please sign up or login with your details

Forgot password? Click here to reset